CRITICALSTART Managed Detection and Response Services for Microsoft Defender for Endpoint

• Trust oriented approach leverages the power of the Zero Trust Analytics Platform (ZTAP) and Trusted Behavior Registry (TBR) to address all alerts 
• We resolve more than 99% of alerts  
• We escalate less than 0.1% of alerts – the alerts that really require the attention of your security team 

Microsoft Defender for Endpoint is built on deep insights into operating system threats and shared signals across devices, identities, and information. Leveraging Microsoft automated alerts and actionable incidents, decide what to prioritize next on your Microsoft Roadmap and leave the research, false positives, and containment of infected devices to Microsoft and CRITICALSTART. 

CRITICALSTART™ MDR services for Microsoft Defender for Endpoint leverage:  

• Cross-operating system (Windows, Mac, Linux) Indicators of Compromise (IOC)  
• Azure Active Directory as an identity provider, single sign-on, and user provisioning management 
• Microsoft automated alerts and actionable incidents  
• Cross-signal context in device timeline investigations
• Ability to pivot directly to the device timeline from any generated IOC 

Comprehensive integration accelerates investigation and response with access to Microsoft Defender for Endpoint or Microsoft 365 Defender. Get Entities, Secure Score, Sign-In Details and related alerts—all in one portal. For each type of data source, such as email, identity and endpoint, we have built queries within this single portal so you can fetch other information for additional context. 

• Security analysts have MS-500: Microsoft 365 Security Administration, SC200 and AZ-500:  Microsoft Azure Security Technologies certifications 
• Microsoft Security Best Practices are used to deploy Microsoft Defender for Endpoint to optimize Microsoft content for both Scheduled Query Rules and Indicators of Compromise (IOCs) 
• We deliver 24x7x365 end-to-end monitoring, investigation, and response by highly skilled analysts 

A key feature of the MDR service for Microsoft Defender for Endpoint is IOC management. Microsoft is the fastest-moving security company today. IOCs are published and updated hourly across different locations. Leveraging the CRITICALSTART™ Threat Navigator, we manage, maintain, and curate MDE out-of-box detections and IOCs.  Detection content is also mapped to the industry leading, MITRE ATT&CK^® framework. 

We take every alert from Microsoft Defender for Endpoint into ZTAP and match it against known good patterns in the TBR. If there is a match, the alert is automatically resolved and incorporated into the TBR. If not, our SOC investigates and proactively responds to stop the attack on your behalf, collaborating with you to remediate in minutes. 

Take threat detection and response on-the-go with our MOBILESOC™ application. An industry-leading first, MOBILESOC puts the power of our ZTAP platform in your hands, allowing you to contain breaches right from your phone.  Our iOS and Android app features 100% transparency, with full alert detail and a timeline of all actions taken.