CRITICALSTART Reviews

We needed a company with expert solutions in the security field. We needed to secure our internal network, external users. CRITICALSTART has resources and know-how in those specific areas. The second part was that we needed assistance with security, hardware support, and implementation of Palo Alto firewalls, and they are the experts in that too.

There are additional features on the Palo Alto firewalls, security on the level of the apps. The users cannot go to certain places. There's a service that gets set up so we don't have to manage it; there is an automatic shield on those firewalls. Software-wise, we use CRITICALSTART to manage the ZTAP (Zero-Trust Analytics Platform). They manage an antivirus solution for us by Cylance and another protection level is Cisco Umbrella. They manage and monitor our systems with their MDR solution.

For example, alerts come in from the Cylance antivirus to their systems and the CRITICALSTART team informs us and helps us combine the white lists, the black lists, what's allowed, which machines are behaving abnormally, and they monitor various aspects.

It is deployed to over 100 people within our company. That is the user base.

In terms of the MDR, if we didn't use CRITICALSTART, we would have to hire a full-time person to sit and do that job. It frees up resources. It's far less expensive for the company to hire CRITICALSTART instead. And CRITICALSTART has a large knowledge base in the field, whereas we would have to learn within our company how things work. With CRITICALSTART, we tap into the knowledge of all the companies that they manage. It's definitely a win for us.

There was the initial adjustment period, as every environment is different. Initially, they came in and looked at our stuff, our alerts. We tweaked things a little bit, but then we could tell that out of thousands, or even hundreds of thousands of alerts, we were only getting, say, 10 tickets per week from CRITICALSTART, if that. The rest of the things they handle automatically, or their system handles them automatically. It really frees up our time quite a bit.

It allows us to free up our resources. We don't have to get into the super-deep details of the alerts if something is happening. They bring a vast knowledge of the threats to the table. We don't have to research them ourselves so it frees up our time.

And they've previously seen the resources we use for the Palo Alto designs, and they know our environment because we have a person that deals with us directly. It's so much easier to work this way, versus if we were to hire somebody from a large consultant like CDW or Softchoice. With a third-party like that there's always a learning curve — you have to invest so many hours first — before you get to the problem. With CRITICALSTART, we can engage them right away with problem solving. There's no onboarding every time. They already know what's going on.

We have a SCADA system which is something that our field team operates 24/7, all year round. It's a pipeline. We have the Cylance umbrella solution on those critical machines and if something gets blocked by an error we get an alert right away on the mobile phone. We respond and CRITICALSTART comes in and makes live changes. That prevents us from having any downtime due to a blocked file on some system. If it's a bad file, it will get blocked, obviously. That's great. But if it's a false positive, we are able to get CRITICALSTART, using the mobile app, to respond right away and prevent downtime of the SCADA system.

There are two parts of CRITICALSTART's services that are most valuable to us

• The MDR solution where they monitor our computers, laptops, and users across the board. 
• Their knowledge of Palo Alto firewalls.

And their mobile app is actually our preferred method of interacting with them. We get notifications and can reply to tickets on-the-go. I don't think there's any other solution that offers such a thing. It's super-useful. Everybody's got a web portal, but this mobile app is quite something. It's pretty cool.

The mobile app is self-explanatory. You have a ticket or you get a notification and you can chat or submit information. You can talk to their team on-the-go. It's very convenient. If you go farther, you can look up tickets and you can look at the assigned statuses. There's more to it; it's a full-blown app. Maybe there are a couple of features that are easier to use in a web browser with a larger window, but I think it's pretty full-featured. You can change tickets, you can assign the queues, you can post a reply. You can look at the details. The whole thing is there. For us, the main thing is that when there is an alert we can act on it right then.

We also talk with CRITICALSTART analysts, two folks in particular. Their response time is very quick. If they cannot talk to us, we get a reply from them anyway. We don't have to wait around. The response time is very good in comparison to larger companies. CRITICALSTART is fairly large, but there are larger companies where you send a ticket, request support, and you're not sure who's going to get the ticket, who's going to respond; you're not sure when that is going to happen. It's always a waiting game. With CRITICALSTART, it doesn't look that way. They give you a personal approach. Their folks are always available. That makes us more likely to do business with them.

