So, the strategy behind the MDR offering is really about building something that is both effective and efficient, that allows you to deal with the core problems of providing managed services, and it has to scale from small business to large enterprise with the same capability. And so, when we built a model that was working off of network effect, that was applying ideas like Random Forest Classification Models to deal with all the false positives at scale, that was giving us network effect across huge datasets. We actually found that the larger the environment and the more customers had, the better we got at doing our actual MDR business. We monitored the network 24/7, we prevent breaches, we look at every single alert that happens and we resolve them on your behalf. If CRITICALSTART is monitoring your network, you can be guaranteed that we’re going to catch what attackers are trying to do.
Security breaches happen at the worst times. Hackers start their day as you’re ending yours, and every delay in communication increases attacker dwell time.
But, there is a solution.
Introducing CRITICALSTART‘s MOBILESOC, an iOS and Android app that goes beyond a simple ticketing app and makes it possible to detect, triage, and remediate every alert, no matter what time of day, or where you are.
When CRITICALSTART escalates an alert, you immediately receive the notification on your phone – not an email that gets buried and forgotten. You can then investigate and isolate the endpoint right from the app and stop an attack before it becomes a breach.
CRITICALSTART’s MOBILESOC allows full access to the same alert data seen by CRITICALSTART analysts including a timeline of all actions taken and access to your security tools through Threat Analytics Plugins, or TAPs.
Comments and escalation provide secure remote collaboration, audit logs, and next steps.
TAPs allows you to perform actions such as retrieving additional information on a threat, running a scan on the endpoint where the threat was detected, or isolating the endpoint from your network.
The MOBILESOC dashboards give your team actionable metrics on the performance of your tools.
Untether your analysts, reduce dwell time, and increase speed to resolution with “on-the-go” alert response from CRITICALSTART’s MOBILESOC.
Cybersecurity is a tough job, am I right? It’s your responsibility to keep the company safe from cyberattacks while simultaneously enabling them to stay innovative and up to date with the latest technology.
Your team is limited, and you rely heavily on security tools to catch the first signs of possible threats that you and your team might not see. Not to mention attacks that happen on nights and weekends when nobody is available to address them.
This all sound about right so far?
The problem is, what do you do with all the alerts coming from your security tools? You’re most likely familiar with the thousands upon thousands of alerts bombarding your email and completely filling up your time. This is pretty much your life now, isn’t it?
You’ve been forced into leaving the vast majority of your security alerts unchecked, or even worse, completely ignored. Every day you’re having to make compromises and accept risk.
But, you’re not alone. This is a problem so common, there’s a recognized term for it, “Alert Fatigue.” Whether you’ve heard this phrase or not, you’re most likely experiencing it in your business right now.
Okay, so how do we deal with alert fatigue? For years, the entire cybersecurity industry decided that the best way to handle alerts was to prioritize them based on how dangerous they seem; critical, high, medium, and low. But that’s not really how alerting should work. You can’t truly prioritize something without context.
FACT: Some of the largest cybersecurity breaches in history started with medium and low-security alerts
So, while you’re inundated with thousands upon thousands of alerts, and only focusing on high or critical threats, you’re allowing a hacker the dwell time they need to completely wreak havoc on your system.
CRITICALSTART’s approach to MDR, or Managed Detection and Response, took that legacy system of ranking alerts and completely wiped the slate clean. Rather than accepting risk and ignoring alerts of lower priority, CRITICALSTART actually starts by ranking every alert with the same priority.
But, how does that make it possible to resolve every security alert, reduce hacker dwell time, and stop breaches altogether? Let me explain…
CRITICALSTART looked closely at all alerts coming from different security tools and what they found was rather interesting. After a thorough investigation, they discovered that a huge portion of incoming security alerts could be verified as harmless, trusted behaviors. And once an alert is classified as a trusted behavior, there is no reason to keep looking at it again, and again, and again.
This is why CRITICALSTART developed their trusted behavior registry – which makes it possible to focus only on the unknown alerts that could potentially lead to threats.
Any unknown alert is reviewed by CRITICALSTART’s team of highly trained analysts who are available 24/7/365 days a year, to help you address and resolve every alert that needs further investigation. Because 24/7 security requires 24/7 monitoring and response.
