CRITICALSTART Overview

CRITICALSTART is the #1 ranked solution in our list of SOAR tools. It is most often compared to Arctic Wolf AWN CyberSOC: CRITICALSTART vs Arctic Wolf AWN CyberSOC

What is CRITICALSTART?

The cybersecurity landscape is growing more complex by the day with the arrival of new threats and new tools supposedly designed for combating them. The problem is it’s all creating more noise and confusion for security professionals to sort through.

CRITICALSTART is the only MDR provider committed to eliminating acceptable risk and leaving nothing to chance. They believe that companies should never have to settle for “good enough.” Their award-winning portfolio includes end-to-end Professional Services and Managed Detection and Response (MDR). CRITICALSTART MDR puts a stop to alert fatigue by leveraging the Zero Trust Analytics Platform (ZTAP) plus the industry-leading Trusted Behavior Registry, which eliminates false positives at scale by resolving known-good behaviors. Driven by 24x7x365 human-led, end-to-end monitoring, investigation and remediation of alerts, their on-the-go threat detection and response capabilities are enabled via a fully interactive MOBILESOC app.

CRITICALSTART is also known as Critical Start.

CRITICALSTART Buyer's Guide

Download the CRITICALSTART Buyer's Guide including reviews and more. Updated: July 2021

CRITICALSTART Video

Pricing Advice

What users are saying about CRITICALSTART pricing:
  • "It costs a lot for what we felt comfortable to spend."
  • "I've told CRITICALSTART that I think the managed service they provide is cheaper than it should be. It's a really good deal."
  • "As far as the expense goes, it's very competitive pricing and the services you get are almost like you have a person on your team."
  • "The pricing of other services was so insane that they weren't even an option."
  • "The pricing has always been competitive. They have always been good to us. They will make it a fight. They don't try to hide anything; it's always been fully transparent and well-worth what we pay for it."
  • "Overall, for what I'm paying for it, and the benefit I'm getting out of it, it is right where it needs to be, if not a little bit in my favor. For what it costs me to actually have this service, I could afford one internal person to do that job, but now I have a team of 10 or more who are doing that job, and they don't sleep because they work shifts."

Filter Reviews

Filter by:
Filter Reviews
Industry
Loading...
Filter Unavailable
Company Size
Loading...
Filter Unavailable
Job Level
Loading...
Filter Unavailable
Rating
Loading...
Filter Unavailable
Considered
Loading...
Filter Unavailable
Order by:
Loading...
  • Date
  • Highest Rating
  • Lowest Rating
  • Review Length
Search:
Showingreviews based on the current filters. Reset all filters
BF
Cyber Security Manager at a energy/utilities company with 1,001-5,000 employees
Real User
Top 5
Offers the ability to close review tickets or alerts through a mobile phone and to interact with engineers on their side via the app

What is our primary use case?

We're a small shop on the security side and our goal with CRITICALSTART was to alleviate some of the constant looking at our phones 24/7 and allowing somebody who is actually sitting in front of a computer 24/7 to handle the front end alerts that come through our automated services or systems. As those come in, we wanted them to be able to escalate to us as seen fit. We were looking to weed out the lower priority, false-positive portion of the alerts. Due to our size limitations, we needed assistance with the lower level alerts so that we could focus with the real, priority alerts. Because of… more »

Pros and Cons

  • "My impression of the transparency of the data is that it has good detail. It allows you to see how many events have come in, how many of those events have made it down to their analysts to review, and then however many from their analysts to be able to close out, have been able to been escalated to us. It's a good metric that we can share with my management. They see the value of what the SOC is bringing on top of what my team is already doing."
  • "They could dig a little bit deeper into the Splunk alerts when they feel like they need to be escalated to us. For example, if a locked account shows up, they could do a little extra digging to verify that the locked account was due to a bad password on the local system. They could just do a little extra digging within the Splunk environment instead of pushing it onto us to go do that extra little digging."

What other advice do I have?

I love the fact that they were local to the DFW area because I know them and they know me. When I've had to have some heart-to-heart conversations, it's simple enough to have a face-to-face meeting with their leadership, break bread, and have some pretty direct conversation. And they listen. They express why they handle things a certain way, but they are willing to listen and see how they can integrate, modify, and change, not to just accommodate the customer, but also to make it consistent amongst all of their customers. That's the other thing that I'm very big on a proponent is, if I'm doing…
DS
IT Manager at a manufacturing company with 51-200 employees
Real User
Top 5
They work behind the scenes 24/7 to monitor our networks

What is our primary use case?

We are using it to try and improve our cybersecurity overall. We are also using it to reflect on our business growth whether we need to invest in more cybersecurity. We started as a small, family-owned business which was purchased by a U.S. company under the same umbrella. That company wanted to have all their portfolios have a higher level of security. This was an initiative taken by the parent company. This came at the right time because we started to get more phishing attacks as we started to manage more users. There has also been more requirements on the IT department to keep us secure… more »

Pros and Cons

  • "There is a team of people who monitor our traffic and processes 24/7, so if anything raises a flag or alert, it will escalate back to me right away. That's the most incredible part: Humans working behind the scenes 24/7 to monitor our networks."
  • "In terms of responsiveness, when I open up an alert, sometimes it takes a bit of time to load. However, it only happened once or twice."

