Resource Type: Video

See how our MDR platform integrates with XSOAR.

Full video transcript:

So, the strategy behind the MDR offering is really about building something that is both effective and efficient, that allows you to deal with the core problems of providing managed services, and it has to scale from small business to large enterprise with the same capability. And so, when we built a model that was working off of network effect, that was applying ideas like Random Forest Classification Models to deal with all the false positives at scale, that was giving us network effect across huge datasets. We actually found that the larger the environment and the more customers had, the better we got at doing our actual MDR business. We monitored the network 24/7, we prevent breaches, we look at every single alert that happens and we resolve them on your behalf. If CRITICALSTART is monitoring your network, you can be guaranteed that we’re going to catch what attackers are trying to do.

As more and more retailers found themselves in the headlines due to security breaches, Mattress Firm knew it needed an MDR security partner to help fill the gaps.

“Prior to engaging with CRITICALSTART, we really didn’t have a cybersecurity function,” said Brad Hollingsworth, director of cybersecurity for Mattress Firm. “Retailers started to be in the news on a regular basis. It started to get some Board-level, C-level attention. We needed to engage an outsourced SOC or an MDR, or somebody who could get in here quickly and start to fill this gap.”

As one of the first MDRs, Critical Start became the obvious choice for Mattress Firm.

“Critical Start was one of the first MDRs out there, so it was really an easy decision for us,” added Hollingsworth. “We have a really good relationship with the Critical Start MDR team. I find the Critical Start SOC analysts to be very knowledgeable. We rarely get things escalated to us that I feel they should have dealt with. It’s been a very good relationship.”

Success for Mattress Firm is partly measured by keeping the company out of the news headlines. “Not having an event is not making the newspaper in that negative fashion is very, very important to us. That’s part of the big value.”

Full Video Transcript:

I’m Brad Hollingsworth. I’m the Director of Cyber Security for Mattress Firm. Prior to us engaging with Critical Start, we really didn’t have a cybersecurity function. Retailers started to be in the news on a regular basis. It started to get some Board-level, C-level attention. We need to engage an outsourced SOC or an MDR, or somebody who can get in here quickly and start to fill this gap. Critical Start was one of the first MDRs out there, so it was really an easy decision for us. We have a really good relationship with the Critical Start MDR team. I find the Critical Start SOC analyst to be very knowledgeable. We rarely get things escalated to us that I feel they should have dealt with. It’s been a very good relationship. Not having an event is not making the newspaper in that negative fashion is very, very important to us. That’s part of the big value.

Cybersecurity doesn’t have to be a roadblock to effectiveness. CRITICALSTART’s SVP of Managed Security, Jordan Mauriello, and Michael Balboni, former advisor to Homeland Security share insights on empowering cyber networks by employing successful strategies.

Full Transcript:

JM: Hey guys, Jordan Mauriello with CRITICALSTART here, Senior Vice President of Managed Services. Today I have with me Michael Balboni, President of Redland Strategies, former Senator, Assemblyman, advisor to Homeland Security. Honored to have him here with us today. We’ve been doing some awesome discussions about things that we’re doing at CRITICALSTART and working with Redland Strategies.

JM: Today we wanted to take an opportunity just to talk to Michael about some general cybersecurity issues. He’s a major influencer in our community. I know many of you already know who he is and has had a major impact even on some of the legislature that we’ve seen around our industry too as well. We want to take the time to get some thoughts from him on some of the direction the industry’s going impact that some of the changes we see in cyber in general are having on national defense, the role of Senate and Congress, and where that’s going from a legislature perspective.

JM: We’re going to open up and have a nice, fun conversation here about some of these issues. Thank you so much for being with us, Michael.

MB: Thanks for having me Jordan, and thanks for your service to the country in the military.

JM: Thank you very much, sir. I appreciate your support.

—

JM: When you’re looking at a CISO and he’s attempting to communicate to the board about risk, what are some of the things that you would tell a CISO about how does the board look at cyber and risk for the business that can help them more effectively communicate the risk they might see?

MB: Obviously there is a wide variety of information, education experience as it relates to cyber issues and some board members who could be a Chief Information Security Officer on their own and they’re a huge asset to the board. That typically is not one of the criteria that boards use for attracting trustees or board of directors. That’s not one of the things I look for. It’s an added value, great but that’s not really part of the typical board of directors profile. Therefore you have people who sit there and say, “Okay, we have to do security. I look at security as one bucket.”

MB: Whether it’s the physical security of buildings, it’s physical security of the servers, it’s physical security of the data we have, and what they sometimes don’t focus on is that data is the new oil.

MB: We are a data-driven society.

JM: Absolutely.

