I was also frustrated by this. I got about 25% of the way in and was annoyed that they still did such a poor job of communicating what their product is. An advertorial like this can often save the "And that's why Our Product is so great, it can protect you from attacks like these!" for the end, but here, where the article is about how merely installing their product gives Huntress the company full access to everything you do, it leaves me with more questions than answers.

As a corporate IT tool, I can see how Huntress ought to allow my IT department or my manager or my corporate counsel access to my browser history and everything I do, but I'm even still foggy on why Huntress grants themselves that level of access automatically.

Sure, a peek into what the bad guys do is neat, and the actual person here doesn't deserve privacy for his crimes, but I'd love a much clearer explanation of why they were able to do this to him and how if I were an IT manager choosing to deploy this software, someone who works at Huntress wouldn't be able to just pull up one of my employee's browser history or do any other investigating of their computers.

Their product is advertised as "Managed EDR". That usually means they employ a SOC that will review alerts and then triage and orchestrate responses accordingly. The use case here is when your IT manage chooses to deploy this and give them full visibility into your assets because your company wants to effectively outsource security response.

It's a relatively common model, with MDR and MSSP providers doing similar things. I don't see it as much with EDR providers though.