Threat Detection Engineering (TDE)

Your tactical advantage.

Can your out-of-the-box detection tools handle the current explosion of cyberattacks? Do you have the staff you need to continually update these tools with new detections? Don’t wait for a breach to find out. The Critical Start Threat Detection Engineering (TDE) team continuously adds new detections to EDR, XDR, and SIEM security tools based on the latest threat intelligence curated by our CTI team and other sources. This team also identifies gaps in your security tool’s detection coverage by mapping new detections to the MITRE ATT&CK® Framework and then verifying the effectiveness of these detections in our Cyber Operations Risk and Response™ platform before pushing them out to your MDR environment.

We go deeper

Our detections focus on maximum impact to adversary impact. We detect attacks across the attack chain with the intent to disrupt malicious activity as early as possible. We perform rigorous research in order to ensure full coverage against threats.

By building detections focused on adversary tactics, techniques, and procedures, we ensure coverage that’s built to last, simple for our Risk and Security Operations Center (RSOC) to triage, and hard for attackers to bypass.


The “why” of an ATT&CK technique. It is the adversary’s tactical goal: the reason for performing an action. For example, an adversary may want to achieve credential access.1


Techniques represent “how” an adversary achieves a tactical goal by performing an action. For example, an adversary may dump credentials to achieve credential access.


Specific capabilities and infrastructure associated with a given technique.

Table 1 source: MITRE ATT&CK

Rigorous testing and validation

No detection goes untested. Our team runs every detection through a series of tests and attack simulations to ensure we’re creating detections that will catch evil in the act. Using our Trusted Behavior Registry® (TBR), we can further refine detections to maximize the impact.

Critical response

The internet is a wild and unpredictable place where attackers and vulnerabilities can emerge at a moment’s notice. Our Threat Detection Engineers work quickly to build new detections after a threat is discovered to keep our customers safe.

Don’t Fear Risk. Manage It.

CRITICALSTART® and MOBILESOC® are federally registered trademarks owned by Critical Start. Critical Start also claims trademark rights in the following: Cyber Operations Risk & Response™ platform, and Trusted Behavior Registry®. Any unauthorized use is expressly prohibited.