Meet our SOC

The Critical Start Security Operations Center (SOC) provides 24x7x365 security monitoring, investigation, and response, through our MDR services. We take on the complexity of cybersecurity to simplify your daily operations.

The Critical Start SOC

Through integrated security products and our Zero-Trust Analytics Platform® (ZTAP®)  the Critical Start SOC delivers MDR services that give you access to 24x7x365 resources who investigate every security event ingested into ZTAP. This includes triage of security events, response actions that fit your organization’s risk profile, and security guidance to continue hardening your infrastructure.

Our SOC guarantees one-hour SLAs for Time to Detection (TTD) and Median Time to Resolution (MTTR) on every alert. The SOC also enables team members to grow in areas such as post-exploitation investigations, malware reverse engineering, and security engineering to be prepared before attacks are even attempted.

The Team

The Security Analyst team is comprised of security experts who focus on in-depth investigations, malware reverse engineering and the unique aspects you bring to the threat landscape–something often overlooked by security service providers.

The Technology

ZTAP provides immediate notification of alert escalation, triage information and analyst recommendations, and threat analysis plug-ins for our SOC to gather more data to enhance investigation. With complete transparency, you can also see everything we see across your security ecosystem in ZTAP. 

Trusted Behavior Registry

The Trusted Behavior Registry® (TBR), part of ZTAP, resolves false positives quickly and automatically, dramatically reducing your workload and giving you confidence that every single alert is resolved.

Our SOC in Action

When our SOC analysts receive an alert,  they document: what happened, what the risk is and what we (a customer is never alone) should do about it. We want to make sure that you not only understand an alert has happened, but that you also know its nature and how to work with our team to remediate threats. That communication is critical to making sure you really understand the entire security issue—one of our core strengths at Critical Start.

Critical Start SOC Benefits


Critical Start SOC analysts are provided +300 hours of training when they join the team. The training is proctored by senior analysts teaching the skills, knowledge, and tool sets needed to lead the industry

  •  8-week intensive training program

  • Analysts trained on all EDR, SIEM, and XDR tools we integrate with

  • Analysts have 10 hours set aside every 2 weeks for ongoing training

Resolving all alerts

We provide managed detection and response 24x7x365 including holidays—somebody is always in the room with eyes on the glass.

  • 1-hour MTD and MTTR SLAs for every alert

  • If defined in our operating terms with your company, analyst can isolate a host if it has been compromised

  • Or block or allow network connections to the endpoint based on the domain or the URL

Better protection

We maintain the latest certifications such as SC200. This type of experience means that our team can take actions when needed. 

  • Analysts can create detections using tools such as Microsoft Defender for Endpoint to query the console and create new alerts that don’t come pre-built into the product.

  • 2-person integrity for all investigated alerts

Don’t Fear Risk. Manage It.

CRITICALSTART® and MOBILESOC® are federally registered trademarks owned by Critical Start. Critical Start also claims trademark rights in the following: Cyber Operations Risk & Response™ platform, and Trusted Behavior Registry®. Any unauthorized use is expressly prohibited.