IT Central Station is now PeerSpot: Here's why

CRITICALSTART OverviewUNIXBusinessApplication

CRITICALSTART is #2 ranked solution in SOAR tools and MDR Services. PeerSpot users give CRITICALSTART an average rating of 9.6 out of 10. CRITICALSTART is most commonly compared to Palo Alto Networks Cortex XSOAR: CRITICALSTART vs Palo Alto Networks Cortex XSOAR. CRITICALSTART is popular among the large enterprise segment, accounting for 49% of users researching this solution on PeerSpot. The top industry researching this solution are professionals from a computer software company, accounting for 37% of all views.
CRITICALSTART Buyer's Guide

Download the CRITICALSTART Buyer's Guide including reviews and more. Updated: August 2022

What is CRITICALSTART?

The cybersecurity landscape is growing more complex by the day with the arrival of new threats and new tools supposedly designed for combating them. The problem is it’s all creating more noise and confusion for security professionals to sort through.

CRITICALSTART is the only MDR provider committed to eliminating acceptable risk and leaving nothing to chance. They believe that companies should never have to settle for “good enough.” Their award-winning portfolio includes end-to-end Professional Services and Managed Detection and Response (MDR). CRITICALSTART MDR puts a stop to alert fatigue by leveraging the Zero Trust Analytics Platform (ZTAP) plus the industry-leading Trusted Behavior Registry, which eliminates false positives at scale by resolving known-good behaviors. Driven by 24x7x365 human-led, end-to-end monitoring, investigation and remediation of alerts, their on-the-go threat detection and response capabilities are enabled via a fully interactive MOBILESOC app.

CRITICALSTART was previously known as Critical Start.

CRITICALSTART Video

CRITICALSTART Pricing Advice

What users are saying about CRITICALSTART pricing:
  • "It costs a lot for what we felt comfortable to spend."
  • "The pricing of other services was so insane that they weren't even an option."
  • "The pricing has always been competitive. They have always been good to us. They will make it a fight. They don't try to hide anything; it's always been fully transparent and well-worth what we pay for it."
  • "Overall, for what I'm paying for it, and the benefit I'm getting out of it, it is right where it needs to be, if not a little bit in my favor. For what it costs me to actually have this service, I could afford one internal person to do that job, but now I have a team of 10 or more who are doing that job, and they don't sleep because they work shifts."
  • CRITICALSTART Reviews

    Filter by:
    Filter Reviews
    Industry
    Loading...
    Filter Unavailable
    Company Size
    Loading...
    Filter Unavailable
    Job Level
    Loading...
    Filter Unavailable
    Rating
    Loading...
    Filter Unavailable
    Considered
    Loading...
    Filter Unavailable
    Order by:
    Loading...
    • Date
    • Highest Rating
    • Lowest Rating
    • Review Length
    Search:
    Showingreviews based on the current filters. Reset all filters
    IT Manager at a manufacturing company with 51-200 employees
    Real User
    They work behind the scenes 24/7 to monitor our networks
    Pros and Cons
    • "There is a team of people who monitor our traffic and processes 24/7, so if anything raises a flag or alert, it will escalate back to me right away. That's the most incredible part: Humans working behind the scenes 24/7 to monitor our networks."
    • "In terms of responsiveness, when I open up an alert, sometimes it takes a bit of time to load. However, it only happened once or twice."

    What is our primary use case?

    We are using it to try and improve our cybersecurity overall. We are also using it to reflect on our business growth whether we need to invest in more cybersecurity.

    We started as a small, family-owned  business which was purchased by a U.S. company under the same umbrella. That company wanted to have all their portfolios have a higher level of security. This was an initiative taken by the parent company. This came at the right time because we started to get more phishing attacks as we started to manage more users. There has also been more requirements on the IT department to keep us secure along with more focus in today's world on IT security. Previously, we didn't really pay as much attention because we always thought we were a small company, and thought, "Who would want to hack us?" I guess that is no longer the case.

    The service for endpoint protection needs to have an agent installed on the endpoint, and that is pretty much it. There is no specialized hardware required to use their service.

    How has it helped my organization?

    It removed a huge task from my shoulders onto someone who it's their profession to do this because I'm not from a security background. It definitely makes my life a lot easier. In terms of company, we have invested in something sophisticated and management knows that we have access to a 24/7 service. It makes them feel happier as well, especially these days when you hear about attacks, etc. For them, knowing we have a service like this in place is a good thing.

