MDR Services for Palo Alto Networks® Cortex® XSIAM™ for Endpoint

Critical Start is one of the 1st MDR providers to wrap services around Palo Alto Networks Cortex XSIAM for Endpoint.

As a Cortex XSIAM early access design partner, Critical Start worked side-by-side with the Cortex XSIAM Product, Engineering, Go to Market teams and Cortex XDR customers through the course of their Cortex XSIAM implementation. As a result, Critical Start gained the technical expertise and firsthand experience with Cortex XSIAM that few other MDR services possess.  

Working with Critical Start means that the overwhelming volume of incidents detected by Cortex XSIAM at the endpoint are inves­tigated and acted on much more quickly than what your internal team could ever do on their own. Your Critical Start solution—composed of industry-leading technologies, certified security experts and threat detection engineers—works in tandem to deliver precise threat detection and response actions.

Key Benefits

palo alto mdr

A simplified view of everything

Consolidated and improved visibility of your environment, all in a single interface.

Reduce the noise

Get fewer false positives over time which dramatically reduces alert fatigue and analyst burnout.

Improve your security posture

Our Cyber Research Unit (CRU) helps you stay ahead of the latest threats by building, enriching and adding threat intelligence to your Cortex XSIAM tool.

palo alto managed detection and response

Increase your SOC’s efficiency and productivity

We do all the heavy lifting for you, so you don’t have to.

How Our MDR Service for Cortex XSIAM for Endpoint Works

Critical Start MDR adapts to your environment to deliver the full power of Cortex XSIAM.  

Our integration ingests every endpoint incident into our Zero Trust Analytics Platform™ (ZTAP™), where they’re compared against known good behaviors in the Trusted Behavior Registry™ (TBR) and playbooks auto-resolve known good incidents at scale.  Incidents not matching the TBR are escalated to our Cortex certified Security Operations Center (SOC) for further enrichment and investigation. 

How We Work with You

We’re with you every step of the way – from onboarding through maturity.

Tool implementation or migration:

We will actively guide you through your new endpoint implementation or migration to Cortex XSIAM.

Onboard quickly:

We will get you up and running as fast as possible: 4-6 weeks on average with total time to first value of approximately 5-10 business days.

Personalize based on your unique requirements:

We continue to add value to your implementation by tailoring our MDR service to your unique needs through playbooks and procedures adapted to your environment to reduce false positives.

Investigate and resolve alerts:

Once you’re up and running, ZTAP and our SOC experts will monitor your environment 24x7x365 for potential threats. You can expect to see an approximate reduction in false positives of 90% on the first day of production monitoring. 

Mature your Cortex XSIAM for Endpoint investment:

We want to help you get the most out of your Cortex XSIAM tool so we’re with you every step of the way. Your Customer Success Manager will check in with you regularly to make sure we’re meeting your expectations and our MDR services are helping you achieve your security goals.

Why Critical Start MDR?

Resolve, not suppress

We resolve every incident at the endpoint and only forward those that truly warrant additional investigation by your security team.

  • Resolve more than 99% of incidents 
  • Escalate less than 0.01% of incidents

Ready to respond 24/7/365

Our Cortex certified security experts help you contain and extinguish threats as quickly as possible to stop them from spreading. They:

  • Operate as an extension of your security team
  • Triage and investigate alerts that are not auto resolved by ZTAP and the TBR
  • Use your tools and our platform to respond to alerts on your behalf – depending on mutually agreed-upon rules of engagement
  • Function as an open book with 100% transparency and visibility into every action taken

Experts in threat detection

The Threat Detection Engineering (TDE) team develops and enriches new detections and BIOCs. They also map detection to the industry-leading MITRE ATT&CK® Framework, ensuring you are protected against the latest attacker Techniques, Tactics and Procedures (TTPs).

Fast resolution with MOBILESOC®

MobileSOC puts the power of ZTAP in your hands, giving you the ability to triage, escalate and isolate attacks from your iOS or Android phone regardless of your location or time of day.

  • MDR for Palo Alto Cortex XDR
    quick card

    MDR Services for Cortex XDR

    Critical Start integrates with Palo Alto Networks Cortex XDR Prevent and Pro to offer a 24x7x365 Managed Detection and Response (MDR) service using our proprietary automation and analytics platform, ZTAP. Through our deep bi-directional integration, we ingest Cortex XDR endpoint, network and cloud data into the platform, to quickly detect every event, resolve every alert and stop every breach.

    MDR for multiple EDR, SIEM and XDR tools

    We offer MDR services for multiple tools all supported by one platform, ZTAP, and accessible on the go through our MobileSOC app, making these easy for our customers that work with multiple security tool vendors.

    ©2020 CRITICALSTART. This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

    CRITICALSTART® and MOBILESOC® are federally registered trademarks owned by Critical Start. Critical Start also claims trademark rights in the following: ZTAP™, Zero Trust Analytics Platform™, and Trusted Behavior Registry™. Any unauthorized use is expressly prohibited.