Did I mention that you can detect, resolve, and remediate every alert right from your phone, with CRITICALSTART’s mobile app? Yep. That’s 100% convenience right there.
This is what it means to effectively stop accepting risk. CRITICALSTART is here to defend your network and stop breaches, by providing you with the tools and the team to resolve every alert around the clock — with full transparency and the only service delivered via iOS and Android apps.
We leave nothing to chance. We stop breaches. We are CRITICALSTART.
As more and more retailers found themselves in the headlines due to security breaches, Mattress Firm knew it needed an MDR security partner to help fill the gaps.
“Prior to engaging with CRITICALSTART, we really didn’t have a cybersecurity function,” said Brad Hollingsworth, director of cybersecurity for Mattress Firm. “Retailers started to be in the news on a regular basis. It started to get some Board-level, C-level attention. We needed to engage an outsourced SOC or an MDR, or somebody who could get in here quickly and start to fill this gap.”
As one of the first MDRs, CRITICALSTART became the obvious choice for Mattress Firm.
“CRITICALSTART was one of the first MDRs out there, so it was really an easy decision for us,” added Hollingsworth. “We have a really good relationship with the CRITICALSTART MDR team. I find the CRITICALSTART SOC analysts to be very knowledgeable. We rarely get things escalated to us that I feel they should have dealt with. It’s been a very good relationship.”
Success for Mattress Firm is partly measured by keeping the company out of the news headlines. “Not having an event is not making the newspaper in that negative fashion is very, very important to us. That’s part of the big value.”
Full Video Transcript:
I’m Brad Hollingsworth. I’m the Director of Cyber Security for Mattress Firm. Prior to us engaging with CRITICALSTART, we really didn’t have a cybersecurity function. Retailers started to be in the news on a regular basis. It started to get some Board-level, C-level attention. We need to engage an outsourced SOC or an MDR, or somebody who can get in here quickly and start to fill this gap. CRITICALSTART was one of the first MDRs out there, so it was really an easy decision for us. We have a really good relationship with the CRITICALSTART MDR team. I find the CRITICALSTART SOC analyst to be very knowledgeable. We rarely get things escalated to us that I feel they should have dealt with. It’s been a very good relationship. Not having an event is not making the newspaper in that negative fashion is very, very important to us. That’s part of the big value.
Cybersecurity doesn’t have to be a roadblock to effectiveness. CRITICALSTART’s SVP of Managed Security, Jordan Mauriello, and Michael Balboni, former advisor to Homeland Security share insights on empowering cyber networks by employing successful strategies.
JM: Hey guys, Jordan Mauriello with CRITICALSTART here, Senior Vice President of Managed Services. Today I have with me Michael Balboni, President of Redland Strategies, former Senator, Assemblyman, advisor to Homeland Security. Honored to have him here with us today. We’ve been doing some awesome discussions about things that we’re doing at CRITICALSTART and working with Redland Strategies.
JM: Today we wanted to take an opportunity just to talk to Michael about some general cybersecurity issues. He’s a major influencer in our community. I know many of you already know who he is and has had a major impact even on some of the legislature that we’ve seen around our industry too as well. We want to take the time to get some thoughts from him on some of the direction the industry’s going impact that some of the changes we see in cyber in general are having on national defense, the role of Senate and Congress, and where that’s going from a legislature perspective.
JM: We’re going to open up and have a nice, fun conversation here about some of these issues. Thank you so much for being with us, Michael.
MB: Thanks for having me Jordan, and thanks for your service to the country in the military.
JM: Thank you very much, sir. I appreciate your support.
JM: When you’re looking at a CISO and he’s attempting to communicate to the board about risk, what are some of the things that you would tell a CISO about how does the board look at cyber and risk for the business that can help them more effectively communicate the risk they might see?
MB: Obviously there is a wide variety of information, education experience as it relates to cyber issues and some board members who could be a Chief Information Security Officer on their own and they’re a huge asset to the board. That typically is not one of the criteria that boards use for attracting trustees or board of directors. That’s not one of the things I look for. It’s an added value, great but that’s not really part of the typical board of directors profile. Therefore you have people who sit there and say, “Okay, we have to do security. I look at security as one bucket.”
MB: Whether it’s the physical security of buildings, it’s physical security of the servers, it’s physical security of the data we have, and what they sometimes don’t focus on is that data is the new oil.
