IT Central Station is now PeerSpot: Here's why

CRITICALSTART OverviewUNIXBusinessApplication

CRITICALSTART is #2 ranked solution in SOAR tools and MDR Services. PeerSpot users give CRITICALSTART an average rating of 9.6 out of 10. CRITICALSTART is most commonly compared to Palo Alto Networks Cortex XSOAR: CRITICALSTART vs Palo Alto Networks Cortex XSOAR. CRITICALSTART is popular among the large enterprise segment, accounting for 49% of users researching this solution on PeerSpot. The top industry researching this solution are professionals from a computer software company, accounting for 37% of all views.
CRITICALSTART Buyer's Guide

Download the CRITICALSTART Buyer's Guide including reviews and more. Updated: August 2022

What is CRITICALSTART?

The cybersecurity landscape is growing more complex by the day with the arrival of new threats and new tools supposedly designed for combating them. The problem is it’s all creating more noise and confusion for security professionals to sort through.

CRITICALSTART is the only MDR provider committed to eliminating acceptable risk and leaving nothing to chance. They believe that companies should never have to settle for “good enough.” Their award-winning portfolio includes end-to-end Professional Services and Managed Detection and Response (MDR). CRITICALSTART MDR puts a stop to alert fatigue by leveraging the Zero Trust Analytics Platform (ZTAP) plus the industry-leading Trusted Behavior Registry, which eliminates false positives at scale by resolving known-good behaviors. Driven by 24x7x365 human-led, end-to-end monitoring, investigation and remediation of alerts, their on-the-go threat detection and response capabilities are enabled via a fully interactive MOBILESOC app.

CRITICALSTART was previously known as Critical Start.

CRITICALSTART Video

Archived CRITICALSTART Reviews (more than two years old)

Filter by:
Filter Reviews
Industry
Loading...
Filter Unavailable
Company Size
Loading...
Filter Unavailable
Job Level
Loading...
Filter Unavailable
Rating
Loading...
Filter Unavailable
Considered
Loading...
Filter Unavailable
Order by:
Loading...
  • Date
  • Highest Rating
  • Lowest Rating
  • Review Length
Search:
Showingreviews based on the current filters. Reset all filters
Cyber Security Manager at a energy/utilities company with 1,001-5,000 employees
Real User
Offers the ability to close review tickets or alerts through a mobile phone and to interact with engineers on their side via the app
Pros and Cons
  • "My impression of the transparency of the data is that it has good detail. It allows you to see how many events have come in, how many of those events have made it down to their analysts to review, and then however many from their analysts to be able to close out, have been able to been escalated to us. It's a good metric that we can share with my management. They see the value of what the SOC is bringing on top of what my team is already doing."
  • "They could dig a little bit deeper into the Splunk alerts when they feel like they need to be escalated to us. For example, if a locked account shows up, they could do a little extra digging to verify that the locked account was due to a bad password on the local system. They could just do a little extra digging within the Splunk environment instead of pushing it onto us to go do that extra little digging."

What is our primary use case?

We're a small shop on the security side and our goal with CRITICALSTART was to alleviate some of the constant looking at our phones 24/7 and allowing somebody who is actually sitting in front of a computer 24/7 to handle the front end alerts that come through our automated services or systems. As those come in, we wanted them to be able to escalate to us as seen fit. We were looking to weed out the lower priority, false-positive portion of the alerts.

Due to our size limitations, we needed assistance with the lower level alerts so that we could focus with the real, priority alerts. Because of the use cases that they've built up in some of the logging systems that we already had they were able to amplify the type of alerts that we were getting in a way that gave us better and more visibility than we were receiving beforehand.

All of the hardware and software that we were already utilizing was already in place. We were able to offload the management of our Splunk environment. CRITICALSTART began to manage this for us. That alleviated a good portion of one of my analyst's time, to where they didn't have to manage that them self by allowing CRITICALSTART to manage it. We have it 24/7 so if something was to go wrong, they can look into it.

How has it helped my organization?

Sometimes the hardest part of showing a ROI with Security in general, is the fact that when you do not have an incident there.  Then comparing that to when a peer has an incident, and how much you are saving because of the tools in place to prevent specific types of attacks. 

My impression of the transparency of the data is that it has good detail. It allows you to see how many events have come in, how many of those events have made it down to their analysts to review, and then how many have been escalated to us. It's a good metric that we can share with my management. They see the value of what the SOC is bringing on top of what my team is already doing.

CRITICALSTART does not take care of the tier one and tier two triage on the Splunk integration that we utilize. If we move to the endpoint integration, then it could by providing the ability to lock down a system and providing additional contexts that Splunk logs are not capable of. But as of right now, no. That's just because of what we decided to go with on the first round to give them a shot by doing the Splunk integration.

They haven't missed a one hour SLA to resolve an escalated alert as of yet. We haven't had to enact on their commitment to pay a penalty. It's supposed to be that they will deduct it from our renewal rate.

This type of SLA commitment was reassuring. But I was already well established with CRITICALSTART long before deciding to go with them on the MDR. My relationship with them was what really drove this inner engagement. I used them for other services such as with Pen Testing, architect,  and  purchasing equipment.

What is most valuable?

The ability to review and close out tickets or alerts through our mobile phone and being able to interact with engineers on their side via the app are the most valuable features. That's been one of the more beneficial components.

So far, the mobile app has been great. We've been able to reply and interact with them through it. The collaboration is very cohesive.

Nothing will help me solve every alert by any means. We don't do a lot of remediation through CRITICALSTART. We're doing more detection because we do Splunk integration. Whereas, if we were doing the endpoint integration like Microsoft Silence or SentinelOne they would have the ability to lock down a computer-based on that and probably get more insight than what they get right now. The trusted behavior registry does give us the ability based on the alert logging we have with Splunk to dig in a little bit deeper and to even know that something that was an anomaly even occurred. Whereas, before we didn't have that dataset.

In terms of how many escalated alerts we receive in a week or a month, we would always get them during tuning. I would say that we would probably get about a couple of hundred alerts during any normal month, if not a week. It just depends. However, when we moved to CRITICALSTART, we found that we could turn anything on and give them a little bit more information. Of course, until that gets tuned down and we find out what's normal versus not normal in our environment, it is a little chatty. For example, we turned on a certain logging type for our command line and our alerts increased by around double, if not two and a half times but it ended up being a false positive. We just had to go in and ended up tweaking it or filtering it out. It helps decide those alerts but for the most part, it's dropped our alerts down by around 50-75% and we're able to focus on the more important things.

