CRITICALSTART Reviews

Our primary use case is to gain the ability to monitor our systems more thoroughly. We are looking for it to address the overload of information from security monitoring systems.

Everything is cloud-based and other than the security agents that are installed on those systems, we also use Cylance Protect, and Carbon Black Response.

The quick interaction between the agents is the most valuable feature. If we have questions, they're quick to answer. If we make a change to our system, they quickly make the changes that are necessary to filter the logs correctly.

They do trusted behavior registry. They filter out the unnecessary stuff and present us with the things that are interesting and let us determine the validity of that type of action in our environment.

We get probably 10 or 12 escalated alerts a week, and there are hundreds or thousands of transactions that would need to be filtered otherwise.

The mobile app is a nice way to get quick access to something when I don't have access to the full system. It's a good way of accessing all the data that I would need when I'm remote. The mobile app gives me more comfort in that I will be alerted if there is something going on, even when I'm remote.

CRITICALSTART makes us much more comfortable with knowing someone else is watching our data and our systems and knowing that professional security people are taking a look at any issues that do arise.

The new UI seems a little slower but some of the functionality is a little bit quicker to get to things in terms of navigation. It has made it easier to respond to escalations. The alerts are displayed in a way that makes it simpler to respond. The response dialogue is right on the screen.

In terms of transparency, it seems like all the data is available to us. It affects our security by allowing us to see what they are doing in terms of filtering and making sure that we agree with all the filters that they're adding.

CRITICALSTART has increased our analyst's efficiency to the point that they can focus on other areas of business. We implemented some of these tools at the same time we started with CRITICALSTART. Some of that wasn't being done before, but now it is being done and we still have the time to do other things.

It also takes care of the tier one and tier two triage. It saves my team around 10 hours a week. 

I think that the provider contractually committed to paying a penalty if it misses a one hour SLA to resolve an escalated alert. But it wasn't a huge deal for us. It wasn't a critical thing that we looked at. So far, they haven't missed such SLAs, as far as I know. It has yet to miss an attack. 

We chose not to integrate data sources due to the cost of our firewall logs. They would have been able to ingest them through a SIEM had we wanted to.

The UI has become slower but it's not something I would call them out on. 

I have been using CRITICALSTART since January of 2020.

We communicate with support mostly via the tools, via email and their security application. There is somebody available 24/7. They add a lot of value in terms of being there 24/7 and having access to the data and access to their knowledge base of issues.

Their support is fast, thorough, and easy to use.

We just had to get the security agents installed on the systems that we wanted to use it on.

The process was quite simple and straightforward. We were able to push out the agents with group policy and that made it simple to get everything installed.

Two of us were involved in the setup. I am the Director of IT and my colleague is a network administrator.

Three of us use this solution. The other one would be the chief product officer.

In terms of the size of our environment, it's on over 200 endpoints. We are adding a few machines, but it's close to a 100% adoption rate. 

The implementation was very straightforward. We didn't have any real problems with the product management side.

We have seen ROI but I can't explicitly say what. We've been able to easily manage the security information and alerts coming out of the products without having to deal with them on a day to day basis.

The price was less than I would have expected.

We did evaluate another solution but we like CRITICALSTART's pricing and we liked the people that we were working with.

Our expectations have been met in terms of services delivered on time, on budget, and on spec. The implementation went as expected. The pricing hasn't been an issue. Everything went as was decided at the beginning. Everything has gone through as I would expect.

I would rate CRITICALSTART a ten out of ten. 

What I was looking to achieve with this service was to have less work on my plate, and to leverage people. Usually, when you buy a big product like an antivirus or endpoint protection, if it's a big solution and you have a big company, you need another person to just manage it or things like it. We didn't have those resources. We got the antivirus product, but we didn't have another person to add to it, so I needed someone to help me manage it.

CRIICALSTART is helping me manage this solution because I don't have time to manage it.

Originally, they were managing CylancePROTECT for us. Now, they manage CylancePROTECT, Carbon Black Defense, and Palo Alto Cortex XDR for us.

They take work off my plate and that frees me up to work on other things. The fact that I have time to do more of my job isn't game-changing for my company, but for me it's a huge deal. Otherwise, I'd be spread so thin. What would have happened if we didn't CRITICALSTART is that I would either have been getting thousands of alerts a day and having to ignore everything else, or we would have used a different security product that is less noisy but also less secure. And then, maybe, we would have been compromised and not even know it.

Our expectations have been met in terms of services delivered on time, on budget, and on spec. When you sign up with them, they tell you they're going to cut your alerts down by 99 percent, and they did that. They did that with Carbon Black Defense and they did that with XDR. That's all I could really hope for.