MB: We are a data-driven society.
MB: How we use data, how we protect data, how we explain data to the people that we serve or whether it’s our shareholders, our customers, the folks that we work for as a board of directors, it’s very difficult to articulate that many times. We need to have awareness and we need to let people know that cybersecurity doesn’t have to be a roadblock to effectiveness. It doesn’t have to be a drag on your business model. It doesn’t have to be something that’s just a cost driver. We can actually make the system such that we can empower the networks by doing the right, the smart, and the timely changes to the cyber network employing good strategies.
Cherwell Software needed help. The company’s previous MDR did nothing for them.
“Our previous Managed Detection and Response vendor didn’t do anything,” said Greg Biegan, Director of Security, Cherwell Software. “They didn’t notify us, and it was a big gap.”
CRITICALSTART is the complete opposite, delivering complete transparency, reports Biegan. “I see stuff going in, and I see it coming out, and I see it in a beautiful format.”
Cherwell has also taken advantage of CRITICALSTART‘s MOBILESOC capabilities. “It has been worth its weight in gold. Since we are a global company, my team is getting pinged at all hours of the night. And it’s nice; those that are on-call can actually have their phone. They don’t have to be tied to their computer. They can communicate with the consultant that’s there, they can look at what’s going on, they can determine the action, and it’s just like texting. And once it’s done, it’s done.”
Biegan says the best part is that we don’t get pinged a lot. “It’s nice to know that you have that extra safeguard, that extra layer of security with that MOBILESOC.”
Full Video Transcripts:
My name is Greg Biegan. I’m Director of Security for Cherwell Software. Our previous Managed Detection and Response vendor didn’t do anything. They didn’t notify us and it was a big gap. CRITICALSTART, a complete opposite. What I see, I see stuff going in, and I see it coming out, and I see it in a beautiful format.
We have taken advantage of CRITICALSTART‘s MOBILESOC capabilities. It has been worth its weight in gold. Since we are a global company, my team is getting pinged at all hours of the night. And it’s nice, those that are on-call can actually have their phone. They don’t have to be tied to their computer. They can communicate with the consultant that’s there, they can look at what’s going on, they can determine the action, and it’s just like texting. And once it’s done, it’s done.
The best part is, is that we don’t get pinged a lot. And so it’s nice to know that you have that extra safeguard, that extra layer of security with that MOBILESOC.
Well, I love evangelizing security and also working with some of the smartest people in the industry, and it makes it really fun to work here. We have a lot of smart people. They’re very passionate about security and to do what’s right for the customer.
Our professional services bench, who all have a passion for security, they help support the various technical and strategic services that we offer our clients. So, we offer multiple assessments. They all require a vast amount of knowledge and expertise in order to explain them to your clients and for them to understand what is needed.
With the service of a boutique, we’ll take them through that process in order for them to understand and gain benefit from those assessments. And they’re all with white-glove service. Our tenet as a company is to always do what’s right for the customer.
Our focus is around penetration testing, discovering vulnerabilities, and potential configuration issues that lead to data breaches on some of the biggest clients, Fortune 500, Fortune 50 and so on. I notice a lot of vendors, they will do a scan and hand it off and say, “It’s a pen test”, right?
Where my team is really different is we get our hands in there. We dig into every call, we dig into every server, every webpage. We look for the anomalies that a scan won’t pick up and we build our assessments around what the client is really worried about. To us, pen tests is just a service. What we want to be as partners with our client.
Alert fatigue was an issue for MoneyGram’s SOC analysts, who were finding themselves dealing more with alerts, and less with the work they were hired to do.
“Prior to the relationship with CRITICALSTART, my SOC analysts were experiencing what we all call alert fatigue,” said Scott Funk, head of security operations at MoneyGram International. “CRITICALSTART has really been able to reduce those alerts. Our SOC Analysts are able to get through every alert they toss our way. I’ve been able to take our level three and level four analysts and put them back to work at what they were really hired to do.”
Funk says CRITICALSTART gives them the attention they need, and find that their issues are resolved in a timely manner.
“Our confidence level since we started our MDR service with CRITICALSTART has greatly increased. We are one of CRITICALSTART‘s top companies for meantime to detect and meantime to respond, and we certainly have reduced the risk within MoneyGram, thanks to that partnership with CRITICALSTART.”