What other advice do I have?

So far, I'm very happy with the service. However, we have no comparison. This is the first ever MDR service that we have used. We have not had enough time to really verify the protection that the service offers is enough because we haven't suffered any attacks. We don't know whether we're lucky or if the service really does work. You can never do enough to stay safe. It has helped me to see a lot of things going on with our network that I didn't see before. We were just not equipped with the right tools to really have a clear view of our network, and now we do. For smaller companies, in order…
Learn what your peers think about CRITICALSTART. Get advice and tips from experienced pros sharing their opinions. Updated: July 2021.
522,946 professionals have used our research since 2012.
RyanCarter
Vice President, Security at StackPath
Real User
Top 20
Our analysts' efficiency has been increased, as we only need to pay attention to the alerts that are escalated to us

What is our primary use case?

The challenges we were looking to address were mainly around making sure that my team wasn't overloaded with alerts and that we could tune out things we don't care about or that aren't important to us at that particular time. That was really what I was trying to accomplish, since I knew I wasn't going to be able to build out a team large enough to be 24 by seven.

Pros and Cons

  • "Outside of using the platform to manage alerts, the feature of the service that we get the most value from is being able to reach out to them and say, "Hey, we might go buy a SIEM," for example. They give us their overview of what's out there, what they've dealt with, what they integrate with, and what that looks like. That's been pretty powerful over the years for us."
  • "It has frustrated us that they don't have a native Slack integration, because most things do now. That's something we've asked for, for years, and it just doesn't really seem like it's a priority."

What other advice do I have?

The biggest lesson I've learned from using CRITICALSTART is that you don't necessarily need an internal SOC to make your customers happy. We get asked all the time on questionnaires, "Do you have a SOC?" We're able to say, "No, we use an external SOC to manage alerts for us." I've really only been pushed on that a couple of times. And at other times I've had companies that are larger than you would think come back and say, "Hey, we do the same thing." They may have an internal SOC too, but they still leverage a similar company to triage stuff before it even gets to their SOC. I use…
DB
CISO at a hospitality company with 1,001-5,000 employees
Real User
Top 5
They take care of all first-line alerts, with eyes on glass, fingers on keyboard; they're doing the work, allowing me to focus elsewhere

What is our primary use case?

We needed a SOC operation, and we weren't going to build it in-house, so we were looking for exactly what they offer. They're an MDR service, and we were looking for somebody that would manage the SIEM tool as well as the endpoint management tool and have the ability to take action, when necessary, on endpoints and function as a full, hands-on SOC. That is why we selected them. The service doesn't require us to make use of any hardware. The software required is Splunk, as a SIEM tool, which provides options as to how it's managed. We opted to have CRITICALSTART fully manage it, so we're… more »

Pros and Cons

  • "I also use their mobile app. It's very easy to use and very convenient to be able to respond to alerts wherever you are. I love the app. You can respond and communicate, per ticket, with their SOC in near real-time. The response is very quick."
  • "The updated UI is actually pretty bad. Regarding the intuitiveness, it is fairly easy to use, but the responsiveness, on a scale of one to 10, is a one. It's really poor performance."

What other advice do I have?

In terms of advice, I don't feel that implementing this service is any different than implementing any other system into your environment. A lot relies on your project management skills. I would attempt to test your MDR choices against a framework. The framework that comes to mind is the MITRE ATT&CK framework, which everybody is familiar with. Have realistic expectations about what vulnerabilities your MDR partner is really going to mitigate. That's the lesson I have learned. In terms of CRITICALSTART's Trusted Behavior Registry and the way it resolves things that are known as trusted, so…
DC
Director of Infrastructure and IT at a energy/utilities company with 51-200 employees
Real User
Top 10
They know our environment so we can engage them in problem-solving right away; they don't have to get "up to speed"

What is our primary use case?

We needed a company with expert solutions in the security field. We needed to secure our internal network, external users. CRITICALSTART has resources and know-how in those specific areas. The second part was that we needed assistance with security, hardware support, and implementation of Palo Alto firewalls, and they are the experts in that too. There are additional features on the Palo Alto firewalls, security on the level of the apps. The users cannot go to certain places. There's a service that gets set up so we don't have to manage it; there is an automatic shield on those firewalls… more »

Pros and Cons

  • "There are two parts of CRITICALSTART's services that are most valuable to us. The MDR solution where they monitor our computers, laptops, and users across the board; and their knowledge of Palo Alto firewalls."
  • "There is room for improvement with the new UI, and that's about it. I would like to see a more intuitive design."

What other advice do I have?

