CRITICALSTART Reviews

Our primary use case is to gain the ability to monitor our systems more thoroughly. We are looking for it to address the overload of information from security monitoring systems.

Everything is cloud-based and other than the security agents that are installed on those systems, we also use Cylance Protect, and Carbon Black Response.

The quick interaction between the agents is the most valuable feature. If we have questions, they're quick to answer. If we make a change to our system, they quickly make the changes that are necessary to filter the logs correctly.

They do trusted behavior registry. They filter out the unnecessary stuff and present us with the things that are interesting and let us determine the validity of that type of action in our environment.

We get probably 10 or 12 escalated alerts a week, and there are hundreds or thousands of transactions that would need to be filtered otherwise.

The mobile app is a nice way to get quick access to something when I don't have access to the full system. It's a good way of accessing all the data that I would need when I'm remote. The mobile app gives me more comfort in that I will be alerted if there is something going on, even when I'm remote.

CRITICALSTART makes us much more comfortable with knowing someone else is watching our data and our systems and knowing that professional security people are taking a look at any issues that do arise.

The new UI seems a little slower but some of the functionality is a little bit quicker to get to things in terms of navigation. It has made it easier to respond to escalations. The alerts are displayed in a way that makes it simpler to respond. The response dialogue is right on the screen.

In terms of transparency, it seems like all the data is available to us. It affects our security by allowing us to see what they are doing in terms of filtering and making sure that we agree with all the filters that they're adding.

CRITICALSTART has increased our analyst's efficiency to the point that they can focus on other areas of business. We implemented some of these tools at the same time we started with CRITICALSTART. Some of that wasn't being done before, but now it is being done and we still have the time to do other things.

It also takes care of the tier one and tier two triage. It saves my team around 10 hours a week. 

I think that the provider contractually committed to paying a penalty if it misses a one hour SLA to resolve an escalated alert. But it wasn't a huge deal for us. It wasn't a critical thing that we looked at. So far, they haven't missed such SLAs, as far as I know. It has yet to miss an attack. 

We chose not to integrate data sources due to the cost of our firewall logs. They would have been able to ingest them through a SIEM had we wanted to.

The UI has become slower but it's not something I would call them out on. 

I have been using CRITICALSTART since January of 2020.

We communicate with support mostly via the tools, via email and their security application. There is somebody available 24/7. They add a lot of value in terms of being there 24/7 and having access to the data and access to their knowledge base of issues.

Their support is fast, thorough, and easy to use.

We just had to get the security agents installed on the systems that we wanted to use it on.

The process was quite simple and straightforward. We were able to push out the agents with group policy and that made it simple to get everything installed.

Two of us were involved in the setup. I am the Director of IT and my colleague is a network administrator.

Three of us use this solution. The other one would be the chief product officer.

In terms of the size of our environment, it's on over 200 endpoints. We are adding a few machines, but it's close to a 100% adoption rate. 

The implementation was very straightforward. We didn't have any real problems with the product management side.

We have seen ROI but I can't explicitly say what. We've been able to easily manage the security information and alerts coming out of the products without having to deal with them on a day to day basis.

The price was less than I would have expected.

We did evaluate another solution but we like CRITICALSTART's pricing and we liked the people that we were working with.

Our expectations have been met in terms of services delivered on time, on budget, and on spec. The implementation went as expected. The pricing hasn't been an issue. Everything went as was decided at the beginning. Everything has gone through as I would expect.

I would rate CRITICALSTART a ten out of ten. 

We were looking for a managed service provider who could handle our endpoint alerts as well as our SIEM alerts. We were looking to address alert reduction, better correlation, and reduction in head count that would ultimately lead to a more secure environment.

We brought our own endpoint solution into the equation. We added a full functionality SIEM solution. There wasn't a whole lot of infrastructure. 

The transparency is extremely effective. The ability to maneuver through the GUI (the front-end) allows the team to be more effective and perform their job efficiently and effectively. They can bounce around, get in there, and know what they're looking at, which gives them the ability to really dive into the alerts. It's a user-friendly front-end.

From where we were prior to going into them, the service has increased our analysts’ efficiency to the point that they can focus on other areas of the business. It gives me the ability to allow analysts to do Level 3 and 4 work and stay out of the weeds of the alerts, where you tend to get alert fatigue. The service takes care of much of the Tier 1 and Tier 2 triage. It is more effective than what we had been used to, because it allows the filtering of Level 1 and Level 2 type alerts to be taken care of. This leaves less for us to handle, which is a good thing.