When it comes to the transparency of data in the platform, everything is there if we want to look at it. We really don't get too much into it, but if you want to look at it, it's all available. They show the details; they show how they do it. If you want to know if they're lying to you or not, you can look at the details and the facts they base their decisions on when blocking certain things or monitoring certain stuff. It's pretty transparent. It's very trustworthy. It gives us confidence in the decision-making process, because we see how things are done. It gives us peace of mind.

There is room for improvement with the new UI, and that's about it. I would like to see a more intuitive design.

We have been using CRITICALSTART for two years.

We don't have plans to increase usage for now. We're happy with it and we renewed for another two years.

From a project management standpoint their performance has been very satisfactory. We deployed seven sites. Those were new sites due to expansion that we went through and CRITICALSTART was on each one of them. We involved them and we had success every time.

The customer support is great. Our expectations have been met in terms of service being delivered. We have met all deadlines so far.

The main thing would be the roll-out of those sites. We could schedule something at fairly short notice, like only three weeks ahead, and we were able to book them. They were available to fly with us for the site deployment, if needed. They were also able to deliver hardware in that short period of time. Three weeks is super-fast for obtaining hardware and booking a person who is able to do a project.

We used in-house solutions and it was more involved. There was more time spent with longer project timelines. With CRITICALSTART, we were able to get delivery and get things done quickly.

From the time we entered into an agreement to use CRITICALSTART until we were able to start using it, things were wrapped up within a month. There wasn't any type of initial setup required at our end to use the service. It was just me involved in the setup, on our side.

We don't have any data sources that their service wasn't able to integrate with. They provide a full-blown spectrum of anything you want. Whatever you want, they can deliver.

We looked at other solutions that other folks provide and nobody came close. We had previous experience. We had acquired three other companies in a similar business line to ours, and those folks recommended it. So we had a meeting with CRITICALSTART and we discussed a few things, and it seemed like they were the ones to go with.

The main difference was the value you get for what you pay. You can't beat it. As far as the expense goes, it's very competitive pricing and the services you get are almost like you have a person on your team.

The new web portal they implemented is quite robust. It's very next-generation, but it does need small tweaks. You have to get used to it and learn a little bit about it. That's why I prefer the mobile app. The mobile app seems to be more straightforward. The new UI has more advanced features but you would have to click around and learn a little bit more. It's not as intuitive as the mobile app, but the functionality is there.

As for their contractually committing to paying a penalty if they miss a one-hour SLA to resolve an escalated alert, we have never run into that situation. They haven't missed an SLA in two years.

They offer a very personal, connected experience. I don't know of any other company that has that kind of a personal touch to either its services or its MDR solution. That was the decision-maker for us. 

This has been a positive experience and money well spent. If we had to do it again, we would gladly choose the solution that CRITICALSTART provides, versus going with other solutions or using something in-house where we would probably have to spend double what we are spending now.

What I was looking to achieve with this service was to have less work on my plate, and to leverage people. Usually, when you buy a big product like an antivirus or endpoint protection, if it's a big solution and you have a big company, you need another person to just manage it or things like it. We didn't have those resources. We got the antivirus product, but we didn't have another person to add to it, so I needed someone to help me manage it.

CRIICALSTART is helping me manage this solution because I don't have time to manage it.

Originally, they were managing CylancePROTECT for us. Now, they manage CylancePROTECT, Carbon Black Defense, and Palo Alto Cortex XDR for us.

They take work off my plate and that frees me up to work on other things. The fact that I have time to do more of my job isn't game-changing for my company, but for me it's a huge deal. Otherwise, I'd be spread so thin. What would have happened if we didn't CRITICALSTART is that I would either have been getting thousands of alerts a day and having to ignore everything else, or we would have used a different security product that is less noisy but also less secure. And then, maybe, we would have been compromised and not even know it.

Our expectations have been met in terms of services delivered on time, on budget, and on spec. When you sign up with them, they tell you they're going to cut your alerts down by 99 percent, and they did that. They did that with Carbon Black Defense and they did that with XDR. That's all I could really hope for.

