RapidFire Tools Network Detective is one of the most-used MSP security assessment platforms. The product produces the branded client report with a risk score that MSP technicians hand to client stakeholders during quarterly business reviews. Sherlock EoP Auditor is a Windows local privilege escalation specialist that handles the deeper exploit-class audit RapidFire does not cover. Here is the honest MSP-focused comparison.
The short answer
RapidFire Tools Network Detective is the right answer for MSPs that need a branded client report covering broad network and security assessment with a risk score that translates well to executive stakeholders during QBR meetings. Sherlock EoP Auditor is the right answer when the MSP needs the deeper Windows local privilege escalation audit that the broad assessment does not perform.
The two products do not compete head to head on most engagements. They cover different scopes. The honest MSP positioning is to run RapidFire for the report-and-grade deliverable plus Sherlock EoP Auditor for the specialist depth audit on Windows hosts where the local privilege escalation surface matters.
Where RapidFire Tools Network Detective wins
RapidFire (now under Kaseya) has been the MSP assessment standard for years. Five places where Network Detective is the better choice for the MSP-served SMB.
Branded client report workflow. Network Detective produces a polished PDF deliverable with the MSP's branding, the client's logo, an executive summary and the risk score format that client stakeholders are familiar with from prior QBRs. The deliverable is the product. MSPs who measure success in client-meeting outcomes value this above almost everything else in the assessment category.
Broad network and security assessment scope. Network Detective covers network inventory, Active Directory hygiene, user access patterns, password policy review, patch level assessment, network device configuration and a wide range of generic security configuration checks. For the MSP that wants one tool to produce one comprehensive deliverable across the client environment, the coverage breadth is hard to match.
Risk scoring that translates to clients. The risk score format that Network Detective produces communicates well to non-technical client stakeholders. The CFO of a client SMB does not need to understand what a finding actually means at the technical level. They need a numerical risk score that tells them whether things are improving quarter over quarter. Network Detective delivers exactly that.
Cyber Hawk continuous monitoring. RapidFire's Cyber Hawk product extends the assessment into ongoing anomaly detection between the periodic Network Detective scans. For MSPs building a managed detection narrative for clients, the continuous monitoring component is operationally useful even if its detection depth is broad rather than specialized.
Multi-tenant MSP workflow. Network Detective is built for the MSP managing dozens of client tenants. The multi-tenant console, the per-client report templating and the integration with PSA tooling are all built for the MSP economic model. Sherlock EoP Auditor at 1.0.0 is per-host and does not have the same multi-tenant MSP workflow built in.
Where Sherlock EoP Auditor wins
Sherlock EoP Auditor is built by a vulnerability research lab. Five places where the specialist wins on Windows endpoints.
Depth on Windows local privilege escalation. The Sherlock EoP Auditor specifically detects three Windows local privilege escalation class categories that the Sherlock Forensics Labs publishes against. Per-finding class assignment is documented on the Labs page. Network Detective's security configuration checks are general and surface-level. The deeper exploit-class audit is below RapidFire's detection layer.
Trained on active zero-day research. The Auditor's detection logic was developed by the lab that found four zero-days in widely-deployed Windows software in the same sprint that produced the tool. New class patterns the lab identifies feed back into the detection module without customer involvement. RapidFire does not have an active vulnerability research program against the third-party Windows software classes its scans touch.
Remediation guidance per finding. Sherlock EoP Auditor surfaces per-finding remediation direction. Network Detective is an assessment platform and not a remediation tool. The MSP receiving Network Detective output has to translate findings into remediation tickets themselves. Sherlock EoP Auditor's verdict per finding makes the remediation ticket faster to write.
Portable single binary. The Auditor runs as a single executable without installation. The MSP technician can run it on a customer endpoint during a remote support call. No agent. No always-on monitoring component. Network Detective requires an agent and central console.
Lower per-engagement cost. Sherlock EoP Auditor PRO at $97 one-time is significantly less per-engagement than the per-client per-month math of Network Detective. For MSPs running deeper depth audits on subset of clients (clients with sensitive Windows workloads, clients in regulated industries), the unit economics favor the specialist.
Capability comparison at a glance
| Capability | Network Detective | Sherlock EoP Auditor |
|---|---|---|
| Branded client report | Polished PDF with MSP branding | Per-host technical report (PRO) |
| Risk score | Industry-standard risk-grade format | Per-finding severity verdict |
| Multi-tenant MSP workflow | Mature multi-client console | Per-host (no native multi-tenant) |
| Network assessment scope | Broad network plus security | Windows local privilege escalation only |
| Windows local privilege escalation depth | Surface configuration only | 3 class detection modules |
| Continuous monitoring | Cyber Hawk add-on | Not in 1.0.0 scope |
| Trained on active zero-day research | No | Yes (Sherlock Forensics Labs) |
| Active vendor disclosure program | None | 4 active disclosures (see Labs page) |
| Remediation guidance | Assessment-only | Per-finding remediation direction |
| Pricing model | Per-client per-month | $97 one-time PRO licence |
The honest overlap
RapidFire Network Detective does cover some configuration checks that overlap with what Sherlock EoP Auditor catches. Weak service permissions get flagged in Network Detective's general security configuration check. Risky local administrator account configurations get flagged. Generic Windows hardening misses get flagged. For these surface-level overlaps, Network Detective surfaces them across the multi-tenant fleet with the branded report delivery wrapped around the output.