    I receive probably less than five alerts per week. Most of them are caused by OpenDNS, which means there is not much they can do. These happen when our workstation is trying to reach a destination with IP addresses, then it will raise an alert because it suspects someone is trying to bypass the DNS security to go directly to a certain destination. With that kind of alert, the only thing we can do if we don't think it's safe is block it in the firewall. With the service from CRITICALSTART, they don't have the capability to actually block individual IP addresses. That's why those alerts keep coming in whenever there's a new IP. Our regular processes, like our ERP software, are mostly filtered and no longer come up as alerts. This has being cut down by probably more than 80 percent compared to day one.

    On whatever CRITICALSTART does, it will show up and be logged. If there is an alert, and someone made a comment or did something, it will all show up in one place. That has sort of a paper trail of what people did. Because we have agents installed on endpoints, I don't know exactly all the details of information that are sent to CRITICALSTART. I assume since this is Zero Trust, they probably be sending everything because we keep thousands of processes with a playbook and a whitelist of filters. So, I never go in and actually check exactly what's being sent over. As far as I can see, if they done anything, like putting something to a whitelist or triggering/disabling a filter, it all shows up.

    Now, all I need to do is just go in. Luckily, we're relatively small. With most of the alerts, I'm able to address them right away because I know exactly what they are and they have done most of the leg work, then I ask the team if they will take care of the rest. That definitely saves a lot of time on my side. I can't really make a comparison between now and before last November, because we didn't do much because we weren't equipped to do much then. There might have been something going on, but we didn't know because we didn't have the resources for this kind of service.

    We now have the tools and the support to actually have a clear view of what's going on. Before, it was just the traditional antivirus installed on the computer. Whatever it did, it was done without us because we couldn't really do much except block something or whitelist it. There were no humans involved. I'm not spending too much time on this because most of the jobs are done by the team from CRITICALSTART. All I do is just help them confirm whether the alert is legitimate or another regular process that we haven't playbooked yet.

    What is most valuable?

    The 24/7 SOC security: There is a team of people who monitor our traffic and processes 24/7, so if anything raises a flag or alert, it will escalate back to me right away. That's the most incredible part: Humans working behind the scenes 24/7 to monitor our networks.

    The intuitiveness and responsiveness of the updated service's user interface is pretty cool, especially the dark theme, which I like. It is easy on the eyes. It's not like a traditional portal. It looks very futuristic, but I think it's more accessible and less crowded. The new interface is definitely an improvement. 

    I am a one-man team. Everything is done by just me. I did find that it is easy to find things on the UI. I think it's an improvement from the one we had when I started.

    What needs improvement?

    Our infrastructure is very simple. The service covers almost all the endpoints, except that a service we use doesn't have a function that can control portable storage. It does scan everything, including whatever you have on a USB plugged into your computer. My suspicion is it will get there, but not right away. It doesn't have a special function to control the portable devices, and that's one thing I see lacking because sometimes we do have users who need this.

    In terms of responsiveness, when I open up an alert, sometimes it takes a bit of time to load. However, it only happened once or twice. Most of time, it take just one click, then I'm there.

    The dark theme might not be everybody's favorite. When I built the app for our users with a dark theme, everybody kept complaining. However, it's perfect for me and I like it a lot.

    Buyer's Guide
    CRITICALSTART
    August 2022
    Learn what your peers think about CRITICALSTART. Get advice and tips from experienced pros sharing their opinions. Updated: August 2022.
    622,358 professionals have used our research since 2012.

    For how long have I used the solution?

    We have not been using it for very long. We started using it sometime around last November.

    What do I think about the scalability of the solution?

    We do have every single endpoint covered. That's how extensive it is. One more thing we can do is have company issued mobile device coverage. We haven't done that. It's just that we don't have that many company issued mobile devices. Other than that, we have everything else covered.

    As long as we are growing, we can probably stay with a service like this.

    How are customer service and support?

    If I have a question, I do talk to the service provider's analyst, though not very often. This is partly because we're relatively small and don't have as many processes going on a daily basis compared to some of the bigger companies. If there is an alert that I don't quite get, then I will reach out. I think the best part about CRITICALSTART is that you have access to real human beings, and usually, their response is very timely.

    It's too early to see but definitely there is value to their service. Because of the size of our business and also it's not a very complex business, we have had maybe two or three incidents that were close to real threats, but not even a threat. They were just some user transfer files, which were questionable, but not malware. However, they are not something we want to have in our system. We have only been working with CRITICALSTART for less than a year, but I do see value in terms of having a team of professionals that we can access anytime that we want to provide more peace of mind. It's like an insurance. You don't have to use it, but having it in place definitely makes us feel better. Given how many phishing emails we receive every day, their service will be become more valuable down the road. Right now, they haven't had the chance to prevent a real attack or threat yet.