The new web portal they implemented is quite robust. It's very next-generation, but it does need small tweaks. You have to get used to it and learn a little bit about it. That's why I prefer the mobile app. The mobile app seems to be more straightforward. The new UI has more advanced features but you would have to click around and learn a little bit more. It's not as intuitive as the mobile app, but the functionality is there. As for their contractually committing to paying a penalty if they miss a one-hour SLA to resolve an escalated alert, we have never run into that situation. They haven't…
CS
Systems Administrator at a energy/utilities company with 501-1,000 employees
Real User
Top 10
They tell you they're going to cut your alerts by 99 percent and they did that, freeing me up for other things

What is our primary use case?

What I was looking to achieve with this service was to have less work on my plate, and to leverage people. Usually, when you buy a big product like an antivirus or endpoint protection, if it's a big solution and you have a big company, you need another person to just manage it or things like it. We didn't have those resources. We got the antivirus product, but we didn't have another person to add to it, so I needed someone to help me manage it. CRIICALSTART is helping me manage this solution because I don't have time to manage it. Originally, they were managing CylancePROTECT for us. Now, they… more »

Pros and Cons

  • "The most valuable feature of their service is their tuning... If we were getting 1,000 alerts a day without them, they tune it until they know what to do for 999 of them, and one will make it through to us per day. That tuning is the most valuable part of their solution."
  • "They just did a user interface overhaul to the website portal that you use for troubleshooting tickets. The old one was fine. The new one is not intuitive..."

What other advice do I have?

If you have people who already do this at your company, and they're paid well and they know what they're doing, and you have multiple products like this that they can manage, then you don't really need CRITICALSTART. But if you are a small group of IT people trying to support an entire company and you have a crazy, complex product like CylancePROTECT or Carbon Black defense or Palo Alto Cortex XDR, or anything like that, then it's probably better to leverage an expert company like CRITICALSTART. The only data source we are using them to manage is our antivirus and they integrate with that. I…
Justin Hadley
Sr. Manager, Security Engineering at a financial services firm with 501-1,000 employees
Real User
Top 5
The transparency of data in the platform is perfect: You see everything as they are seeing it

What is our primary use case?

We were looking for a third-party managed detection response provider for our integrations with Cylance and Carbon Black. We had to deploy the Cylance and Carbon Black agents after we received them from CRITICALSTART. Types of challenges that we were looking to address: * 24/7 monitoring * Reducing alerts. * Getting Level 0 and 1 taken care of, along with that first triage of alerts. Those are taken care of before our team has to look at it.

Pros and Cons

  • "The way that the user interface presents data enables our team to be able to make decisions significantly quicker, rather than have to dig into the details or go back to the original tools."
  • "Their Zero Trust Analytics Platform (ZTAP) engine, which is kind of their correlation engine, is by far and away one of the best in the business. We can filter and utilize different lists to build out different alerts, such as, what to alert on and when not to alert. This engine helps reduce our number of alerts and false positives."
  • "The biggest room for improvement is not necessarily in their service or offering, but in the products that they support. I would like them to further their knowledge and ability to integrate with those tools. They have base integrations with everything, and we haven't come across anything. They should just continue to build on that API interface between their applications and other third-party consoles."

What other advice do I have?

Trust the CRITICALSTART team. For the products that they resell and support, they know them very well. As you go down that path, you have a good heap of knowledge to rely on. Do not try to build it out or figure it out yourself. We have since transitioned Cylance and Carbon Black over to CrowdStrike. We still use them for that service and also use them for our SIEM, because they host and manage Splunk for us. That all integrates into ZTAP. Using that and any new products that we bring in-house, we work with CRITICALSTART to see if they have already gotten an integration connector built…
Preston Broesche
Director of Information Technology at Kirby Corporation
Real User
Top 5
Saves my team time and alert fatigue, allowing us to concentrate on more important things

What is our primary use case?

I have a very small team and anytime I can maximize efficiencies within the work I'm trying to do with Kirby, it's a good thing. That's what I was trying to do by using CRITICALSTART.

Pros and Cons

  • "The new mobile app is awesome. It is one of the best I've ever seen. It's much better than its predecessor. It's more intuitive, a whole lot easier to navigate and get where you need to go. It's less repetitive and just generally easier to use. It allows me to not have to be sitting at my computer all the time. I can be on my phone or tablet or wherever I'm at. It makes it a lot easier to answer tickets and do that kind of thing."
  • "The main difference between the other options and this one is the quality of the personnel within the SOC. It's their knowledge and depth and the way they handle customers."
  • "The only thing I can think of that I would like to see, and I'm sure they could work this into a service pretty easily, is not only alerts on issues that are affecting my company, but some threat intelligence of a general nature on what's out there in the environment. That might be a nice add-in."

What other advice do I have?

I would suggest using a phased approach, instead of dumping everything in from the beginning and then trying to sort it out, triage-wise. If you add types of sources or tools to it one at a time, instead of "everybody into the pool" right away, that really helps you. That way it allows you to get your handle on the smaller piece of the pie first and then work your way forward. As for what to start with, it depends on what you're pushing to them. I didn't start necessarily right away with the MDR, but I did have my endpoint protection being looked at by them, at least. Then I added in my SIEM…
See 2 more CRITICALSTART Reviews