What is our primary use case?
We needed a company with expert solutions in the security field. We needed to secure our internal network, external users. CRITICALSTART has resources and know-how in those specific areas. The second part was that we needed assistance with security, hardware support, and implementation of Palo Alto firewalls, and they are the experts in that too.
There are additional features on the Palo Alto firewalls, security on the level of the apps. The users cannot go to certain places. There's a service that gets set up so we don't have to manage it; there is an automatic shield on those firewalls. Software-wise, we use CRITICALSTART to manage the ZTAP (Zero-Trust Analytics Platform). They manage an antivirus solution for us by Cylance and another protection level is Cisco Umbrella. They manage and monitor our systems with their MDR solution.
For example, alerts come in from the Cylance antivirus to their systems and the CRITICALSTART team informs us and helps us combine the white lists, the black lists, what's allowed, which machines are behaving abnormally, and they monitor various aspects.
It is deployed to over 100 people within our company. That is the user base.
How has it helped my organization?
In terms of the MDR, if we didn't use CRITICALSTART, we would have to hire a full-time person to sit and do that job. It frees up resources. It's far less expensive for the company to hire CRITICALSTART instead. And CRITICALSTART has a large knowledge base in the field, whereas we would have to learn within our company how things work. With CRITICALSTART, we tap into the knowledge of all the companies that they manage. It's definitely a win for us.
There was the initial adjustment period, as every environment is different. Initially, they came in and looked at our stuff, our alerts. We tweaked things a little bit, but then we could tell that out of thousands, or even hundreds of thousands of alerts, we were only getting, say, 10 tickets per week from CRITICALSTART, if that. The rest of the things they handle automatically, or their system handles them automatically. It really frees up our time quite a bit.
It allows us to free up our resources. We don't have to get into the super-deep details of the alerts if something is happening. They bring a vast knowledge of the threats to the table. We don't have to research them ourselves so it frees up our time.
And they've previously seen the resources we use for the Palo Alto designs, and they know our environment because we have a person that deals with us directly. It's so much easier to work this way, versus if we were to hire somebody from a large consultant like CDW or Softchoice. With a third-party like that there's always a learning curve — you have to invest so many hours first — before you get to the problem. With CRITICALSTART, we can engage them right away with problem solving. There's no onboarding every time. They already know what's going on.
We have a SCADA system which is something that our field team operates 24/7, all year round. It's a pipeline. We have the Cylance umbrella solution on those critical machines and if something gets blocked by an error we get an alert right away on the mobile phone. We respond and CRITICALSTART comes in and makes live changes. That prevents us from having any downtime due to a blocked file on some system. If it's a bad file, it will get blocked, obviously. That's great. But if it's a false positive, we are able to get CRITICALSTART, using the mobile app, to respond right away and prevent downtime of the SCADA system.
What is most valuable?
There are two parts of CRITICALSTART's services that are most valuable to us
- The MDR solution where they monitor our computers, laptops, and users across the board.
- Their knowledge of Palo Alto firewalls.
And their mobile app is actually our preferred method of interacting with them. We get notifications and can reply to tickets on-the-go. I don't think there's any other solution that offers such a thing. It's super-useful. Everybody's got a web portal, but this mobile app is quite something. It's pretty cool.
The mobile app is self-explanatory. You have a ticket or you get a notification and you can chat or submit information. You can talk to their team on-the-go. It's very convenient. If you go farther, you can look up tickets and you can look at the assigned statuses. There's more to it; it's a full-blown app. Maybe there are a couple of features that are easier to use in a web browser with a larger window, but I think it's pretty full-featured. You can change tickets, you can assign the queues, you can post a reply. You can look at the details. The whole thing is there. For us, the main thing is that when there is an alert we can act on it right then.
We also talk with CRITICALSTART analysts, two folks in particular. Their response time is very quick. If they cannot talk to us, we get a reply from them anyway. We don't have to wait around. The response time is very good in comparison to larger companies. CRITICALSTART is fairly large, but there are larger companies where you send a ticket, request support, and you're not sure who's going to get the ticket, who's going to respond; you're not sure when that is going to happen. It's always a waiting game. With CRITICALSTART, it doesn't look that way. They give you a personal approach. Their folks are always available. That makes us more likely to do business with them.
When it comes to the transparency of data in the platform, everything is there if we want to look at it. We really don't get too much into it, but if you want to look at it, it's all available. They show the details; they show how they do it. If you want to know if they're lying to you or not, you can look at the details and the facts they base their decisions on when blocking certain things or monitoring certain stuff. It's pretty transparent. It's very trustworthy. It gives us confidence in the decision-making process, because we see how things are done. It gives us peace of mind.
What needs improvement?
There is room for improvement with the new UI, and that's about it. I would like to see a more intuitive design.
For how long have I used the solution?
We have been using CRITICALSTART for two years.
What do I think about the scalability of the solution?
We don't have plans to increase usage for now. We're happy with it and we renewed for another two years.
From a project management standpoint their performance has been very satisfactory. We deployed seven sites. Those were new sites due to expansion that we went through and CRITICALSTART was on each one of them. We involved them and we had success every time.
How are customer service and technical support?
The customer support is great. Our expectations have been met in terms of service being delivered. We have met all deadlines so far.
The main thing would be the roll-out of those sites. We could schedule something at fairly short notice, like only three weeks ahead, and we were able to book them. They were available to fly with us for the site deployment, if needed. They were also able to deliver hardware in that short period of time. Three weeks is super-fast for obtaining hardware and booking a person who is able to do a project.
Which solution did I use previously and why did I switch?
We used in-house solutions and it was more involved. There was more time spent with longer project timelines. With CRITICALSTART, we were able to get delivery and get things done quickly.
How was the initial setup?
From the time we entered into an agreement to use CRITICALSTART until we were able to start using it, things were wrapped up within a month. There wasn't any type of initial setup required at our end to use the service. It was just me involved in the setup, on our side.
We don't have any data sources that their service wasn't able to integrate with. They provide a full-blown spectrum of anything you want. Whatever you want, they can deliver.
Which other solutions did I evaluate?
We looked at other solutions that other folks provide and nobody came close. We had previous experience. We had acquired three other companies in a similar business line to ours, and those folks recommended it. So we had a meeting with CRITICALSTART and we discussed a few things, and it seemed like they were the ones to go with.
The main difference was the value you get for what you pay. You can't beat it. As far as the expense goes, it's very competitive pricing and the services you get are almost like you have a person on your team.
What other advice do I have?
The new web portal they implemented is quite robust. It's very next-generation, but it does need small tweaks. You have to get used to it and learn a little bit about it. That's why I prefer the mobile app. The mobile app seems to be more straightforward. The new UI has more advanced features but you would have to click around and learn a little bit more. It's not as intuitive as the mobile app, but the functionality is there.
As for their contractually committing to paying a penalty if they miss a one-hour SLA to resolve an escalated alert, we have never run into that situation. They haven't missed an SLA in two years.
They offer a very personal, connected experience. I don't know of any other company that has that kind of a personal touch to either its services or its MDR solution. That was the decision-maker for us.
This has been a positive experience and money well spent. If we had to do it again, we would gladly choose the solution that CRITICALSTART provides, versus going with other solutions or using something in-house where we would probably have to spend double what we are spending now.