    In terms of support, they're really good. They have quarterly meetings where we actually talk to an engineer and their support to just go through what has gone on in the past quarter. They will give some tips on how to respond to their tickets. This makes you feel like they have your back all the time. The service side of things is really great. When they see a concern, they reach out and help just to make sure that I actually know what I'm doing.

    How was the initial setup?

    We were able to start using it almost right away, mainly because this was an initiative taken by our parent company. We got top priority. From the day we signed the contract to the day we started the tuning process, which was during Christmas, it was maybe two to three weeks max because there are things that I had to do on my side. I had to install all the agents on the endpoint. That was the only requirement. But if I remember correctly, it was pretty quick.

    Most of the service is very straightforward. We did have a little problem removing it from endpoint, and I had to select that change in the portal. That was the only challenge we had. Part of the service does require us to set up a DNS forwarder onsite, and that took a bit longer than the rest. Overall, everything is very straightforward. Also, when this problem came up, the support was very efficient.

    It was a bit worse initially because there would be some Zero Trust; it didn't trust anything. We did have to spend a few months of time building a playbook to whitelist all our common processes and the software that we use. But, as time goes on, all these rapid program were playbooked, then we started to see real behaviors that might cause problems. I think this is a very good approach. It's definitely labor-intensive, but mostly on their side, because that's the service that they provide.

    Once they created the playbook, we saw less alerts on a daily basis. I will still see some alerts that were caused by some of our less used programs, which maybe just start triggering alerts. Also, we can start seeing things that look more like real threats, but this stopped a long time ago because of the Zero Trust policy. So, anything new to them will raise a flag, and we will work together to add a filter or block it.

    What about the implementation team?

    From a project management standpoint, the service provider is pretty good. The onboarding process is very smooth despite the fact that it was Christmas season. Right after we signed the contract, I went on a vacation so they were able to speed up things and make sure that we had this thing up and running before I left for vacation.

    What was our ROI?

    If you consider sleeping better at night as a return, there is definitely a return in that. It is a comfort to know that there is a team of professionals backing you up, especially in an area that you don't feel 100 percent comfortable. Because we never had an incident in the past, we can't really see whether the service has earned every penny that they charge. Sometimes, I still wonder if I had just gone with Sophos, would we have gotten the same result?

    Our expectations have been met in terms of service delivered on time and on spec. It's just the time limits of the response and friendliness of their support. You don't see that in every service provider.

    What's my experience with pricing, setup cost, and licensing?

    It costs a lot for what we felt comfortable to spend.

    We just decided to bite the bullet because we have to do something as a requirement first, and we have to have all our areas covered. In terms of pricing, we probably got a good deal because we are part of a bigger organization now, so we got a discount. But in this case, I guess you get what you pay for. For security, there's a balance somewhere regarding how much money you can spend in relation to how much value it's generating every year. There must be some sort of guideline out there to say what the percentage of IT spending is acceptable. I think it really depends on each company. In my experience with CRITICALSTART, I think if you have the resources to use the service, go for it. Definitely, I think it's worth it.

    Which other solutions did I evaluate?

    Before we committed to CRITICALSTART, we did shop around. We saw two approaches:

    1. Having real humans to go through every single process and help create playbooks. 
    2. Using some sort of artificial intelligence, but still trying to do the same thing. 

    I definitely prefer to have a real team working on this rather than AI, because AI is still not as smart as we would hope it to be. However, it definitely costs more when real people do the job. If a resource is not a problem, I would definitely recommend this type of solution.

    We had a few meetings with the guys from Sophos because they came in highly recommended by our teams in the same industry. At that time, we were still in some sort of transition from the family owned business to the larger business. Therefore, we thought Sophos would fit our bill better, as they are cheaper. They have good service. They also have hardware appliances they we were interested in buying. We thought it would be a good fit to our business because we weren't budgeted as much to use a service like CRITICALSTART. We had quite a few meetings. We even had those meetings with the person from our parent company who took the initiative to talk to all their portfolios to push a corporate-wide solution so that we could get better discounts.

    We ended up not going with Sophos because:

    1. As a service, Sophos was all new for us. We had never used them before. 
    2. CRITICALSTART Zero-Trust platform is somewhat more attractive to our non-technical management. It sounds like a lot better idea not to trust anything. 

    At the end of the day, CRITICALSTART was recommended by a consultant company, which was used by our parent company. So, we thought if Sophos was new to us, it's probably safer to go with what they recommended just in case something happens. That's why we went with CRITICALSTART. Initially, we just felt like it was a huge jump from what we used to have. We were a little bit uncomfortable at first. Once we get used to it, it was a good service and I think we can afford it.

    What other advice do I have?

