The Critical Start Security Operations Center (SOC) provides 24x7x365 security monitoring, investigation, and response, through our MDR services. We take on the complexity of cybersecurity to simplify your daily operations.
Through integrated security products and our Zero Trust Analytics Platform™ (ZTAP®) the Critical Start SOC delivers MDR services that give you access to 24x7x365 resources who investigate every security event ingested into ZTAP. This includes triage of security events, response actions that fit your organization’s risk profile, and security guidance to continue hardening your infrastructure.
Our SOC guarantees one-hour SLAs for Time to Detection (TTD) and Median Time to Resolution (MTTR) on every alert. The SOC also enables team members to grow in areas such as post-exploitation investigations, malware reverse engineering, and security engineering to be prepared before attacks are even attempted.
When our SOC analysts receive an alert, they document: what happened, what the risk is and what we (a customer is never alone) should do about it. We want to make sure that you not only understand an alert has happened, but that you also know its nature and how to work with our team to remediate threats. That communication is critical to making sure you really understand the entire security issue—one of our core strengths at Critical Start.
Critical Start SOC analysts are provided +300 hours of training when they join the team. The training is proctored by senior analysts teaching the skills, knowledge, and tool sets needed to lead the industry
8-week intensive training program
Analysts trained on all EDR, SIEM, and XDR tools we integrate with
Analysts have 10 hours set aside every 2 weeks for ongoing training
Resolving all alerts
We provide managed detection and response 24x7x365 including holidays—somebody is always in the room with eyes on the glass.
1-hour MTD and MTTR SLAs for every alert
If defined in our operating terms with your company, analyst can isolate a host if it has been compromised
Or block or allow network connections to the endpoint based on the domain or the URL
We maintain the latest certifications such as SC200. This type of experience means that our team can take actions when needed.
Analysts can create detections using tools such as Microsoft Defender for Endpoint to query the console and create new alerts that don’t come pre-built into the product.
2-person integrity for all investigated alerts