We have decreased a lot of these other alerts that we're able to filter out through CRITICALSTART. With their integration into Splunk, they've been able to add new alerts that we never had set up prior, so it's increased. Whereas, one area might have decreased and another area has increased. Now, we have the visibility of seeing when people don't change, they're having a hard time changing their password or if someone's being added to a local administrator group, things like that. We're getting more visibility than we had before. For those types of things, there's nothing CRITICALSTART can do. So we have those sent right over to us. And we'll work it out on our end and investigate it because they don't know who was added to what. It makes no sense for them to be able to try to work those.

For the most part, using the mobile app to talk to service providers has been pretty responsive, they usually respond within a couple of hours. I would say that before they respond, they typically will do their own homework, which is why it probably takes that long to get their response to investigate. If we escalate it back to them to do filtering, they're pretty quick about getting it.

It definitely alleviates workload because now if we filter out something, for example, if we find that a CID is based on a security group for something that's allowed to be put anywhere in our environment, like an elevated group or a privileged group, then we don't ever need to see that. It doesn't need to come to us so we filter it out. Now, if we've been getting 10 or 15 tickets because of that, we filter it out and we don't see it anymore. Or if there's some change in the way that Microsoft operating system works and it initiates a lot of command-line processes that are alerting because of the way that they're being handled by the operating system, but we know it's not a true positive, but a false positive, we'll filter that out and that'll drop our alerts dramatically.

In terms of the intuitiveness, they are still working out the bugs in the new version because we're testing that out. When I say bugs, I mean that there is still a little bit of slowness. But because they're still working on it, I'm giving a little grace in that aspect. Overall, intuitiveness is great. I've noticed that over the last week or so the response time has actually increased, so that's good. They're still working on it. It's not primetime but the intuitiveness is pretty slick. Responsiveness is a work in progress. 

The updated UI allows us to respond to escalations. It's able to close out tickets or review them a lot quicker because it's all within one interface. If we received the email alert, we already know exactly that this ticket just needs to be closed out because we've already investigated it. Before, we'd have to go click in it, go into that specific alert, and close it out. There were three or four steps. They've removed those two or three extra steps and made it to where you can do all of that from the initial page.

We've been able to integrate everything that we need to integrate. 

What needs improvement?

They could dig a little bit deeper into the Splunk alerts when they feel like they need to be escalated to us. For example, if a locked account shows up, they could do a little extra digging to verify that the locked account was due to a bad password on the local system. They could just do a little extra digging within the Splunk environment instead of pushing it onto us to go do that extra little digging. We actually created dashboards for our help desk group to be able to hunt down locked down accounts. We've asked CRITICALSTART to start using that as a means of validating the lockdown accounts before they just start escalating them to us.

If we go down the endpoint protection route, then I could probably have other input after I've used that for a while.

Buyer's Guide
CRITICALSTART
August 2022
Learn what your peers think about CRITICALSTART. Get advice and tips from experienced pros sharing their opinions. Updated: August 2022.
622,358 professionals have used our research since 2012.

For how long have I used the solution?

I have been using CRITICALSTART for almost a year.

How are customer service and support?

I would say technical support is an A+. They respond quickly and they're quick to help find a resolution, especially in the Splunk environment. 

Sometimes I'll ask them why a certain alert went off and they'll tell me it was a false positive and that they're cleaning it up. They're a little vague in their responses because they have to be generic in how they respond to it. It's not the answer I always want. But I understand why they're giving that answer, as not every environment will be the same nor is every situation.

Which solution did I use previously and why did I switch?

We did everything in-house.

How was the initial setup?

From the time we entered into an agreement to use the service it took a couple of months until we were able to start to fully utilize it. But I don't know if it's fair to say that's their same practice now. I say that because I feel like their project management for the MDR is night and day different from what it was when we first started, versus what it is now. Their leadership has changed, their structure has changed. So they've got a better handle on their project management onboarding side than it used to be.

We ended up migrating all of our Splunk environment out to their infrastructure for them to take over and manage. That took about a month to be able to get everything onboarded properly. Therefore, for a period of time, we were utilizing two Splunk dashboards. One on-prem and one in the cloud. We had a couple of hiccups along the way, but it wasn't people skills but technical issues. We've been able to get those migrated over and now it works great.

There were three of us involved in the setup, along with assistance of CRITICALSTART.

Splunk has a lot of integration with different toolsets by the way that it ingests logs. We've got several of our toolsets that integrate directly with Splunk, which then create those use cases that they take and ingest into their toolset.

Their new leader over the project management group came in. We were one of the first projects that he took over and started running. Shortly after he completed ours, he became their director over the project management group for the MDR. He's done a really good job. He did a good job for us and he understood our frustrations and made sure to clean it up and listened. 

What was our ROI?

We have seen ROI with CRITICALSTART. Being able to alleviate a lot of the alerts has allowed my team to have somewhat of a life. It's not the same kind of ROI that we would see for the organization. It's more of an ROI for the livelihood of my team. And that sometimes is more important, especially when we have such a small team.

What's my experience with pricing, setup cost, and licensing?

I think pricing is fair. They're fairly priced. I don't think that they're over. I don't think that they're undercutting other people. I think that they find that they do it at a value that is equal to what they do.

Which other solutions did I evaluate?

I went off of peer reviews. The other vendors didn't meet my expectations or my criteria but that doesn't mean that they don't meet somebody else's.

There were two or three other ones that I spoke with and talked to, but after speaking with them, or consulting with other peers in my arena, they just weren't there. They didn't have a consistent way of doing things, because they were too willing to bend over backwards for every one of their clients.

It causes their playbooks to be out of whack way too much. What happens is because engineer A is consistently bending over backwards to do whatever it is that you want, but then he gets sick or leaves, and then engineer B comes in and doesn't know the playbooks or know how they handle things. And next thing you know, you're getting frustrated because of that. It would be almost like having to train a whole new teammate.

What other advice do I have?

I love the fact that they were local to the DFW area because I know them and they know me. When I've had to have some heart-to-heart conversations, it's simple enough to have a face-to-face meeting with their leadership, break bread, and have some pretty direct conversation.

And they listen. They express why they handle things a certain way, but they are willing to listen and see how they can integrate, modify, and change, not to just accommodate the customer, but also to make it consistent amongst all of their customers. That's the other thing that I'm very big on a proponent is, if I'm doing something, I don't want to do it just for me. I want to make it better for all the other customers that use that product.

After a year of using the service, our expectations have been met in terms of services delivered on time, on budget, and on spec. I'm ready to take it to the next level. I'm ready to do the endpoint protection integration. Unfortunately, that costs more money so I've got to get that approved.

