We're a small shop on the security side and our goal with CRITICALSTART was to alleviate some of the constant looking at our phones 24/7 and allowing somebody who is actually sitting in front of a computer 24/7 to handle the front end alerts that come through our automated services or systems. As those come in, we wanted them to be able to escalate to us as seen fit. We were looking to weed out the lower priority, false-positive portion of the alerts.

Due to our size limitations, we needed assistance with the lower level alerts so that we could focus with the real, priority alerts. Because of the use cases that they've built up in some of the logging systems that we already had they were able to amplify the type of alerts that we were getting in a way that gave us better and more visibility than we were receiving beforehand.

All of the hardware and software that we were already utilizing was already in place. We were able to offload the management of our Splunk environment. CRITICALSTART began to manage this for us. That alleviated a good portion of one of my analyst's time, to where they didn't have to manage that them self by allowing CRITICALSTART to manage it. We have it 24/7 so if something was to go wrong, they can look into it.

I have a very small team and anytime I can maximize efficiencies within the work I'm trying to do with Kirby, it's a good thing. That's what I was trying to do by using CRITICALSTART.

We were looking for a third-party managed detection response provider for our integrations with Cylance and Carbon Black. We had to deploy the Cylance and Carbon Black agents after we received them from CRITICALSTART.

Types of challenges that we were looking to address:

• 24/7 monitoring
• Reducing alerts.
• Getting Level 0 and 1 taken care of, along with that first triage of alerts. Those are taken care of before our team has to look at it.

Our primary use case is to gain the ability to monitor our systems more thoroughly. We are looking for it to address the overload of information from security monitoring systems.

Everything is cloud-based and other than the security agents that are installed on those systems, we also use Cylance Protect, and Carbon Black Response.

We were looking for a managed service provider who could handle our endpoint alerts as well as our SIEM alerts. We were looking to address alert reduction, better correlation, and reduction in head count that would ultimately lead to a more secure environment.

We brought our own endpoint solution into the equation. We added a full functionality SIEM solution. There wasn't a whole lot of infrastructure. 

We are using it to try and improve our cybersecurity overall. We are also using it to reflect on our business growth whether we need to invest in more cybersecurity.

We started as a small, family-owned  business which was purchased by a U.S. company under the same umbrella. That company wanted to have all their portfolios have a higher level of security. This was an initiative taken by the parent company. This came at the right time because we started to get more phishing attacks as we started to manage more users. There has also been more requirements on the IT department to keep us secure along with more focus in today's world on IT security. Previously, we didn't really pay as much attention because we always thought we were a small company, and thought, "Who would want to hack us?" I guess that is no longer the case.

The service for endpoint protection needs to have an agent installed on the endpoint, and that is pretty much it. There is no specialized hardware required to use their service.

We needed a company with expert solutions in the security field. We needed to secure our internal network, external users. CRITICALSTART has resources and know-how in those specific areas. The second part was that we needed assistance with security, hardware support, and implementation of Palo Alto firewalls, and they are the experts in that too.

There are additional features on the Palo Alto firewalls, security on the level of the apps. The users cannot go to certain places. There's a service that gets set up so we don't have to manage it; there is an automatic shield on those firewalls. Software-wise, we use CRITICALSTART to manage the ZTAP (Zero-Trust Analytics Platform). They manage an antivirus solution for us by Cylance and another protection level is Cisco Umbrella. They manage and monitor our systems with their MDR solution.

For example, alerts come in from the Cylance antivirus to their systems and the CRITICALSTART team informs us and helps us combine the white lists, the black lists, what's allowed, which machines are behaving abnormally, and they monitor various aspects.

It is deployed to over 100 people within our company. That is the user base.

We needed a SOC operation, and we weren't going to build it in-house, so we were looking for exactly what they offer. They're an MDR service, and we were looking for somebody that would manage the SIEM tool as well as the endpoint management tool and have the ability to take action, when necessary, on endpoints and function as a full, hands-on SOC. That is why we selected them.

The service doesn't require us to make use of any hardware. The software required is Splunk, as a SIEM tool, which provides options as to how it's managed. We opted to have CRITICALSTART fully manage it, so we're hands-off with the SIEM tool, and it's hosted in AWS. Then you have to have an endpoint endpoint detection tool that CRITICALSTART has approved. I don't know what their current selection is, but a year-and-a-half ago it was either Cylance or Carbon Black. We're using Cylance.

Our use of the service covers 100 percent of our endpoints. We're covering 1,100 endpoints.

The challenges we were looking to address were mainly around making sure that my team wasn't overloaded with alerts and that we could tune out things we don't care about or that aren't important to us at that particular time. That was really what I was trying to accomplish, since I knew I wasn't going to be able to build out a team large enough to be 24 by seven.

What I was looking to achieve with this service was to have less work on my plate, and to leverage people. Usually, when you buy a big product like an antivirus or endpoint protection, if it's a big solution and you have a big company, you need another person to just manage it or things like it. We didn't have those resources. We got the antivirus product, but we didn't have another person to add to it, so I needed someone to help me manage it.

CRIICALSTART is helping me manage this solution because I don't have time to manage it.

Originally, they were managing CylancePROTECT for us. Now, they manage CylancePROTECT, Carbon Black Defense, and Palo Alto Cortex XDR for us.