    So far, I'm very happy with the service. However, we have no comparison. This is the first ever MDR service that we have used. We have not had enough time to really verify the protection that the service offers is enough because we haven't suffered any attacks. We don't know whether we're lucky or if the service really does work. 

    You can never do enough to stay safe. It has helped me to see a lot of things going on with our network that I didn't see before. We were just not equipped with the right tools to really have a clear view of our network, and now we do. 

    For smaller companies, in order for them to grow, they have to trust the professionals. Sometimes, we tend to save every dollar possible and do everything on our own, either by reading a book or taking a course. It's a good thing to learn new things but I learned that no one can cover every aspect of a company's IT needs. When the time is ready, you need to leave certain things to the people who are really good in that area, freeing up yourself to do things that you are really good at.

    I would give it nine out of 10 because of the pricing. So far, that's the only downside that I can see.

    Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
    PeerSpot user
    Systems Administrator at a energy/utilities company with 501-1,000 employees
    Real User
    Top 10
    They tell you they're going to cut your alerts by 99 percent and they did that, freeing me up for other things
    Pros and Cons
    • "The most valuable feature of their service is their tuning... If we were getting 1,000 alerts a day without them, they tune it until they know what to do for 999 of them, and one will make it through to us per day. That tuning is the most valuable part of their solution."
    • "They just did a user interface overhaul to the website portal that you use for troubleshooting tickets. The old one was fine. The new one is not intuitive..."

    What is our primary use case?

    What I was looking to achieve with this service was to have less work on my plate, and to leverage people. Usually, when you buy a big product like an antivirus or endpoint protection, if it's a big solution and you have a big company, you need another person to just manage it or things like it. We didn't have those resources. We got the antivirus product, but we didn't have another person to add to it, so I needed someone to help me manage it.

    CRIICALSTART is helping me manage this solution because I don't have time to manage it.

    Originally, they were managing CylancePROTECT for us. Now, they manage CylancePROTECT, Carbon Black Defense, and Palo Alto Cortex XDR for us.

    How has it helped my organization?

    They take work off my plate and that frees me up to work on other things. The fact that I have time to do more of my job isn't game-changing for my company, but for me it's a huge deal. Otherwise, I'd be spread so thin. What would have happened if we didn't CRITICALSTART is that I would either have been getting thousands of alerts a day and having to ignore everything else, or we would have used a different security product that is less noisy but also less secure. And then, maybe, we would have been compromised and not even know it.

    Our expectations have been met in terms of services delivered on time, on budget, and on spec. When you sign up with them, they tell you they're going to cut your alerts down by 99 percent, and they did that. They did that with Carbon Black Defense and they did that with XDR. That's all I could really hope for.

    What is most valuable?

    The most valuable feature of their service is their tuning. All the service really does is get things to the point where we get fewer alerts sent to us. If we were getting 1,000 alerts a day without them, they tune it until they know what to do for 999 of them, and one will make it through to us per day. That tuning is the most valuable part of their solution.

    When we had Carbon Black, we were getting at least one escalated alert a day, maybe more, because it wasn't able to be tuned the same way that other services can be, or maybe Carbon Black itself alerts that much more. With Cortex XDR, we're only getting about one escalated alert a week, or one a month. It's much less.

    What needs improvement?

    They just did a user interface overhaul to the website portal that you use for troubleshooting tickets. The old one was fine. The new one is not intuitive and I hate it.

    It's an information overload issue. When you go there, there is a bunch of stuff to look at. I had to get a walkthrough last week because I didn't know how to get to the one screen that I'm looking for when I use it, the one that shows the tickets that I have and the tickets that I don't have. I couldn't figure out how to get to that. In the middle of the main screen there's a little button that'll take you there. And at the top there's a search bar and a filter that helps you find tickets that are assigned to your organization or their organization, tickets that are open, tickets that are closed. But it's not intuitive.

    For how long have I used the solution?

    I have been using CRITICALSTART for one-and-a-half years.

    What do I think about the scalability of the solution?

    If they expanded the scope of what they can ingest and did so at good pricing for managing other services and remediating other issues, I would definitely look into expanding our usage. At this point, I don't know what else they take in, other than endpoint protection.

    How are customer service and technical support?

    From a project management standpoint they have performed very well. They're very organized. They're very reliable and responsive. Their customer support is a 10 out of 10. I'm always happy to hear from them and see them.

    I haven't had any problems since they've been managing XDR, but back with Carbon Black I had a lot of problems trying to understand why something was being alerted this way and why this or that was being blocked. They helped me troubleshoot all of that stuff as well. And they do it within their SLA. It's nice to have that insurance that they should be responding within an hour.

    Which solution did I use previously and why did I switch?

    This is the first time I've used a managed service provider for managing anything like endpoint protection.