My advice would be to make sure that you know what it is that you really want done. Understand what your use cases are as an organization before you get a jump in with anybody. Ask very direct and hard questions to those that you're meeting with. Take it beyond the sales engineer or the sales guy. Ask for meetings with the leadership of the MDR Service, they're willing to meet with people, to have those good conversations about what the services are.

When I first went into it, I thought it was machine learning that was handling Splunk integration. I found out after the fact that it wasn't. It was use case build-outs that they built as alerts within Splunk that did correlation. And then based on those correlations, or use cases as they call them, they are ingested into Z-TAP, and Z-TAP then looks at filters. If it doesn't meet a filter, then it gets populated down to an analyst. If the analyst finds that it needs to be further investigated by the client, then they escalate it down to us.

Whereas, with an endpoint integration, that is machine learning. I think that was the misconception in the way that it was described and explained. That was one of the direct conversations that I had with them. Was that going into it, I thought that Splunk was machine learning as well but then I found out after we integrated it and asking some very direct and hard questions to their implementation people, that it wasn't. They explained to me why it can't be or why they're not there yet. Needless to say, that was one thing that I wish was better explained and articulated, and they now know that.

Unfortunately, machine learning is the future for this type of service. The way that technology is progressing and the more and more the bad guys are utilizing machine learning themselves on how to build out malware and attack situations, if you're not using machine learning in certain aspects, you're behind the game or you're doing it the old school way. Which is not saying that the old school way is bad, it's just slower.

I would rate CRITICALSTART an eight out of ten.

Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
PeerSpot user
Director of Infrastructure and IT at a energy/utilities company with 51-200 employees
Real User
They know our environment so we can engage them in problem-solving right away; they don't have to get "up to speed"
Pros and Cons
  • "There are two parts of CRITICALSTART's services that are most valuable to us. The MDR solution where they monitor our computers, laptops, and users across the board; and their knowledge of Palo Alto firewalls."
  • "There is room for improvement with the new UI, and that's about it. I would like to see a more intuitive design."

What is our primary use case?

We needed a company with expert solutions in the security field. We needed to secure our internal network, external users. CRITICALSTART has resources and know-how in those specific areas. The second part was that we needed assistance with security, hardware support, and implementation of Palo Alto firewalls, and they are the experts in that too.

There are additional features on the Palo Alto firewalls, security on the level of the apps. The users cannot go to certain places. There's a service that gets set up so we don't have to manage it; there is an automatic shield on those firewalls. Software-wise, we use CRITICALSTART to manage the ZTAP (Zero-Trust Analytics Platform). They manage an antivirus solution for us by Cylance and another protection level is Cisco Umbrella. They manage and monitor our systems with their MDR solution.

For example, alerts come in from the Cylance antivirus to their systems and the CRITICALSTART team informs us and helps us combine the white lists, the black lists, what's allowed, which machines are behaving abnormally, and they monitor various aspects.

It is deployed to over 100 people within our company. That is the user base.

How has it helped my organization?

In terms of the MDR, if we didn't use CRITICALSTART, we would have to hire a full-time person to sit and do that job. It frees up resources. It's far less expensive for the company to hire CRITICALSTART instead. And CRITICALSTART has a large knowledge base in the field, whereas we would have to learn within our company how things work. With CRITICALSTART, we tap into the knowledge of all the companies that they manage. It's definitely a win for us.

There was the initial adjustment period, as every environment is different. Initially, they came in and looked at our stuff, our alerts. We tweaked things a little bit, but then we could tell that out of thousands, or even hundreds of thousands of alerts, we were only getting, say, 10 tickets per week from CRITICALSTART, if that. The rest of the things they handle automatically, or their system handles them automatically. It really frees up our time quite a bit.

It allows us to free up our resources. We don't have to get into the super-deep details of the alerts if something is happening. They bring a vast knowledge of the threats to the table. We don't have to research them ourselves so it frees up our time.

And they've previously seen the resources we use for the Palo Alto designs, and they know our environment because we have a person that deals with us directly. It's so much easier to work this way, versus if we were to hire somebody from a large consultant like CDW or Softchoice. With a third-party like that there's always a learning curve — you have to invest so many hours first — before you get to the problem. With CRITICALSTART, we can engage them right away with problem solving. There's no onboarding every time. They already know what's going on.

We have a SCADA system which is something that our field team operates 24/7, all year round. It's a pipeline. We have the Cylance umbrella solution on those critical machines and if something gets blocked by an error we get an alert right away on the mobile phone. We respond and CRITICALSTART comes in and makes live changes. That prevents us from having any downtime due to a blocked file on some system. If it's a bad file, it will get blocked, obviously. That's great. But if it's a false positive, we are able to get CRITICALSTART, using the mobile app, to respond right away and prevent downtime of the SCADA system.

What is most valuable?

There are two parts of CRITICALSTART's services that are most valuable to us

  • The MDR solution where they monitor our computers, laptops, and users across the board. 
  • Their knowledge of Palo Alto firewalls.

And their mobile app is actually our preferred method of interacting with them. We get notifications and can reply to tickets on-the-go. I don't think there's any other solution that offers such a thing. It's super-useful. Everybody's got a web portal, but this mobile app is quite something. It's pretty cool.

The mobile app is self-explanatory. You have a ticket or you get a notification and you can chat or submit information. You can talk to their team on-the-go. It's very convenient. If you go farther, you can look up tickets and you can look at the assigned statuses. There's more to it; it's a full-blown app. Maybe there are a couple of features that are easier to use in a web browser with a larger window, but I think it's pretty full-featured. You can change tickets, you can assign the queues, you can post a reply. You can look at the details. The whole thing is there. For us, the main thing is that when there is an alert we can act on it right then.

We also talk with CRITICALSTART analysts, two folks in particular. Their response time is very quick. If they cannot talk to us, we get a reply from them anyway. We don't have to wait around. The response time is very good in comparison to larger companies. CRITICALSTART is fairly large, but there are larger companies where you send a ticket, request support, and you're not sure who's going to get the ticket, who's going to respond; you're not sure when that is going to happen. It's always a waiting game. With CRITICALSTART, it doesn't look that way. They give you a personal approach. Their folks are always available. That makes us more likely to do business with them.

When it comes to the transparency of data in the platform, everything is there if we want to look at it. We really don't get too much into it, but if you want to look at it, it's all available. They show the details; they show how they do it. If you want to know if they're lying to you or not, you can look at the details and the facts they base their decisions on when blocking certain things or monitoring certain stuff. It's pretty transparent. It's very trustworthy. It gives us confidence in the decision-making process, because we see how things are done. It gives us peace of mind.