Where Network Detective stops is the deeper class-level audit. Class-level depth on Windows third-party privileged services is not what RapidFire built the product to do. The product was built for the MSP client-report deliverable plus broad network and security assessment. Sherlock EoP Auditor audits the deeper class question that Network Detective intentionally does not cover.
The MSP buying scenarios
MSP serving 30 SMB clients with QBR cadence. Run Network Detective on the standard quarterly cadence for the branded report deliverable that the client stakeholders expect at the meeting. Run Sherlock EoP Auditor on the subset of clients with sensitive Windows workloads (clients in regulated industries, clients with prior incident history, clients running custom third-party software). The two products produce complementary deliverables.
MSP with a security-positioning focus. Network Detective's QBR report is table stakes. The specialist Windows audit using Sherlock EoP Auditor becomes the differentiator that wins competitive client retention. "Our quarterly assessment includes a third-party Windows privileged software audit that most MSPs do not perform" is a positioning sentence Network Detective alone does not enable.
MSP doing forensic-grade engagements. The Sherlock Forensics product line includes the Sherlock Disk Imager for forensic acquisition with chain of custody, the Sherlock Universal Events Viewer for Windows event log triage, the Sherlock PST Viewer for mailbox forensics. For MSPs that handle client incident response in addition to managed services, the broader Sherlock Forensics toolchain plus Sherlock EoP Auditor produces forensic-grade engagement deliverables that Network Detective does not.
MSP serving regulated-industry clients. Clients in healthcare, finance, legal and similar regulated verticals often have audit requirements that go deeper than general security configuration assessment. The class-level Windows local privilege escalation audit Sherlock EoP Auditor produces speaks to audit requirements Network Detective alone does not address.
Decision tree
- Need a polished branded client report with risk score for QBR meetings? Network Detective is the standard. Buy it for the deliverable.
- Need deeper Windows local privilege escalation audit on top of the broad assessment? Add Sherlock EoP Auditor for the specialist depth. The two products are complementary.
- Need continuous between-scan monitoring for clients? Network Detective's Cyber Hawk add-on covers the broad case. Sherlock EoP Auditor 1.0.0 is on-demand scanning rather than continuous monitoring.
- Operating at small MSP scale with focused vertical clients? The portable Sherlock EoP Auditor with single-binary deployment may cover the depth use case without requiring the full Network Detective multi-tenant infrastructure.
- Doing forensic-grade engagements alongside managed services? Pair Sherlock EoP Auditor with the broader Sherlock Forensics toolchain. The combination produces deliverables Network Detective alone cannot.
The Sherlock Forensics product context for MSPs
The Sherlock Forensics product line is built for forensic-grade engagements. The Sherlock Disk Imager handles forensic acquisition with chain-of-custody. The Sherlock PST Viewer reads mailbox archives for incident response and litigation support. The Sherlock Universal Events Viewer triages Windows event logs with anomaly detection. The Sherlock Android Acquirer handles mobile evidence with logical acquisition. The Sherlock Browser Viewer reads browser history forensics. The free Sherlock hash verifier handles evidence integrity verification.
For MSPs that want to add forensic-grade incident response capability alongside their managed services, the Sherlock Forensics toolchain is the natural complement to whatever MSP assessment platform the MSP uses for the report-and-grade deliverable. The Sherlock Forensics services practice covers training and engagement support for MSPs building this capability.
Frequently asked questions
Can Sherlock EoP Auditor replace Network Detective for MSP client reporting? No. Network Detective's client-report workflow with risk scoring is the product. Sherlock EoP Auditor focuses on depth audit and does not produce the equivalent multi-client branded report at 1.0.0.
Does Network Detective catch findings in the Windows local privilege escalation class categories? Surface-level configuration weaknesses sometimes correlate with class candidates and get flagged. The class-level depth audit is below Network Detective's general security configuration check layer.
Is the Sherlock EoP Auditor binary available now for MSPs? The binary is in early access. The product page at sherlock-eop-auditor.html has the early-access notification list. MSPs interested in early access can sign up at the form anchor.
The honest bottom line
RapidFire Tools Network Detective is the right answer for the MSP-client-report-and-grade deliverable that defines most MSP assessment engagements. It is broadly capable, multi-tenant friendly and produces the polished output client stakeholders expect.
Sherlock EoP Auditor is the right answer for the Windows local privilege escalation depth audit that Network Detective does not perform. The two products solve different problems on the same kind of engagement. Most MSPs running both will find them complementary rather than competitive.
For an MSP-focused Sherlock Forensics services conversation about integrating the specialist depth into your existing client engagement workflow, talk to our team. The Sherlock Forensics MSP partnership program supports MSPs adding forensic-grade incident response capability alongside their existing managed services offering with training, joint engagement support and co-marketed deliverables. For early-access notification on the EoP Auditor binary release, sign up at the early-access list.
Network Detective for the client report. Sherlock EoP Auditor for the depth audit the report does not include. Join the EoP Auditor early-access list.