Meet our RSOC

The Critical Start Risk & Security Operations Center (RSOC) provides 24x7x365 security monitoring, investigation, and response through our MDR services. We take on the complexity of cybersecurity to simplify your daily operations.

Learn More

The Critical Start RSOC

Whether you are looking to expand the capacity of your SOC, optimize the efficiency of your tools, or mitigate risk, our team of experts stands ready to extend the detection and response capabilities of your cyber security operations 24x7x365 through real-time monitoring, rapid investigation, and proactive response with full-scale, complete alert resolution.

The Critical Start RSOC delivers fully transparent MDR services and provides response actions that fit your organization’s risk profile and security guidance to continually increase your security posture—all while guaranteeing 10-minute notifications for Critical alerts and 60-minute or less Time to Detection (TTD) and Median Time to Resolution (MTTR) SLAs on every alert, regardless of priority.

Our Team

Our Security Analyst team goes beyond comparable services by tailoring threat discovery, analysis, and environmental profiling to each customer’s unique environment and the security exposures and malware that increase risk.

Meet a Senior Analyst

The Technology

Our Cyber Operations Risk & Response™ platform provides immediate notification of alert escalation, triage information and analyst recommendations, and threat analysis plug-ins for our RSOC to gather more data to enhance investigation. With our Platform, there is no such thing as a black box—you can also see everything we see across your security ecosystem.

Our Platform

Trusted Behavior Registry®

The purpose-built Trusted Behavior Registry^® (TBR^®) part of our Platform resolves false positives quickly and automatically, dramatically reducing your workload and giving you confidence that every single alert is resolved.

Our RSOC in Action

When our RSOC analysts receive an alert, they document what happened, what the risk is, and together (a customer is never alone), what we should do about it. We want to make you’re aware an alert has happened, understand its nature, and are clear on how to work with our team to remediate the threat. That communication is critical to making sure you really understand the entire security issue—one of our core strengths at Critical Start.

We Call Them Experts for a Reason—It’s Why You Can Sleep Better at Night

We never stop learning

Critical Start RSOC analysts are provided +300 hours of training when they join the team, proctored by senior analysts teaching the skills, knowledge, and toolsets needed to lead the industry.

An 8-week intensive training program is required for all new hires
Analysts are trained on all EDR, SIEM, and XDR tools we integrate with
Analysts have 10 hours set aside every 2 weeks for ongoing training, including post-exploitation investigations, malware reverse engineering, and security engineering

We resolve every alert

We provide managed detection and response 24x7x365, including holidays—somebody is always in the room with eyes on the glass.

10-minute notification for Critical alerts and 60-minute or less MTD and MTTR SLAs for every alert, regardless of priority
If defined in our operating terms with your company, our analysts can isolate a host if it has been compromised or block or allow network connections to the endpoint based on the domain or the URL

We provide comprehensive protection

We maintain the latest certifications, including CompTIA A+, Security+, Network+, Advanced Security Practitioner (CASP+), and Cybersecurity Analyst (CySA+)—just to name a few.

Analysts can create detections using tools such as Microsoft Defender for Endpoint to query the console and create new alerts that don’t come pre-built into the product
2-person integrity for all investigated alerts to ensure quality control for every customer