What needs improvement?

There is room for improvement with the new UI, and that's about it. I would like to see a more intuitive design.

For how long have I used the solution?

We have been using CRITICALSTART for two years.

What do I think about the scalability of the solution?

We don't have plans to increase usage for now. We're happy with it and we renewed for another two years.

From a project management standpoint their performance has been very satisfactory. We deployed seven sites. Those were new sites due to expansion that we went through and CRITICALSTART was on each one of them. We involved them and we had success every time.

How are customer service and technical support?

The customer support is great. Our expectations have been met in terms of service being delivered. We have met all deadlines so far.

The main thing would be the roll-out of those sites. We could schedule something at fairly short notice, like only three weeks ahead, and we were able to book them. They were available to fly with us for the site deployment, if needed. They were also able to deliver hardware in that short period of time. Three weeks is super-fast for obtaining hardware and booking a person who is able to do a project.

Which solution did I use previously and why did I switch?

We used in-house solutions and it was more involved. There was more time spent with longer project timelines. With CRITICALSTART, we were able to get delivery and get things done quickly.

How was the initial setup?

From the time we entered into an agreement to use CRITICALSTART until we were able to start using it, things were wrapped up within a month. There wasn't any type of initial setup required at our end to use the service. It was just me involved in the setup, on our side.

We don't have any data sources that their service wasn't able to integrate with. They provide a full-blown spectrum of anything you want. Whatever you want, they can deliver.

Which other solutions did I evaluate?

We looked at other solutions that other folks provide and nobody came close. We had previous experience. We had acquired three other companies in a similar business line to ours, and those folks recommended it. So we had a meeting with CRITICALSTART and we discussed a few things, and it seemed like they were the ones to go with.

The main difference was the value you get for what you pay. You can't beat it. As far as the expense goes, it's very competitive pricing and the services you get are almost like you have a person on your team.

What other advice do I have?

The new web portal they implemented is quite robust. It's very next-generation, but it does need small tweaks. You have to get used to it and learn a little bit about it. That's why I prefer the mobile app. The mobile app seems to be more straightforward. The new UI has more advanced features but you would have to click around and learn a little bit more. It's not as intuitive as the mobile app, but the functionality is there.

As for their contractually committing to paying a penalty if they miss a one-hour SLA to resolve an escalated alert, we have never run into that situation. They haven't missed an SLA in two years.

They offer a very personal, connected experience. I don't know of any other company that has that kind of a personal touch to either its services or its MDR solution. That was the decision-maker for us. 

This has been a positive experience and money well spent. If we had to do it again, we would gladly choose the solution that CRITICALSTART provides, versus going with other solutions or using something in-house where we would probably have to spend double what we are spending now.

Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
PeerSpot user
Buyer's Guide
CRITICALSTART
August 2022
Learn what your peers think about CRITICALSTART. Get advice and tips from experienced pros sharing their opinions. Updated: August 2022.
622,358 professionals have used our research since 2012.
CISO at a hospitality company with 1,001-5,000 employees
Real User
They take care of all first-line alerts, with eyes on glass, fingers on keyboard; they're doing the work, allowing me to focus elsewhere
Pros and Cons
  • "I also use their mobile app. It's very easy to use and very convenient to be able to respond to alerts wherever you are. I love the app. You can respond and communicate, per ticket, with their SOC in near real-time. The response is very quick."
  • "The updated UI is actually pretty bad. Regarding the intuitiveness, it is fairly easy to use, but the responsiveness, on a scale of one to 10, is a one. It's really poor performance."

What is our primary use case?

We needed a SOC operation, and we weren't going to build it in-house, so we were looking for exactly what they offer. They're an MDR service, and we were looking for somebody that would manage the SIEM tool as well as the endpoint management tool and have the ability to take action, when necessary, on endpoints and function as a full, hands-on SOC. That is why we selected them.

The service doesn't require us to make use of any hardware. The software required is Splunk, as a SIEM tool, which provides options as to how it's managed. We opted to have CRITICALSTART fully manage it, so we're hands-off with the SIEM tool, and it's hosted in AWS. Then you have to have an endpoint endpoint detection tool that CRITICALSTART has approved. I don't know what their current selection is, but a year-and-a-half ago it was either Cylance or Carbon Black. We're using Cylance.

Our use of the service covers 100 percent of our endpoints. We're covering 1,100 endpoints.

How has it helped my organization?

We didn't have a security team before. If I were to say the service had improved our organization, it might lead you to think we were doing security a certain way before, but we weren't. I came into the company as the first security professional for them.

The service has increased efficiency for me to the point that I can focus on other areas of the business. Again, as a department of one, and not having to attempt a one-person SOC operation, I'm able to focus on the strategic security posture, the architecture, for the company, and focus on where our keys to the kingdom are. I can also pay attention to compliance, which is part of my role. I'm able to do my job because I have this outsourced SOC.

What is most valuable?

The most valuable part of the service is that they are 100 percent taking care of all first-line alerts. With eyes on glass, fingers on keyboard, they're doing the work. If they have a question, or they haven't seen something in our environment before, then they will escalate it to me. The service takes care of Tier-1 and Tier-2 triage. They actually provide a report that gives details on how much that saves us. I looked at it when we first started, and it was multiple FTEs, on an annual basis, that they're saving us.

I also use their mobile app. It's very easy to use and very convenient to be able to respond to alerts wherever you are. I love the app. You can respond and communicate, per ticket, with their SOC in near real-time. The response is very quick. I can close tickets, I can escalate them. I have very close to all of the capabilities that I have on my desktop. All the things that I need to do in a ticket, I can typically do them from the app. I am a one-man show. I'm the only security analyst for our organization. I couldn't really do my job without the app. I can't sit in front of a computer all the time, so it's critical for us.

I communicate with CRITICALSTART's security analysts. I haven't spoken with them over the phone, except for one time, in a year-and-a-half, but their accessibility is very high. I always receive quick responses to my escalated tickets. When I'm commenting, they're following up, and they're very fast.

I feel I have full transparency to their SOC. Anything I want to go look at, I can do so. I can see all of the comments and discussions that the SOC team has on behalf of us. I have full transparency.

In terms of CRITICALSTART contractually committing to paying a penalty if it misses a one-hour SLA to resolve an escalated alert, I honestly haven't looked at the contract in a year and a half, so I don't remember if it's monetary. I believe that it is. They're very proud of their SLA and not missing it, so I've not ever had an issue or concern or had to think about it. This high commitment to SLAs was our CIO's primary concern when we were looking at CRITICALSTART. After seeing their record, 18 months ago, of not missing a single SLA, it became a moot point. It was a concern at the time but they satisfied that concern.