Full Video Transcript:
My name is Scott Funk. I’m head of Security Operations and Data Governance at MoneyGram International. What really led us to our relationship with CRITICALSTART was really the fact that we, as an organization, were going to get the attention we needed. Our issues were going to be addressed in a timely fashion.
Our confidence level since we started our MDR service with CRITICALSTART has greatly increased. I would say that prior to the relationship with CRITICALSTART, my SOC analysts were experiencing what we all call alert fatigue. CRITICALSTART has really been able to reduce those alerts. Our SOC Analysts are able to get through every alert they toss our way. I’ve been able to take our level three and level four analysts and put them back to work at what they were really hired to do. We are one of CRITICALSTART‘s top companies for meantime to detect and meantime to respond, and we certainly have reduced the risk within MoneyGram thanks to that partnership with CRITICALSTART.
Security is really an art form, and it’s how do you deal with risk? Personal information can be stolen or worse. So, the customer has historically been bound to either email or their laptop looking at a web portal, we wanted to change that dynamic. So, we came out with the MOBILESOC and it allows the customer to do everything inside of their mobile device that they do on a laptop. And what that does is it unbinds them from that burden of constantly being tethered, and it actually allows them to respond faster and more consistently, which in turn lowers the dwell time that attackers have.
Now what’s unique about what CRITICALSTART does is it brings in 100% of security alerts, and using our Zero-Trust Analytics Platform, it looks at every one of those alerts to determine what is a known good versus what is unknown and needs to be resolved by our analysts. And this is all baked right into the platform.
Ultimately what you want to do is detect and stop breaches. You have to resolve every single alert. Nothing in the marketplace allowed us to do that, which is why we kind of created our own platform. We don’t want to ignore security events, and a lot of the lower-level security events, that’s actually where you can detect a lot of breaches and attacks.
Transparency is very important to CRITICALSTART and what we tried to do is be able to provide that same transparency you get with an in house SOC, but that we can provide as a service. So you kind of get the best of both worlds.
What we want to do is provide cybersecurity in a way that allows customers to move the speed of business. Our customers view us as the low-risk approach to providing managed detection response services. The whole goal is to stop an attacker before it becomes a breach.
Are you suffering from alert overload? Security professionals everywhere spend countless hours sifting through alerts – basically, searching for a needle in a haystack – to identify potential threats. The volume is too overwhelming, leaving them vulnerable and at risk of attack. CRITICALSTART helps end alert overload once and for all. Find out how in this video.
Full video transcript:
Ever try finding a needle in a haystack? Security operation centers, or SOCs, deal with tens of thousands of alerts every day in an effort to safeguard their networks and those of their clients, but only around 0.01 percent of alerts represent any actual threat. That’s the needle. The rest is just noise. As more alerts pile in, a backlog forms, making it practically impossible to move forward without compromise. It’s called alert overload when SOCs have to alter operations and priorities to manage the overwhelming onslaught of alerts. They either have to constantly grow their armies to sift through ever-growing haystacks for the needles or, and this happens most often, they’ll ignore huge amounts of the haystack hoping there’s no needle in it.
SIMs and incident orchestration try to solve the problems of alert overload. They do make investigating each incident quicker by automating certain pieces of simple and repetitive investigation-related tasks, but they don’t decrease the number of alerts needing investigation significantly enough. In other words, the haystack is still there.
What’s needed is a way to go through alerts faster, remove the haystack altogether and ultimately apply a model of accepting no risk. If an alert is not defined as known good, then it gets triaged. Thankfully, there is CRITICALSTART’s Zero-Trust Analytics Platform, also known as ZTAP. CRITICALSTART uses broad, locally specified data processing techniques to automatically identify and remove benign or known good alerts and can reduce the number of alerts requiring investigation by 99.9 percent. Meaning, SOCs can deliver tighter security while also preserving their internal resources.
ZTAP’s Event Orchestration Platform also features a MOBILESOC app, enabling SOC professionals to investigate alerts whenever it is needed from anywhere. With fewer events to investigate manually, analysts can spend their time handling the alerts that are cause for concern.
Complete transparency, greater efficiency and tighter security at a price organizations can afford. That’s the CRITICALSTART difference.