    How was the initial setup?

    There was an initial setup required at our end to use their service and they helped me take care of that. It was very straightforward. There were a few settings for me to change and there were a lot of settings for them to change, and they just remoted into my machine and helped me do it. Either way it was not rocket science for me.

    We've used this service with three different products. For the first one, CylancePROTECT, there wasn't a portal for me to log into. That was all behind the scenes. We didn't get to know what was happening. They just took care of everything. 

    When we had Carbon Black Defense, we had the old portal, but that was a year-and-a half-ago and I don't remember how long it took to get set up. It hooked in pretty quickly. 

    With Palo Alto Cortex XDR, we were either their first or one of their first customers to use that service, so it took a little bit longer to get everything set up correctly, even though we were already connected to them through the old service. We were in the system immediately, but we weren't in full-on production mode for about four-and-a-half months. That's not that bad because they were actively managing it until then.

    Which other solutions did I evaluate?

    I looked at Arctic Wolf. There were some others as well. But the pricing of other services was so insane that they weren't even an option. And they don't do exactly the same thing. CRITICALSTART has a narrow scope that fit our requirements. I had a problem and CRITICALSTART specifically works with that thing. I don't know if they do other stuff now, but when we started working together, pretty much all they covered was antivirus.

    What other advice do I have?

    If you have people who already do this at your company, and they're paid well and they know what they're doing, and you have multiple products like this that they can manage, then you don't really need CRITICALSTART. But if you are a small group of IT people trying to support an entire company and you have a crazy, complex product like CylancePROTECT or Carbon Black defense or Palo Alto Cortex XDR, or anything like that, then it's probably better to leverage an expert company like CRITICALSTART.

    The only data source we are using them to manage is our antivirus and they integrate with that. I don't know if they would have been able to integrate with our other data sources. We didn't try that.

    I have used CRITICALSTART's mobile app but I haven't used it lately because we get so few alerts that I don't really need it. A lot of people use the mobile app for when they're home on the weekends and they need to get stuff remediated quickly. We don't have people working on the weekends, usually, so it's not a huge issue for us. If my company is working, I'm at my office and at my computer already so I don't need the mobile app for that.

    The mobile app has the basic features that you need to use their service. I don't remember if it lets you link to the service they're managing; for example, I don't think there's a link to the Cortex XDR app from CRITICALSTART's mobile app. So you can't really dig deep into anything on there, but that's not their fault. It's just because you can't do that, period. But for quick remediation or quick alerting, it's perfect.

    I haven't spoken to CRITICALSTART's analysts lately. During implementation, we had weekly meetings. Usually I only talk to them when things aren't going well, so the fact that I haven't talked to them in a while means we're good. But they were always available when I needed them. If I needed them quickly, they could join a meeting within a day.

    Out of all the service providers I've had to work with over the years—I've been here six years—CRITICALSTART is my favorite to work with. I see them at almost every convention that I go to, no matter what city I'm in. I'm always happy to see them and they always recognize me. I feel like that's worth something when you're looking for someone to work with. They have a personal touch.

    Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
    PeerSpot user
    Buyer's Guide
    CRITICALSTART
    August 2022
    Learn what your peers think about CRITICALSTART. Get advice and tips from experienced pros sharing their opinions. Updated: August 2022.
    622,358 professionals have used our research since 2012.
    Justin Hadley - PeerSpot reviewer
    Sr. Manager, Security Engineering at a financial services firm with 501-1,000 employees
    Real User
    Top 10
    The transparency of data in the platform is perfect: You see everything as they are seeing it
    Pros and Cons
    • "The way that the user interface presents data enables our team to be able to make decisions significantly quicker, rather than have to dig into the details or go back to the original tools."
    • "Their Zero Trust Analytics Platform (ZTAP) engine, which is kind of their correlation engine, is by far and away one of the best in the business. We can filter and utilize different lists to build out different alerts, such as, what to alert on and when not to alert. This engine helps reduce our number of alerts and false positives."
    • "The biggest room for improvement is not necessarily in their service or offering, but in the products that they support. I would like them to further their knowledge and ability to integrate with those tools. They have base integrations with everything, and we haven't come across anything. They should just continue to build on that API interface between their applications and other third-party consoles."

    What is our primary use case?

    We were looking for a third-party managed detection response provider for our integrations with Cylance and Carbon Black. We had to deploy the Cylance and Carbon Black agents after we received them from CRITICALSTART.

    Types of challenges that we were looking to address:

    • 24/7 monitoring
    • Reducing alerts.
    • Getting Level 0 and 1 taken care of, along with that first triage of alerts. Those are taken care of before our team has to look at it.

    How has it helped my organization?