MB: How we use data, how we protect data, how we explain data to the people that we serve or whether it’s our shareholders, our customers, the folks that we work for as a board of directors, it’s very difficult to articulate that many times. We need to have awareness and we need to let people know that cybersecurity doesn’t have to be a roadblock to effectiveness. It doesn’t have to be a drag on your business model. It doesn’t have to be something that’s just a cost driver. We can actually make the system such that we can empower the networks by doing the right, the smart, and the timely changes to the cyber network employing good strategies.

Alert fatigue was an issue for MoneyGram’s SOC analysts, who were finding themselves dealing more with alerts, and less with the work they were hired to do.

“Prior to the relationship with Critical Start, my SOC analysts were experiencing what we all call alert fatigue,” said Scott Funk, head of security operations at MoneyGram International. “Critical Start has really been able to reduce those alerts. Our SOC Analysts are able to get through every alert they toss our way. I’ve been able to take our level three and level four analysts and put them back to work at what they were really hired to do.”

Funk says Critical Start gives them the attention they need, and find that their issues are resolved in a timely manner.

“Our confidence level since we started our MDR service with Critical Start has greatly increased. We are one of Critical Start‘s top companies for meantime to detect and meantime to respond, and we certainly have reduced the risk within MoneyGram, thanks to that partnership with Critical Start.”

Full Video Transcript:

My name is Scott Funk. I’m head of Security Operations and Data Governance at MoneyGram International. What really led us to our relationship with Critical Start was really the fact that we, as an organization, were going to get the attention we needed. Our issues were going to be addressed in a timely fashion.

Our confidence level since we started our MDR service with Critical Start has greatly increased. I would say that prior to the relationship with Critical Start, my SOC analysts were experiencing what we all call alert fatigue. Critical Start has really been able to reduce those alerts. Our SOC Analysts are able to get through every alert they toss our way. I’ve been able to take our level three and level four analysts and put them back to work at what they were really hired to do. We are one of Critical Start‘s top companies for meantime to detect and meantime to respond, and we certainly have reduced the risk within MoneyGram thanks to that partnership with Critical Start.

Full Video Transcript:

Ultimately what you want to do is detect and stop breaches. You have to resolve every single alert. Nothing in the marketplace allowed us to do that, which is why we kind of created our own platform. We don’t want to ignore security events, and a lot of the lower-level security events, that’s actually where you can detect a lot of breaches and attacks.

Transparency is very important to CRITICALSTART and what we tried to do is be able to provide that same transparency you get with an in house SOC, but that we can provide as a service. So you kind of get the best of both worlds.

What we want to do is provide cybersecurity in a way that allows customers to move the speed of business. Our customers view us as the low-risk approach to providing managed detection response services. The whole goal is to stop an attacker before it becomes a breach.

Are you suffering from alert overload? Security professionals everywhere spend countless hours sifting through alerts – basically, searching for a needle in a haystack – to identify potential threats. The volume is too overwhelming, leaving them vulnerable and at risk of attack. CRITICALSTART helps end alert overload once and for all. Find out how in this video.

Full video transcript:

Ever try finding a needle in a haystack? Security operation centers, or SOCs, deal with tens of thousands of alerts every day in an effort to safeguard their networks and those of their clients, but only around 0.01 percent of alerts represent any actual threat. That’s the needle. The rest is just noise. As more alerts pile in, a backlog forms, making it practically impossible to move forward without compromise. It’s called alert overload when SOCs have to alter operations and priorities to manage the overwhelming onslaught of alerts. They either have to constantly grow their armies to sift through ever-growing haystacks for the needles or, and this happens most often, they’ll ignore huge amounts of the haystack hoping there’s no needle in it.

SIMs and incident orchestration try to solve the problems of alert overload. They do make investigating each incident quicker by automating certain pieces of simple and repetitive investigation-related tasks, but they don’t decrease the number of alerts needing investigation significantly enough. In other words, the haystack is still there.

What’s needed is a way to go through alerts faster, remove the haystack altogether and ultimately apply a model of accepting no risk. If an alert is not defined as known good, then it gets triaged. Thankfully, there is CRITICALSTART’s Zero-Trust Analytics Platform, also known as ZTAP. CRITICALSTART uses broad, locally specified data processing techniques to automatically identify and remove benign or known good alerts and can reduce the number of alerts requiring investigation by 99.9 percent. Meaning, SOCs can deliver tighter security while also preserving their internal resources.

ZTAP’s Event Orchestration Platform also features a MOBILESOC app, enabling SOC professionals to investigate alerts whenever it is needed from anywhere. With fewer events to investigate manually, analysts can spend their time handling the alerts that are cause for concern.

Complete transparency, greater efficiency and tighter security at a price organizations can afford. That’s the CRITICALSTART difference.