The most valuable feature of their service is their tuning. All the service really does is get things to the point where we get fewer alerts sent to us. If we were getting 1,000 alerts a day without them, they tune it until they know what to do for 999 of them, and one will make it through to us per day. That tuning is the most valuable part of their solution.

When we had Carbon Black, we were getting at least one escalated alert a day, maybe more, because it wasn't able to be tuned the same way that other services can be, or maybe Carbon Black itself alerts that much more. With Cortex XDR, we're only getting about one escalated alert a week, or one a month. It's much less.

They just did a user interface overhaul to the website portal that you use for troubleshooting tickets. The old one was fine. The new one is not intuitive and I hate it.

It's an information overload issue. When you go there, there is a bunch of stuff to look at. I had to get a walkthrough last week because I didn't know how to get to the one screen that I'm looking for when I use it, the one that shows the tickets that I have and the tickets that I don't have. I couldn't figure out how to get to that. In the middle of the main screen there's a little button that'll take you there. And at the top there's a search bar and a filter that helps you find tickets that are assigned to your organization or their organization, tickets that are open, tickets that are closed. But it's not intuitive.

I have been using CRITICALSTART for one-and-a-half years.

If they expanded the scope of what they can ingest and did so at good pricing for managing other services and remediating other issues, I would definitely look into expanding our usage. At this point, I don't know what else they take in, other than endpoint protection.

From a project management standpoint they have performed very well. They're very organized. They're very reliable and responsive. Their customer support is a 10 out of 10. I'm always happy to hear from them and see them.

I haven't had any problems since they've been managing XDR, but back with Carbon Black I had a lot of problems trying to understand why something was being alerted this way and why this or that was being blocked. They helped me troubleshoot all of that stuff as well. And they do it within their SLA. It's nice to have that insurance that they should be responding within an hour.

This is the first time I've used a managed service provider for managing anything like endpoint protection.

There was an initial setup required at our end to use their service and they helped me take care of that. It was very straightforward. There were a few settings for me to change and there were a lot of settings for them to change, and they just remoted into my machine and helped me do it. Either way it was not rocket science for me.

We've used this service with three different products. For the first one, CylancePROTECT, there wasn't a portal for me to log into. That was all behind the scenes. We didn't get to know what was happening. They just took care of everything. 

When we had Carbon Black Defense, we had the old portal, but that was a year-and-a half-ago and I don't remember how long it took to get set up. It hooked in pretty quickly. 

With Palo Alto Cortex XDR, we were either their first or one of their first customers to use that service, so it took a little bit longer to get everything set up correctly, even though we were already connected to them through the old service. We were in the system immediately, but we weren't in full-on production mode for about four-and-a-half months. That's not that bad because they were actively managing it until then.

I looked at Arctic Wolf. There were some others as well. But the pricing of other services was so insane that they weren't even an option. And they don't do exactly the same thing. CRITICALSTART has a narrow scope that fit our requirements. I had a problem and CRITICALSTART specifically works with that thing. I don't know if they do other stuff now, but when we started working together, pretty much all they covered was antivirus.

If you have people who already do this at your company, and they're paid well and they know what they're doing, and you have multiple products like this that they can manage, then you don't really need CRITICALSTART. But if you are a small group of IT people trying to support an entire company and you have a crazy, complex product like CylancePROTECT or Carbon Black defense or Palo Alto Cortex XDR, or anything like that, then it's probably better to leverage an expert company like CRITICALSTART.

The only data source we are using them to manage is our antivirus and they integrate with that. I don't know if they would have been able to integrate with our other data sources. We didn't try that.

I have used CRITICALSTART's mobile app but I haven't used it lately because we get so few alerts that I don't really need it. A lot of people use the mobile app for when they're home on the weekends and they need to get stuff remediated quickly. We don't have people working on the weekends, usually, so it's not a huge issue for us. If my company is working, I'm at my office and at my computer already so I don't need the mobile app for that.

The mobile app has the basic features that you need to use their service. I don't remember if it lets you link to the service they're managing; for example, I don't think there's a link to the Cortex XDR app from CRITICALSTART's mobile app. So you can't really dig deep into anything on there, but that's not their fault. It's just because you can't do that, period. But for quick remediation or quick alerting, it's perfect.

I haven't spoken to CRITICALSTART's analysts lately. During implementation, we had weekly meetings. Usually I only talk to them when things aren't going well, so the fact that I haven't talked to them in a while means we're good. But they were always available when I needed them. If I needed them quickly, they could join a meeting within a day.

Out of all the service providers I've had to work with over the years—I've been here six years—CRITICALSTART is my favorite to work with. I see them at almost every convention that I go to, no matter what city I'm in. I'm always happy to see them and they always recognize me. I feel like that's worth something when you're looking for someone to work with. They have a personal touch.