A small healthcare security team did not have 24/7/365 coverage over weekends and holiday breaks. Learn in this case study how the Hackley Community Care Center turned to an expert MDR service for 24/7/365 visibility that strengthened their security operations and resulted in more protection and less messages to management during off-hours.
We don’t just simplify breach prevention – we do it from day 1. Our platform can see alerts and attacks that may already be present prior to our MDR service, even when looking at a customer’s environment for the first time.
“The biggest lesson is transitioning from alert overload to being at a point where we do have eyes on alerts, where every alert is truly possible. It’s something that a lot of people sell and not a lot of people do very well. Being able to come into this relationship, then where we’re at today, it kind of opened my eyes to: There is the opportunity and the possibility to do this.” Learn how Critical Start’s integration with Cylance and Carbon Black helped this financial services firm with complete endpoint protection.
If a company with 7,000 endpoints faced a ransomware attack, it would take 6 traditional IT admins 8 days to resolve the alerts and find the attack (assuming 10 minutes per investigation during a typical work week). With a day of downtime typically costing millions, TBR and ZTAP present an alternative, by enabling analysts to quickly move past the 99.94%* of alerts that are actually false positives.
“We were very fortunate that our backups were not compromised. But you can restore all day long, and it won’t help you if you do not find the source. Working with CRITICALSTART, we were able to remove the malware behind the attack instead of just trying to mitigate the consequences.”
The Security Director for this global leadership advisory and search firm shared a story of how the Critical Startmethod protected his organization from a potentially serious breach. “We had an endpoint that became infected from a USB drive,” he explained. “It was setting off 40 or 50 alarms at one point. The Critical Start SOC started notifying my team according to the predefined escalation chain. I called the person that had unintentionally infected the device and instructed them to get the device off the network. The SOC team performed an analysis and determined that we were able to stop the infection before it could propagate anywhere else, so that early detection stopped an issue that could have become much, much worse.”
One of the largest utility companies in the southern US was looking for expertise to help them architect the best security strategy and infrastructure for their organization. They turned to CRITICALSTART’s Cybersecurity Consulting team to evaluate their existing technology and processes and then deliver recommendations for how to create and implement a world-class security strategy that leveraged the technology and processes that they already had while integrating new tools and systems as needed.
Immediately, CRITICALSTART saved the customer over $100K on proposed security projects, just by showing them how to reuse their existing SSL decryption and next-generation firewall capabilities. They created further opportunities to save by designing a modular security strategy that delivered the necessary level of security while ensuring the customer wasn’t investing in technology they didn’t need or wouldn’t use properly.
Finally, they brought in CRITICALSTART’s Managed Detection and Response (MDR) team to provide the customer with the continuous monitoring and Level 1 incident response that they desperately needed but couldn’t staff internally – a common problem in security circles as there will be 3.5 million unfilled security jobs by 2021 (CSO Magazine). Now, the customer has a true 24x7x365 security operations model, without the human resources, expertise, infrastructure, and technology that such an approach requires.
When one of the world’s leading beverage companies began their search for a Managed Security Services Provider (MSSP) or Managed Detection and Response (MDR) partner, they built a checklist and request for proposal (RFP) that covered all the basic functions you would expect – and then sent it out to 20 different firms, including some of the biggest names in the security services space, such as IBM, SecureWorks, The Herjavec Group, HP and others.
Among the early responses they received was one from CRITICALSTART, and that response drove them to rethink what they were looking for in a partner. That’s because CRITICALSTART was offering a set of services and capabilities that no other vendor had even mentioned, let alone could match. Specifically, they were intrigued by CRITICALSTART’s commitment to 100% transparency and the notion that they could view as much or as little of what was happening behind the scenes as they wanted – things like specific types of alerts, total number of alerts marked as good or bad, and other data points that could help them govern their business. This would afford them the ability to offload day-to-day operations and benefit from CRITICALSTART’s deep security expertise, while still retaining a sense of control and insight. No other vendor was willing or able to match that level of visibility – instead, competitors offered the more traditional “black box” model where the customer was on the other end of a less productive and less trustworthy “need to know” relationship.
Transparency to the customer was a guiding principle in the creation of CRITICALSTART’s MDR offering. In the early days, the company’s head of managed services polled former colleagues and outside security executives to get their perspectives on working with a third-party managed services vendor. The feedback was unanimous – the greatest concern they shared was “black box” technology and a lack of visibility into what was really going on behind the scenes. So CRITICALSTART built their MDR service to ensure 100% transparency to every customer, all the time.
