What is our primary use case?
Our primary use case is to gain the ability to monitor our systems more thoroughly. We are looking for it to address the overload of information from security monitoring systems.
Everything is cloud-based and other than the security agents that are installed on those systems, we also use Cylance Protect, and Carbon Black Response.
What is most valuable?
The quick interaction between the agents is the most valuable feature. If we have questions, they're quick to answer. If we make a change to our system, they quickly make the changes that are necessary to filter the logs correctly.
They do trusted behavior registry. They filter out the unnecessary stuff and present us with the things that are interesting and let us determine the validity of that type of action in our environment.
We get probably 10 or 12 escalated alerts a week, and there are hundreds or thousands of transactions that would need to be filtered otherwise.
The mobile app is a nice way to get quick access to something when I don't have access to the full system. It's a good way of accessing all the data that I would need when I'm remote. The mobile app gives me more comfort in that I will be alerted if there is something going on, even when I'm remote.
CRITICALSTART makes us much more comfortable with knowing someone else is watching our data and our systems and knowing that professional security people are taking a look at any issues that do arise.
The new UI seems a little slower but some of the functionality is a little bit quicker to get to things in terms of navigation. It has made it easier to respond to escalations. The alerts are displayed in a way that makes it simpler to respond. The response dialogue is right on the screen.
In terms of transparency, it seems like all the data is available to us. It affects our security by allowing us to see what they are doing in terms of filtering and making sure that we agree with all the filters that they're adding.
CRITICALSTART has increased our analyst's efficiency to the point that they can focus on other areas of business. We implemented some of these tools at the same time we started with CRITICALSTART. Some of that wasn't being done before, but now it is being done and we still have the time to do other things.
It also takes care of the tier one and tier two triage. It saves my team around 10 hours a week.
I think that the provider contractually committed to paying a penalty if it misses a one hour SLA to resolve an escalated alert. But it wasn't a huge deal for us. It wasn't a critical thing that we looked at. So far, they haven't missed such SLAs, as far as I know. It has yet to miss an attack.
We chose not to integrate data sources due to the cost of our firewall logs. They would have been able to ingest them through a SIEM had we wanted to.
What needs improvement?
The UI has become slower but it's not something I would call them out on.
For how long have I used the solution?
I have been using CRITICALSTART since January of 2020.
How are customer service and technical support?
We communicate with support mostly via the tools, via email and their security application. There is somebody available 24/7. They add a lot of value in terms of being there 24/7 and having access to the data and access to their knowledge base of issues.
Their support is fast, thorough, and easy to use.
How was the initial setup?
We just had to get the security agents installed on the systems that we wanted to use it on.
The process was quite simple and straightforward. We were able to push out the agents with group policy and that made it simple to get everything installed.
Two of us were involved in the setup. I am the Director of IT and my colleague is a network administrator.
Three of us use this solution. The other one would be the chief product officer.
In terms of the size of our environment, it's on over 200 endpoints. We are adding a few machines, but it's close to a 100% adoption rate.
The implementation was very straightforward. We didn't have any real problems with the product management side.
What was our ROI?
We have seen ROI but I can't explicitly say what. We've been able to easily manage the security information and alerts coming out of the products without having to deal with them on a day to day basis.
What's my experience with pricing, setup cost, and licensing?
The price was less than I would have expected.
Which other solutions did I evaluate?
We did evaluate another solution but we like CRITICALSTART's pricing and we liked the people that we were working with.
What other advice do I have?
Our expectations have been met in terms of services delivered on time, on budget, and on spec. The implementation went as expected. The pricing hasn't been an issue. Everything went as was decided at the beginning. Everything has gone through as I would expect.
I would rate CRITICALSTART a ten out of ten.