    The way that the user interface presents data enables our team to be able to make decisions significantly quicker, rather than have to dig into the details or go back to the original tools.

    The transparency of data in the platform is perfect. The way they built it out, you are seeing everything as they are seeing it. There is not a black box; it's not the magic sauce happening behind the curtain. You have the ability to see everything that they do right there in the console.

    The service has significantly increased our analysts’ efficiency to the point that they can focus on other areas of the business. We went from triaging an email inbox and a few other tools to being able to manage the queue appropriately at regular intervals. We also have begun looking for other tasks or items to further advance some of the analysts' careers.

    Services have been fully delivered on time, on budget, and on spec. Whether it be for implementations, go-lives, or enhancements for anything that we want to add to the platform, they have always been consistent, ready, and willing to help out, build out, and troubleshoot should there be any issues.

    What is most valuable?

    Their Zero Trust Analytics Platform (ZTAP) engine, which is kind of their correlation engine, is by far and away one of the best in the business. We can filter and utilize different lists to build out different alerts, such as, what to alert on and when not to alert. This engine helps reduce our number of alerts and false positives.

    The service's Trusted Behavior Registry helps the provider solve every alert. The way that they have it built out is very intelligent. The way every alert comes in, it gets triaged one direction or another. If it is already a false positive, then it is still getting addressed and reviewed on a regular cadence. Also, true positive alerts get escalated to the appropriate personnel.

    Its mobile app is great. The ability just to be able to quick reference and see what's coming in when you're on the move or go. You don't always need to have your computer or laptop handy, because you can operate it just from the mobile app. It can communicate with analysts, which is great.

    The mobile app is great at affecting the efficiency of our security operations. Those guys are using it throughout the day, whether that be at the office, home, or off hours. Typically, they triage from the mobile app. Then, if an escalation needs to be done on a computer, they will pull out a computer.

    We were on the original UI for a few years, so the updated UI has been a refreshing change. It has significantly more ability to filter and translate data, then load that data. It is rather intuitive to click through for some of our junior analysts or interns, especially as we are starting to onboard and teach them different aspects of the security operations team.

    What needs improvement?

    The biggest room for improvement is not necessarily in their service or offering, but in the products that they support. I would like them to further their knowledge and ability to integrate with those tools. They have base integrations with everything, and we haven't come across anything. They should just continue to build on that API interface between their applications and other third-party consoles.

    For how long have I used the solution?

    We started using it in 2017.

    What do I think about the scalability of the solution?

    We have about 15 to 20 users. That is a mix of the security team, sysadmin server administrators, and the network operations group.

    How are customer service and technical support?

    Our team members talk regularly with CRITICALSTART's analysts. They go back and forth with them regularly on individual incidents or investigations as well as support calls or conversations around monthly trends.

    The number one value their service, as a whole, provides is the people. They hire the right guys and train them. We can then leverage their knowledge of looking at the greater picture. They are able to see all of their different clients, then translate what they are seeing there to our individual instance.

    Whether it be alerts that they have already given us, or if we want to do some different threat hunting, have different ideas that we're trying to dig into, or we need assistance with an investigation, they are always a phone call away. They have analysts ready and willing to dive into a specific issue, even if it's not related to something their service has provided or alerted us to.

    Which solution did I use previously and why did I switch?

    We didn't have a third-party provider previously.

    The primary reason that we went for a service like CRITICALSTART was just the need to lift the burden off of a small team. When we started with CRITICALSTART, there were four of us. Now, we are a team of 15 or 16, so our team has grown. However, being able to have that first layer with a first set of eyes on alerts, incidents, and investigations as they came in, it was a big point for us, rather than getting stuck in our backlog and trying to keep up.

    How was the initial setup?

    We entered into an agreement to use CRITICALSTART's service, then it took us two months before we went live.

    There was nothing significant that we had to do in addition to the initial setup. When we do firewall changes, we just do it through our agents and communicate back to CRITICALSTART appropriately. This took four to six weeks of our setup time.

    What about the implementation team?

    Four people from our organization were involved in the setup: 

    • Our security operations manager
    • Our internal IT manager
    • Our network operations team
    • Myself, as I manage the security engineering team.

    What was our ROI?

    Monthly, we are looking at 10 to 12 million alerts that the Trusted Behavior Registry sees. Of that, about 250 to 300 get escalated to our team.

    CRITICALSTART takes care of the Tier 1 and Tier 2 triage for us. We only escalate up when there is a true positive that needs to be investigated. On a weekly basis, this saves us close to 50 to 60 hours.

    What's my experience with pricing, setup cost, and licensing?

    The pricing has always been competitive. They have always been good to us. They will make it a fight. They don't try to hide anything; it's always been fully transparent and well-worth what we pay for it.