What needs improvement?

The updated UI is actually pretty bad. Regarding the intuitiveness, it is fairly easy to use, but the responsiveness, on a scale of one to 10, is a one. It's really poor performance.

I have shared this next point with them already, but I would like to see a monthly report to talk about advancements or new alerts, anything to do with what we call IOCs — indicators of compromise. When there is anything that they have changed on behalf of their customers on the backend, they should say, "Hey, we have made these modifications. We're now looking at these types of alerts." It would give the customer a sense that they're actively looking for new IOCs. So I would like a monthly recap of what they have done, not specifically for me, but what they've done for all of their customers. That would be good.

For how long have I used the solution?

I have been using CRITICALSTART for a year and a half.

How are customer service and technical support?

I would rate the customer support, post-deployment, as highly as it can be rated. Their focus on doing the right thing for the customer is how you would hope that every company you deal with would respond to customers. They are 100 percent focused on doing the right thing for the customer, and they back it up. I've seen that multiple times.

In terms of project management, in the lifespan of managed detection and response companies, I'm an old customer now, at 18 months. Back then, the project management was poor and that was part of the reason our roll-out was delayed. CRITICALSTART took all of the necessary steps to revamp that department and correct their mistakes, and that's why we were compensated monetarily, as well. It was poor then, and I haven't had the experience of working with the revamped project management team, because I'm already established.

In terms of delivering services on time, on budget, and on spec, we're a little bit of a unique customer. I know that because we had some early growing pains. They did miss the scoping of our network, which did impact the budget. I brought it to their attention and they stepped up. From a monetary standpoint, they made it right, with no fight. They just recognized it. They have a great ability to put themselves in the customer's shoes and do the right thing on behalf of the customer without any friction.

Which solution did I use previously and why did I switch?

Prior to CRITICALSTART, we were a customer of Arctic Wolf.

It's really not even fair to compare the two companies, because Arctic Wolf was not a 24/7 SOC operation, even though they sold themselves as that. It was more like a managed SIEM service. They used a proprietary SIEM. I cannot say anything positive about that company. Not a single thing. Right from the time for migration and sending the SIEM tools back to them, it was a very bad experience. They don't do what CRITICALSTART does. Even though they try to market themselves as an MDR, they're really not an MDR. They don't manage the endpoint tool, so it was really apples and oranges.

How was the initial setup?

There wasn't really an initial setup required at our end to use this service. The implementation of the endpoint tool, in this case Cylance, was a requirement for us. That involved some GPOs and the Splunk forwarders that we implemented in our environment. But as far as man-hours on our side to do the setup, it was very low.

It was straightforward. Pushing out software is something we do. Creating GPOs to make sure that the correct data from servers was being pushed and directed to the Splunk forwarders was all typical, sysadmin-type work. Nothing was complicated.

There were no data sources that this service wasn't able to integrate with.

From the time we entered into an agreement to use them, it was about four to five months until we started using it, but a lot of that was dependent on our ability to get the product rolled out, and our activity for base-lining the system, or our environment. Some of that time span was us, and some of it was them, but they made monetary compensations for the delay that we had. While it didn't go as fast as we wanted, the end result was positive.

What was our ROI?

We are absolutely seeing return on our investment from CRITICALSTART's services. They're doing the job of a 24/7 SOC at a fraction of the price that it would cost me to run it myself.

What's my experience with pricing, setup cost, and licensing?

You get what you pay for.

Which other solutions did I evaluate?

Compared to the competitors that we looked at, CRITICALSTART had a longer history, even though they were a young company. I liked that they were not using proprietary tools in the environment. That allowed us the freedom to move, if we wanted to, to another provider. They were just ahead of everybody else in terms of maturity.

What other advice do I have?

In terms of advice, I don't feel that implementing this service is any different than implementing any other system into your environment. A lot relies on your project management skills.

I would attempt to test your MDR choices against a framework. The framework that comes to mind is the MITRE ATT&CK framework, which everybody is familiar with. Have realistic expectations about what vulnerabilities your MDR partner is really going to mitigate. That's the lesson I have learned.

In terms of CRITICALSTART's Trusted Behavior Registry and the way it resolves things that are known as trusted, so that the focus is on resolving unknown alerts, I'm obviously not looking at all of the alerts that they work on. But what they escalate to me, only the alerts that I'm seeing —which is a small percentage — if I were to rate them on a scale of one to 10, I'd rate this aspect at eight. There are a few things that slip through, things that they'll escalate that I know should not have been escalated, but it's a very small percentage of what they actually escalate. It's a very small percentage where I'll have to just say, "Hey, did you mean to do this one, because we've been through this before," or a virus total shows that it's 100 percent clean, so why did it get escalated? It's not common but it does happen.

The service missed a pen test, but I still have a high level of confidence with the data and the actions they take. We had hired a red team, so the situation was a red team test. Red teams are generally 100 percent successful, or very close to it. With them, you always expect to uncover the unknown. But I do have confidence in the tool and the data that they are looking at.

The number of escalated alerts we receive, compared to the number the service's Trusted Behavior Registry resolves, is probably less than 5 percent of the total.

Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
PeerSpot user
RyanCarter - PeerSpot reviewer
Vice President, Security at StackPath
Real User
Our analysts' efficiency has been increased, as we only need to pay attention to the alerts that are escalated to us
Pros and Cons
  • "Outside of using the platform to manage alerts, the feature of the service that we get the most value from is being able to reach out to them and say, "Hey, we might go buy a SIEM," for example. They give us their overview of what's out there, what they've dealt with, what they integrate with, and what that looks like. That's been pretty powerful over the years for us."
  • "It has frustrated us that they don't have a native Slack integration, because most things do now. That's something we've asked for, for years, and it just doesn't really seem like it's a priority."

What is our primary use case?

The challenges we were looking to address were mainly around making sure that my team wasn't overloaded with alerts and that we could tune out things we don't care about or that aren't important to us at that particular time. That was really what I was trying to accomplish, since I knew I wasn't going to be able to build out a team large enough to be 24 by seven.

How has it helped my organization?

Before we really had anything in place, or when we didn't use them in a managed way, we felt overloaded with issues like: "How do we deal with all these alerts?" "Is this a problem? Is this not a problem?" "Are there other customers that are also experiencing this?" It was pretty easy for us to justify paying a little bit to get some help on those things and get the benefit of their experience with the other customers they have on their platform.

