Threat Detection Engineering (TDE)

Your tactical advantage.

Can your out-of-the box detection tools handle the current explosion of cyberattacks? Do you have the staff you need to continually update these tools with new detections? Don’t wait for a breach to find out. The Critical Start Threat Detection Engineering (TDE) team continuously adds new detections to EDR, XDR and SIEM security tools based on the latest threat intelligence curated by our CTI team and other sources. This team also uses CRITICALSTART® Threat Navigator to identify gaps in your security tool’s detection coverage by mapping new detections to the MITRE ATT&CK® Framework, then verifying the effectiveness of these detections in our Zero Trust Analytics Platform™ (ZTAP®) before pushing them out to your MDR environment.

We go deeper

Our detections focus on maximum impact to adversary impact. We detect attacks across the attack chain with the intent to disrupt malicious activity as early as possible. We perform rigorous research in order to ensure full coverage against threats.

By building detections focused on adversary tactics, techniques and procedures we ensure coverage that’s built to last, simple for our SOC to triage and hard for attackers to bypass.


The “why” of an ATT&CK technique. It is the adversary’s tactical goal: the reason for performing an action. For example, an adversary may want to achieve credential access.1


Techniques represent “how” an adversary achieves a tactical goal by performing an action. For example, an adversary may dump credentials to achieve credential access.


Specific capabilities and infrastructure associated with a given technique.

Table 1 source: MITRE ATT&CK

Rigorous testing and validation

No detection goes untested. Our team runs every detection through a series of tests and attack simulations to ensure we’re creating detections that will catch evil in the act. Using our Trusted Behavior Registry (TBR), we can further refine detections to maximize the impact.

Critical response

The internet is a wild and unpredictable place, where attackers and vulnerabilities can emerge at a moment’s notice. Our Threat Detection Engineers work quickly to build new detections after a threat is discovered to keep our customers safe.

©2023 CRITICALSTART. This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

CRITICALSTART®, MOBILESOC®, and ZTAP® are federally registered trademarks owned by Critical Start. Critical Start also claims trademark rights in the following: Zero Trust Analytics Platform™, and Trusted Behavior Registry™. Any unauthorized use is expressly prohibited.