We remained within budget. They continue to work with us to add additional logging sources to effectively meet our budget requirements and are in line with our cost cutting efforts.

We benefit from alert reduction and the ability to cross-correlate multiple logs to achieve a more secure environment. CRITICALSTART consolidates alerts, creates reporting, and gives us a more holistic view of our security landscape.

They start with a Zero-Trust model and build from Zero up to Trusted. We found this to be extremely effective in filtering out alerts. So, we started from Zero-Trust, then we built the trust from there. This has became extremely effective for us in our environment. 

We have over 99 percent filter rate for the service’s Trusted Behavior Registry.

It is extremely effective for our team's utilization of the service. It is easy to maneuver and understand. If it ever requires any additional information or a deep dive, we reach out to CRITICALSTART to help understand an alert, why we're getting an alert that we think we shouldn't be getting, or fine tuning an alert.

It has enabled our SecOps and internal SOC managers to take action faster and respond to escalations more easily. Because the front-end is easily maneuverable, we have the ability to work through it, get into it, and understand it. This allows us to pivot back and forth between logs, log sources, and understand the alerting. It's not a convoluted front-end.

Our analysts do like getting into the console more than they like getting into the mobile app.

We have questioned them on the level of an alert and why alerts have come in lower than we would had anticipated them, e.g., it was maybe a medium instead of a high or medium instead of a critical.

We have a lot of homegrown applications, and we don't push a lot of those data sources to them. We are kind of a unique outfit in that way. So, there are some data sources that the service wasn’t able to integrate with. We're working on having the service be able to ingest them through a SIEM and provide us access right now. They will be storing some of those logs for us.

From a project management standpoint, better communication was needed with the customer during the setup/project phase. I have expressed that, and they have understood this. They have tried to make corrective actions.

18 months.

We have already adopted it 100 percent in our company.

I occasionally talk with the service provider’s analyst. Mostly, my manager is in touch with him two to three times a week. They are available for us at a moment's notice. We have desk phones, email, and cellphones, and you can get a hold of any of them at any time of the day. From that perspective, it is an excellent, trusted relationship. It allows us to effectively troubleshoot any issues that we may have. They're very responsive.

Customer service and their response are phenomenal. I would give their customer support a nine point five (out of 10). Our easy access to their SOC analyst, sales team, and leadership team instills confidence in me that they are there for us 24/7.

We weren't able to have a comprehensive, overarching view of our environment because we couldn't get all our log sources into the previously managed service SIEM solution. It was one of those situations where we had to pivot.

During the six-month integration and rollout, there were some bumpy roads along the way. There were communication breakdowns between the project manager, CRITICALSTART leadership, and us (as the customer). I expressed my displeasure during the integration in their inability to effectively communicate when there were holdups or issues. They were going through some growing pains at that time, but they have been right there for us ever since.

We were able to use the service early on, but never fully used it until it was completely integrated after six months. It took about us six months to onboard it and get it integrated into our environment, then get the log sources to it.

It took about six months to go from Zero-Trust to Trusted Behavior. While it is an ongoing process, the install and tuning was about a six-month process.

For the most part, security operations, security engineering, and the infrastructure folks were involved in the initial setup. It could have touched two dozen people over six months. These are the same teams who are currently using the service.

We have seen ROI. There has definitely been time savings. From a logging solution, we are effectively getting all our logs into one solution, which gives us a better holistic view.

Their pricing was very competitive with other vendors. Their ability to be creative struck me as being very customer service friendly. Their creativity in pricing and working with the customer to achieve their financial restraint or goals was very creative.

There are contractual penalties if their SLAs are not met. This commitment was very important in our decision to go with this service, because not having downtime is extremely important to us. The providers has not missed an SLA in the 18 months that I have worked with them.

We looked at two other big companies. 

My main thought process was I wanted to go with a smaller, more boutique firm where I felt I would get personal, undivided attention. It was also important for me for them to be local.

Do your homework. Compare the big boys, the larger managed service solutions, with some of the more boutique ones, like CRITICALSTART, and ask yourself: What is it that you want? Do you want to be a small fish in a big pond or a big fish in a small pond?

You always need more logging space than you actually think you need.

They monitor our endpoints.

I would definitely give them a nine (out of 10). They are extremely effective in combating alert fatigue. They're creative in the way they do business. They are also very approachable and very customer service-oriented.