In terms of the transparency of data on the platform, what comes to mind is that I've asked them a few times, "Hey, we've got this weird alert that you've escalated to us and we don't really know what to think about it. Have you had any other customers that have experienced it?" Obviously they're not quick to say, "Oh, well, Company XYZ had the same experience," and for good reason. But when asked, they're usually pretty good about saying, "Yeah, we've had some other customers that found this, or we've worked with them to determine it was this or that." Some of that you get upfront, but there are times when you do have to prod to get more information about something. Once we learn more about it, it affects our security operations because we're pretty small. So if I know that a large organization has spent time on this and had other analysts looking at it, analysts who have determined it's this and that, I'm going to lean toward what they found. I often just don't have the resources to do that myself, or it may be because I have respect for the security organization of that company. It's definitely valuable.

Using CRITICALSTART has increased our analysts' efficiency to the point where they can focus on other areas of businesses. That's definitely been a benefit of the whole thing. Instead of worrying about every little alert coming in, we really only pay attention to the ones that we need to pay attention to, the ones that are escalated to us. Otherwise, we would just be thumbing through thousands of things that likely don't really matter that much.

We have different groups throughout our company that use the equipment that we give them in different ways. So we've reached out to CRITICALSTART to build out groups and we can update those groups ourselves with different peoples' usernames. That way we can say, "All right, Nmap for the engineering group is always allowed. Don't ever alert us about that," or perhaps we make it a low alert as opposed to high. But if it's any other group, or if a user falls outside of those groups, we want to know. And that's been really useful for us in bringing down the number of escalations to us, things that would pop up as "high" at 8:00 at night, because some guy's running Nmap or something similar.

CRITICALSTART also takes care of Tier-1 and Tier-2 triage. In terms of time saved, I've always assumed that if we did this ourselves, I'd have to have at least a minimum 24/7 staff, or at least a few shifts throughout the day to cover the amount of things that would have to be researched and looked at.

What is most valuable?

Outside of using the platform to manage alerts, the feature of the service that we get the most value from is being able to reach out to them and say, "Hey, we might go buy a SIEM," for example. They give us their overview of what's out there, what they've dealt with, what they integrate with, and what that looks like. That's been pretty powerful over the years for us.

And when it comes to the alerts, they get the number of them down and only alert us about what we really need to know about. We get about a dozen or so things escalated in a day. Most of those are low alerts.

We chat with CRITICALSTART's analysts back and forth with comments or when we escalate things back to them. Occasionally we'll open a support request for a feature or we'll have a question about something and we may converse with them over that. Their availability has always been pretty good, especially when it comes to escalating to the SOC directly. We get responses pretty quickly.

I've used the updated user interface about a half-a-dozen times. I felt like it was going to take a little bit of getting used to it, but it did seem like it was pretty quick. It had more of the data right in front of me that I usually want, as opposed to clicking around to go find it. So far I have nothing but positive things to say about it.

What needs improvement?

We've had a little bit of frustration with some of the alerts that we receive because they're not as high-priority for our type of organization, as we are very engineering-heavy. But I can understand from their perspective, if a bank were a customer, or some other organization that doesn't have a lot of heavy engineering folks who are in a command-line and running all kinds of tools, the service would be much more valuable to them. But that's one of the main frustrations we've had: Trying to find ways to tune that out so that we can say, "Look, for this group it's normal for them to run a ping or Nmap or the like, but if accounting does it that's a problem.

Also, it has frustrated us that they don't have a native Slack integration, because most things do now. That's something we've asked for, for years, and it just doesn't really seem like it's a priority. The workaround is that we just have it sent to an email and you can email into Slack. Of course, email through Slack is not very good, but that's our workaround. We set that up ourselves.

Where CRITICALSTART could potentially grow is on its internal compliance, and maybe how they disclose how they secure data. All of that could be a little stronger. I pushed them on that early on, and they did provide some information, but like I'm doing with us — we're ramping up our compliance efforts too — that's where I'm likely going to have to push them in the future to make sure that they're at least meeting the minimums that we have, because they are seeing data from our employees.

For how long have I used the solution?

I've been using CRITICALSTART for four years now.

What do I think about the scalability of the solution?

It's definitely not utilized as much as I would like because of other priorities that have come up. My team is pretty small, so we can only do so much. But we are ramping it up because some of those other priorities are no longer as much of a priority. We should have some more time to do it.

I want my team to get in there and just clean up a lot of the low alerts that are sitting out there, alerts that we looked at and just didn't care about or that weren't important to us. We just need to go in, close those out, and get them to update filters about that stuff so we don't get alerted in the future. There's a fair bit of that.

How are customer service and technical support?

I lean towards evaluating their support as good. Occasionally, we have spoken with them about something we have had open for a while and have had to look for an update. But they're generally quick to respond, initially.

From a project management standpoint, I have always felt that CRITIALSTART was pretty good. When we first brought them on, and when we switched to different products, and even when we tried out some of their other products, they were pretty good on that score. We had weekly calls and it seemed like we were getting moving on things. I really don't have any issues or complaints there.

Their overall customer support is pretty good. I can only compare it to our company and the support we provide, which I feel works pretty decently. They're on par with our organization.

Which solution did I use previously and why did I switch?

Prior to using CRITICALSTART we were just managing things ourselves completely, without any help. But we brought them on pretty early after the company's creation, so it wasn't too painful from that perspective.

How was the initial setup?

From the time that we entered into an agreement to use CRITICALSTART until we were able to start actually using it — I don't remember it taking too terribly long. We used them for a different endpoint service for a little while. When we switched to the new one, I do remember thinking that it took a little bit longer than I would have liked, but when they came back and technically explained it, it made sense to me.

Initially there were some calls where they were just getting an understanding of the environment and the types of users we have. We voluntarily provided them usernames of folks who were more high-priority or the groups that we needed to really focus on.

But the setup was definitely straightforward. It was a couple months before we were really comfortable with the setup, from our perspective, and felt that it was complete.

There were four of us, from our organization, involved. My architect was leading the effort and then I and one or two other analysts were the ones who were looking at the alerts and providing feedback to them so they would know we didn't care about this or that issue and that they should filter it.

What was our ROI?

When I start thinking about if I were to try to light up a SOC, which I've done before and I have no interest in doing, it could be a million dollars a year or more to do that. For what I am paying them for the managed fees, it's a steal. What I can get from them costs less than one body that I would hire. I've always felt like that it's a really good deal.

What's my experience with pricing, setup cost, and licensing?

I've told CRITICALSTART that I think the managed service they provide is cheaper than it should be. It's a really good deal. 