    There are SLAs within our contract regarding the different alert tiers. This was a big factor in our decision to go with this service. They are willing to stand behind their product and team, then put that in a contract. It is evident that they are doing the right thing for their clients. They have not missed any SLAs so far.

    Which other solutions did I evaluate?

    We also looked at CrowdStrike. Their service just wasn't quite as mature. They only integrated with their only product. 

    We looked at Arctic Wolf, who is not local. Critical Start is just down the street from us. Being able to build that relationship locally was a big selling point as well.

    What other advice do I have?

    Trust the CRITICALSTART team. For the products that they resell and support, they know them very well. As you go down that path, you have a good heap of knowledge to rely on. Do not try to build it out or figure it out yourself.

    We have since transitioned Cylance and Carbon Black over to CrowdStrike. We still use them for that service and also use them for our SIEM, because they host and manage Splunk for us. That all integrates into ZTAP. Using that and any new products that we bring in-house, we work with CRITICALSTART to see if they have already gotten an integration connector built. Typically, we'll use theirs. If there's already something built, or they have the appetite to build it, we'll use that service as we onboard it internally as well as into CRITICALSTART.

    The biggest lesson is transitioning from alert overload to being at a point where we do have eyes on alerts, where every alert is truly possible. It's something that a lot of people sell and not a lot of people do very well. Being able to come into this relationship, then where we're at today, it kind of opened my eyes to: There is the opportunity and the possibility to do this. Stuff is not going to get dropped or missed by our operations group.

    I would give them a nine (out of 10). They are right there at the edge, probably a leader in the market. That's kind of why we chose them. Of course, there is always room to improve, but they're doing a lot of things right. We appreciate their team.

    Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
    PeerSpot user
    Preston Broesche - PeerSpot reviewer
    Director of Information Technology at Kirby Corporation
    Real User
    Saves my team time and alert fatigue, allowing us to concentrate on more important things
    Pros and Cons
    • "The new mobile app is awesome. It is one of the best I've ever seen. It's much better than its predecessor. It's more intuitive, a whole lot easier to navigate and get where you need to go. It's less repetitive and just generally easier to use. It allows me to not have to be sitting at my computer all the time. I can be on my phone or tablet or wherever I'm at. It makes it a lot easier to answer tickets and do that kind of thing."
    • "The main difference between the other options and this one is the quality of the personnel within the SOC. It's their knowledge and depth and the way they handle customers."
    • "The only thing I can think of that I would like to see, and I'm sure they could work this into a service pretty easily, is not only alerts on issues that are affecting my company, but some threat intelligence of a general nature on what's out there in the environment. That might be a nice add-in."

    What is our primary use case?

    I have a very small team and anytime I can maximize efficiencies within the work I'm trying to do with Kirby, it's a good thing. That's what I was trying to do by using CRITICALSTART.

    How has it helped my organization?

    The most valuable part of the service is the time saved. CRITICALSTART helps with so many of these alerts that my team and I don't get alert fatigue. It saves us time to concentrate on the more important things. It probably saves us a day or two, 10 to 15 hours, a week.

    I also talk to CRITICALSTART analysts and the value in that is immense. I just talked to my Board of Directors about that this morning. The value from it is what I'm spending on the service versus what I would have to spend to build a team like that internally. It's at least one-fifth of the cost. There's value in that for me. And their availability is generally pretty quick. I've never really had to wait very long for anything. The availability of the analysts where they will say, "Hey, I know we sent an alert on this, but you should really take a closer look at it," via a phone call or a message, is just phenomenal.

    In a given quarter, I get 589,000 security events and 584,000 of those get reduced by the service before they even get to me. The alerts that actually come through to me end up being about 1,400 in that quarter, which is a 99.7 percent efficiency rate.

    What is most valuable?

    The Trusted Behavior Registry helps resolve alerts in the sense that CRITICALSTART is doing a lot of that initial triage for me. Out of a given 500,000 events and alerts, for example, that come through, they're taking out 495,000 of them. That only leaves me with a subset of that to actually have to triage, and that's where it benefits us. They take care of Tier-1 and Tier-2 triage.

    And the new mobile app is awesome. It is one of the best I've ever seen. It's much better than its predecessor. It's more intuitive, a whole lot easier to navigate and get where you need to go. It's less repetitive and just generally easier to use. It allows me to not have to be sitting at my computer all the time. I can be on my phone or tablet or wherever I'm at. It makes it a lot easier to answer tickets and do that kind of thing.