As for the selection process, the customer narrowed the list of vendors to CRITICALSTART and SecureWorks and toured the Security Operation Centers (SOCs) for both. And in the end, the combination of a passionate and highly knowledgeable team, world-class facilities, a set of game-changing capabilities, and especially the proven commitment to 100% transparency – which none of the other vendors offered – led them to choose CRITICALSTART as their MDR partner.
A national food distributor was looking to outsource its security operations and began an exhaustive search for just the right partner. Some of the biggest names in IT services, including IBM and Ernst & Young, were part of the evaluation – along with CRITICALSTART. From the very beginning, CRITICALSTART distinguished itself from the rest with its agile and customer-centric business model. Where the larger firms focused on incorporating customers into their existing structures and processes, CRITICALSTART emphasized a more tailored approach – one where its team of experts worked directly with the customer to tailor an engagement that was specific to their unique requirements… but that leveraged the best practices (or the network effect) that comes from years of focus on security operations, a differentiator for CRITICALSTART.
As the customer soon discovered, the theme of agility and flexibility carried all the way through to the systems CRITICALSTART designed to run its Managed Detection and Response (MDR) service. Among those systems is the MOBILESOC, an app for iOS and Android devices that connects directly to CRITICALSTART’s proprietary Zero-Trust Analytics Platform (ZTAP). With MOBILESOC, SOC professionals can monitor and investigate alerts directly from their phones, versus having to stay tethered to their laptops, which means tighter security, faster response times and shorter dwell time for attackers. Equally as important, it means more efficient and effective SOC professionals and a happier team overall.
In the end, the customer selected CRITICALSTART as their MDR partner. They were drawn to the fresh and modern approach to security operations and felt reassured that they were trusting their security strategy and infrastructure to a firm that put the customer’s needs first.
In 2016, the world’s leading mattress retailer acquired a mattress manufacturer – and with it, they inherited the acquired company’s security infrastructure, including new licenses of Carbon Black. Initially, the plan was to implement the software alongside their existing systems and use it to protect the business as a whole, but they didn’t have the resources in-house to get the technology up and running successfully.
Enter CRITICALSTART and its Managed Detection and Response (MDR) service team. During a meeting with the customer, CRITICALSTART demonstrated how fast and simple it would be to implement the software using its purpose-built Zero-Trust Analytics Platform (ZTAP) under the watchful eye and constant monitoring of the CRITICALSTART Security Operations Center (SOC) team.
CRITICALSTART worked with Carbon Black, as well as partners Cylance and OpenDNS, to incorporate all of the customer’s endpoints and begin managing them via ZTAP. This was a turning point for the customer – historically, they battled extreme alert overload, exhausting their small internal IT team that was forced to sort through thousands of daily alerts stemming from across their security infrastructure. There was simply no way to review them all, let alone investigate them at any level of depth. Therefore, they were left to “cherry pick” alerts, and in some cases, turn off key alerting functionality altogether, which ultimately compromised security. And with the acquisition of the new company – and all their systems – the alert overload problem and resulting vulnerability would only get worse.
But with CRITICALSTART, alert overload was no longer an issue. The CRITICALSTART CYBERSOC used ZTAP to manage and monitor the customer’s alerts, ultimately reducing the number of alerts by 99.9%. The customer went from 550,000 security alerts to 31 incidents to 1 escalation. So now, the customer’s own IT team can stop sifting through piles of false-positive alerts and instead focus on those that truly are a threat – and redirect the bulk of their time to more strategic opportunities.
Fran Watkins, Network and Systems Administrator for Centennial School District, was solely responsible for protecting the critical technology infrastructure of the district when an abrupt event in a neighboring school system triggered an extensive review of how Centennial protected its network. “A neighboring school district was hit with a ransomware attack and it was kind of a shock to us all,” he stated. “We knew if it could happen to them, it could happen to anybody, and I was the one with the responsibility to make sure that it didn’t happen on my watch. The problem was that I wear many hats and I’m a one-person shop when it comes to security, so I knew we were going to need some help.”
CRITICALSTART® and MOBILESOC® are federally registered trademarks owned by Critical Start. Critical Start also claims trademark rights in the following: Cyber Operations Risk & Response™ platform, and Trusted Behavior Registry®. Any unauthorized use is expressly prohibited.