As far as using them to purchase software and other things that they don't necessarily manage for us, they seem to be pretty on-point with pricing. We've looked at them and put them up against Myriad or some others to see if we are getting good value, and they've always been pretty aggressive. In some cases, I feel they have been able to get us a bit more than another VAR would have been able to get us, because of the relationships they have. I feel pretty good about the value there.

Our expectations have been met when it comes to their services being delivered on time, on budget, and on spec.

Which other solutions did I evaluate?

We didn't evaluate other options. I have worked with the architect that I have for a long time now, and I know that he had evaluated options when he was at IBM. I didn't feel the need to, since he had just done it before he came on board with us.

What other advice do I have?

The biggest lesson I've learned from using CRITICALSTART is that you don't necessarily need an internal SOC to make your customers happy. We get asked all the time on questionnaires, "Do you have a SOC?" We're able to say, "No, we use an external SOC to manage alerts for us." I've really only been pushed on that a couple of times. And at other times I've had companies that are larger than you would think come back and say, "Hey, we do the same thing." They may have an internal SOC too, but they still leverage a similar company to triage stuff before it even gets to their SOC.

I use CRITICALSTART's mobile app occasionally, although not as much as I did when I didn't have a dedicated person really looking through the alerts. It's mostly good. I don't have any major complaints about it. There are a few things here or there that need to be polished, but I think it's come a long way. The rest of the team is like me. They use it occasionally to pull up an incident that may be a higher risk, when they're running around doing things. But for the most part, we use the web browser.

On a daily basis there is only one person using CRITICALSTART. He's a security analyst for me. I'll occasionally jump in and my architect will as well, to help on the more advanced things or to adjust the filters and to do things that the analyst doesn't really do.

I would rate CRITICALSTART at eight out of 10. There's room for them to improve, but overall it's a good value and we're happy with them.

Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
PeerSpot user
Lynn Roth - PeerSpot reviewer
Director of IT at Solana
Real User
Filters out the unnecessary stuff and lets us determine the validity of that type of action in our environment
Pros and Cons
  • "The quick interaction between the agents is the most valuable feature. If we have questions, they're quick to answer. If we make a change to our system, they quickly make the changes that are necessary to filter the logs correctly."
  • "The UI has become slower but it's not something I would call them out on."

What is our primary use case?

Our primary use case is to gain the ability to monitor our systems more thoroughly. We are looking for it to address the overload of information from security monitoring systems.

Everything is cloud-based and other than the security agents that are installed on those systems, we also use Cylance Protect, and Carbon Black Response.

What is most valuable?

The quick interaction between the agents is the most valuable feature. If we have questions, they're quick to answer. If we make a change to our system, they quickly make the changes that are necessary to filter the logs correctly.

They do trusted behavior registry. They filter out the unnecessary stuff and present us with the things that are interesting and let us determine the validity of that type of action in our environment.

We get probably 10 or 12 escalated alerts a week, and there are hundreds or thousands of transactions that would need to be filtered otherwise.

The mobile app is a nice way to get quick access to something when I don't have access to the full system. It's a good way of accessing all the data that I would need when I'm remote. The mobile app gives me more comfort in that I will be alerted if there is something going on, even when I'm remote.

CRITICALSTART makes us much more comfortable with knowing someone else is watching our data and our systems and knowing that professional security people are taking a look at any issues that do arise.

The new UI seems a little slower but some of the functionality is a little bit quicker to get to things in terms of navigation. It has made it easier to respond to escalations. The alerts are displayed in a way that makes it simpler to respond. The response dialogue is right on the screen.

In terms of transparency, it seems like all the data is available to us. It affects our security by allowing us to see what they are doing in terms of filtering and making sure that we agree with all the filters that they're adding.

CRITICALSTART has increased our analyst's efficiency to the point that they can focus on other areas of business. We implemented some of these tools at the same time we started with CRITICALSTART. Some of that wasn't being done before, but now it is being done and we still have the time to do other things.

It also takes care of the tier one and tier two triage. It saves my team around 10 hours a week. 

I think that the provider contractually committed to paying a penalty if it misses a one hour SLA to resolve an escalated alert. But it wasn't a huge deal for us. It wasn't a critical thing that we looked at. So far, they haven't missed such SLAs, as far as I know. It has yet to miss an attack. 

We chose not to integrate data sources due to the cost of our firewall logs. They would have been able to ingest them through a SIEM had we wanted to.

What needs improvement?

The UI has become slower but it's not something I would call them out on. 

For how long have I used the solution?

I have been using CRITICALSTART since January of 2020.

How are customer service and technical support?

We communicate with support mostly via the tools, via email and their security application. There is somebody available 24/7. They add a lot of value in terms of being there 24/7 and having access to the data and access to their knowledge base of issues.

Their support is fast, thorough, and easy to use.

How was the initial setup?

We just had to get the security agents installed on the systems that we wanted to use it on.

The process was quite simple and straightforward. We were able to push out the agents with group policy and that made it simple to get everything installed.

Two of us were involved in the setup. I am the Director of IT and my colleague is a network administrator.

Three of us use this solution. The other one would be the chief product officer.

In terms of the size of our environment, it's on over 200 endpoints. We are adding a few machines, but it's close to a 100% adoption rate. 

The implementation was very straightforward. We didn't have any real problems with the product management side.

What was our ROI?

We have seen ROI but I can't explicitly say what. We've been able to easily manage the security information and alerts coming out of the products without having to deal with them on a day to day basis.

What's my experience with pricing, setup cost, and licensing?

The price was less than I would have expected.

Which other solutions did I evaluate?

We did evaluate another solution but we like CRITICALSTART's pricing and we liked the people that we were working with.

What other advice do I have?

Our expectations have been met in terms of services delivered on time, on budget, and on spec. The implementation went as expected. The pricing hasn't been an issue. Everything went as was decided at the beginning. Everything has gone through as I would expect.

I would rate CRITICALSTART a ten out of ten. 

Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
PeerSpot user
Senior Director of IT Security at a financial services firm with 501-1,000 employees
Real User
Consolidates alerts, creates reporting, and gives us a more holistic view of our security landscape
Pros and Cons
  • "Customer service and their response are phenomenal. I would give their customer support a nine point five (out of 10). Our easy access to their SOC analyst, sales team, and leadership team instills confidence in me that they are there for us 24/7."
  • "From where we were prior to going into them, the service has increased our analysts’ efficiency to the point that they can focus on other areas of the business. It gives me the ability to allow analysts to do Level 3 and 4 work and stay out of the weeds of the alerts, where you tend to get alert fatigue. The service takes care of much of the Tier 1 and Tier 2 triage. It is more effective than what we had been used to, because it allows the filtering of Level 1 and Level 2 type alerts to be taken care of. This leaves less for us to handle, which is a good thing."
  • "During the six-month integration and rollout, there were some bumpy roads along the way. There were communication breakdowns between the project manager, CRITICALSTART leadership, and us (as the customer). I expressed my displeasure during the integration in their inability to effectively communicate when there were holdups or issues. They were going through some growing pains at that time, but they have been right there for us ever since."