    Also, the intuitiveness of the updated user interface for the service is spot-on. It is much easier to navigate, and know where to navigate, in the newer interface. I've never had an issue with responsiveness. It's very quick and doesn't sit there and chug on anything. It's fast, it's efficient. It has enabled our SecOps team to take action faster because if you have multiple ways of connecting to it and actually getting your alerts answered and taking care of things fast, it is extremely helpful.

    All the information that you need to make a determination is usually in the alert itself that comes through the Zero-Trust Analytics Platform (ZTAP). I don't find myself going back to the app itself very often. That still happens, but not as often. The ability to flow the information forward, from the alert standpoint, helps me because it saves me from running back to get the information. It's improved my efficiency.

    Finally, there haven't been any data sources that the service wasn't able to integrate with.

    What needs improvement?

    The only thing I can think of that I would like to see, and I'm sure they could work this into a service pretty easily, is not only alerts on issues that are affecting my company, but some threat intelligence of a general nature on what's out there in the environment. That might be a nice add-in.

    For how long have I used the solution?

    I have been using CRITICALSTART for about seven years now.

    How are customer service and technical support?

    If I have issues, all I have to do is either send a message or a ticket over and ZTAP will pick up the phone and call somebody. It's pretty easy.

    Which solution did I use previously and why did I switch?

    We were all internal prior to using CRITICALSTART for this. We didn't use a third-party external service to look at any of this data. We were actually doing it ourselves.

    How was the initial setup?

    From the time we entered into an agreement to use this service until we could start using it, it was pretty quick. They jumped right on it from a project management standpoint. On a scale of one to 10, the project management aspect was a 10. Their performance was spot-on. I was actually using it, even though we were still tuning, within a week or so.

    In terms of initial setup, you have to start pointing all your sources to the app to have them adjusted. Once you start doing that, you can start getting some data out of it. Within that week I started seeing events start coming through.

    The initial setup is always straightforward. The complexity comes in the tuning, because then you have to say, "Is this normal? Is this not normal? Does this only happen once a year?" That's where the complexity comes in. The fine-tuning took a couple of months. But that was more on my side then it was on CRITICALSTART's side.

    I was the only one involved in the setup from our company, and I'm the only user. Our entire domain reports into it from a SIEM perspective, and every node that we have is reporting in from an endpoint protection standpoint. That's 5,000 to 6,000 user nodes and probably another 1,000 servers. It's a 100 percent adoption rate. They don't get a choice.

    What's my experience with pricing, setup cost, and licensing?

    Overall, for what I'm paying for it, and the benefit I'm getting out of it, it is right where it needs to be, if not a little bit in my favor. For what it costs me to actually have this service, I could afford one internal person to do that job, but now I have a team of 10 or more who are doing that job, and they don't sleep because they work shifts.

    Licensing is always one of those things that you can have some degree of negotiation on. There are hard costs associated with the service because they're paying salaries. I always look for opportunities to improve from a pricing standpoint, but I've not been displeased, so far, with it.

    Which other solutions did I evaluate?

    I knew of a few other options. Alert Logic is one of them, and there was another one called Fulcrum that has a service now around it, but it's nowhere near the maturity of what CRITICALSTART has.

    I also had an existing relationship with CRITICALSTART. We did have an issue and they stepped in and helped us with that issue and really went to bat for us. That helped build that relationship from a trust standpoint.

    There wasn't any kind of bake-off. It's a close-knit community, so I didn't really have to go to that level. I knew I didn't want certain other ones.

    The main difference between the other options and this one is the quality of the personnel within the SOC. It's their knowledge and depth and the way they handle customers. Their guiding principles fit really well to get you the best service that you can possibly get.

    What other advice do I have?

    I would suggest using a phased approach, instead of dumping everything in from the beginning and then trying to sort it out, triage-wise. If you add types of sources or tools to it one at a time, instead of "everybody into the pool" right away, that really helps you. That way it allows you to get your handle on the smaller piece of the pie first and then work your way forward.

    As for what to start with, it depends on what you're pushing to them. I didn't start necessarily right away with the MDR, but I did have my endpoint protection being looked at by them, at least. Then I added in my SIEM, which added to the overall complexity level. Unfortunately, I didn't have one completely finished before I added the next and that slowed me down a little bit. That was too much for one person to try to handle all by himself.

    The biggest lesson is that even if you have a small team and limited resources, you can actually be effective as a company, from a security program standpoint, by using their service.

    My expectations have been more than met in terms of service delivered on time, on budget, and on spec from CRITICALSTART.

    Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
    PeerSpot user
    Buyer's Guide
    Download our free CRITICALSTART Report and get advice and tips from experienced pros sharing their opinions.
    Updated: August 2022
    Buyer's Guide
    Download our free CRITICALSTART Report and get advice and tips from experienced pros sharing their opinions.