What is our primary use case?

We were looking for a managed service provider who could handle our endpoint alerts as well as our SIEM alerts. We were looking to address alert reduction, better correlation, and reduction in head count that would ultimately lead to a more secure environment.

We brought our own endpoint solution into the equation. We added a full functionality SIEM solution. There wasn't a whole lot of infrastructure. 

How has it helped my organization?

The transparency is extremely effective. The ability to maneuver through the GUI (the front-end) allows the team to be more effective and perform their job efficiently and effectively. They can bounce around, get in there, and know what they're looking at, which gives them the ability to really dive into the alerts. It's a user-friendly front-end.

From where we were prior to going into them, the service has increased our analysts’ efficiency to the point that they can focus on other areas of the business. It gives me the ability to allow analysts to do Level 3 and 4 work and stay out of the weeds of the alerts, where you tend to get alert fatigue. The service takes care of much of the Tier 1 and Tier 2 triage. It is more effective than what we had been used to, because it allows the filtering of Level 1 and Level 2 type alerts to be taken care of. This leaves less for us to handle, which is a good thing.

We remained within budget. They continue to work with us to add additional logging sources to effectively meet our budget requirements and are in line with our cost cutting efforts.

What is most valuable?

We benefit from alert reduction and the ability to cross-correlate multiple logs to achieve a more secure environment. CRITICALSTART consolidates alerts, creates reporting, and gives us a more holistic view of our security landscape.

They start with a Zero-Trust model and build from Zero up to Trusted. We found this to be extremely effective in filtering out alerts. So, we started from Zero-Trust, then we built the trust from there. This has became extremely effective for us in our environment. 

We have over 99 percent filter rate for the service’s Trusted Behavior Registry.

It is extremely effective for our team's utilization of the service. It is easy to maneuver and understand. If it ever requires any additional information or a deep dive, we reach out to CRITICALSTART to help understand an alert, why we're getting an alert that we think we shouldn't be getting, or fine tuning an alert.

It has enabled our SecOps and internal SOC managers to take action faster and respond to escalations more easily. Because the front-end is easily maneuverable, we have the ability to work through it, get into it, and understand it. This allows us to pivot back and forth between logs, log sources, and understand the alerting. It's not a convoluted front-end.

What needs improvement?

Our analysts do like getting into the console more than they like getting into the mobile app.

We have questioned them on the level of an alert and why alerts have come in lower than we would had anticipated them, e.g., it was maybe a medium instead of a high or medium instead of a critical.

We have a lot of homegrown applications, and we don't push a lot of those data sources to them. We are kind of a unique outfit in that way. So, there are some data sources that the service wasn’t able to integrate with. We're working on having the service be able to ingest them through a SIEM and provide us access right now. They will be storing some of those logs for us.

From a project management standpoint, better communication was needed with the customer during the setup/project phase. I have expressed that, and they have understood this. They have tried to make corrective actions.

For how long have I used the solution?

18 months.

What do I think about the scalability of the solution?

We have already adopted it 100 percent in our company.

How are customer service and technical support?

I occasionally talk with the service provider’s analyst. Mostly, my manager is in touch with him two to three times a week. They are available for us at a moment's notice. We have desk phones, email, and cellphones, and you can get a hold of any of them at any time of the day. From that perspective, it is an excellent, trusted relationship. It allows us to effectively troubleshoot any issues that we may have. They're very responsive.

Customer service and their response are phenomenal. I would give their customer support a nine point five (out of 10). Our easy access to their SOC analyst, sales team, and leadership team instills confidence in me that they are there for us 24/7.

Which solution did I use previously and why did I switch?

We weren't able to have a comprehensive, overarching view of our environment because we couldn't get all our log sources into the previously managed service SIEM solution. It was one of those situations where we had to pivot.

How was the initial setup?

During the six-month integration and rollout, there were some bumpy roads along the way. There were communication breakdowns between the project manager, CRITICALSTART leadership, and us (as the customer). I expressed my displeasure during the integration in their inability to effectively communicate when there were holdups or issues. They were going through some growing pains at that time, but they have been right there for us ever since.

We were able to use the service early on, but never fully used it until it was completely integrated after six months. It took about us six months to onboard it and get it integrated into our environment, then get the log sources to it.

It took about six months to go from Zero-Trust to Trusted Behavior. While it is an ongoing process, the install and tuning was about a six-month process.

What about the implementation team?

For the most part, security operations, security engineering, and the infrastructure folks were involved in the initial setup. It could have touched two dozen people over six months. These are the same teams who are currently using the service.

What was our ROI?

We have seen ROI. There has definitely been time savings. From a logging solution, we are effectively getting all our logs into one solution, which gives us a better holistic view.

What's my experience with pricing, setup cost, and licensing?

Their pricing was very competitive with other vendors. Their ability to be creative struck me as being very customer service friendly. Their creativity in pricing and working with the customer to achieve their financial restraint or goals was very creative.

There are contractual penalties if their SLAs are not met. This commitment was very important in our decision to go with this service, because not having downtime is extremely important to us. The providers has not missed an SLA in the 18 months that I have worked with them.

Which other solutions did I evaluate?

We looked at two other big companies. 

My main thought process was I wanted to go with a smaller, more boutique firm where I felt I would get personal, undivided attention. It was also important for me for them to be local.

What other advice do I have?

Do your homework. Compare the big boys, the larger managed service solutions, with some of the more boutique ones, like CRITICALSTART, and ask yourself: What is it that you want? Do you want to be a small fish in a big pond or a big fish in a small pond?

You always need more logging space than you actually think you need.

They monitor our endpoints.

I would definitely give them a nine (out of 10). They are extremely effective in combating alert fatigue. They're creative in the way they do business. They are also very approachable and very customer service-oriented.

Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
PeerSpot user
Buyer's Guide
Download our free CRITICALSTART Report and get advice and tips from experienced pros sharing their opinions.
Updated: August 2022
Buyer's Guide
Download our free CRITICALSTART Report and get advice and tips from experienced pros sharing their opinions.