The most valuable feature of their service is their tuning. All the service really does is get things to the point where we get fewer alerts sent to us. If we were getting 1,000 alerts a day without them, they tune it until they know what to do for 999 of them, and one will make it through to us per day. That tuning is the most valuable part of their solution.

When we had Carbon Black, we were getting at least one escalated alert a day, maybe more, because it wasn't able to be tuned the same way that other services can be, or maybe Carbon Black itself alerts that much more. With Cortex XDR, we're only getting about one escalated alert a week, or one a month. It's much less.

They just did a user interface overhaul to the website portal that you use for troubleshooting tickets. The old one was fine. The new one is not intuitive and I hate it.

It's an information overload issue. When you go there, there is a bunch of stuff to look at. I had to get a walkthrough last week because I didn't know how to get to the one screen that I'm looking for when I use it, the one that shows the tickets that I have and the tickets that I don't have. I couldn't figure out how to get to that. In the middle of the main screen there's a little button that'll take you there. And at the top there's a search bar and a filter that helps you find tickets that are assigned to your organization or their organization, tickets that are open, tickets that are closed. But it's not intuitive.

I have been using CRITICALSTART for one-and-a-half years.

If they expanded the scope of what they can ingest and did so at good pricing for managing other services and remediating other issues, I would definitely look into expanding our usage. At this point, I don't know what else they take in, other than endpoint protection.

From a project management standpoint they have performed very well. They're very organized. They're very reliable and responsive. Their customer support is a 10 out of 10. I'm always happy to hear from them and see them.

I haven't had any problems since they've been managing XDR, but back with Carbon Black I had a lot of problems trying to understand why something was being alerted this way and why this or that was being blocked. They helped me troubleshoot all of that stuff as well. And they do it within their SLA. It's nice to have that insurance that they should be responding within an hour.

This is the first time I've used a managed service provider for managing anything like endpoint protection.

There was an initial setup required at our end to use their service and they helped me take care of that. It was very straightforward. There were a few settings for me to change and there were a lot of settings for them to change, and they just remoted into my machine and helped me do it. Either way it was not rocket science for me.

We've used this service with three different products. For the first one, CylancePROTECT, there wasn't a portal for me to log into. That was all behind the scenes. We didn't get to know what was happening. They just took care of everything. 

When we had Carbon Black Defense, we had the old portal, but that was a year-and-a half-ago and I don't remember how long it took to get set up. It hooked in pretty quickly. 

With Palo Alto Cortex XDR, we were either their first or one of their first customers to use that service, so it took a little bit longer to get everything set up correctly, even though we were already connected to them through the old service. We were in the system immediately, but we weren't in full-on production mode for about four-and-a-half months. That's not that bad because they were actively managing it until then.

I looked at Arctic Wolf. There were some others as well. But the pricing of other services was so insane that they weren't even an option. And they don't do exactly the same thing. CRITICALSTART has a narrow scope that fit our requirements. I had a problem and CRITICALSTART specifically works with that thing. I don't know if they do other stuff now, but when we started working together, pretty much all they covered was antivirus.

If you have people who already do this at your company, and they're paid well and they know what they're doing, and you have multiple products like this that they can manage, then you don't really need CRITICALSTART. But if you are a small group of IT people trying to support an entire company and you have a crazy, complex product like CylancePROTECT or Carbon Black defense or Palo Alto Cortex XDR, or anything like that, then it's probably better to leverage an expert company like CRITICALSTART.

The only data source we are using them to manage is our antivirus and they integrate with that. I don't know if they would have been able to integrate with our other data sources. We didn't try that.

I have used CRITICALSTART's mobile app but I haven't used it lately because we get so few alerts that I don't really need it. A lot of people use the mobile app for when they're home on the weekends and they need to get stuff remediated quickly. We don't have people working on the weekends, usually, so it's not a huge issue for us. If my company is working, I'm at my office and at my computer already so I don't need the mobile app for that.

The mobile app has the basic features that you need to use their service. I don't remember if it lets you link to the service they're managing; for example, I don't think there's a link to the Cortex XDR app from CRITICALSTART's mobile app. So you can't really dig deep into anything on there, but that's not their fault. It's just because you can't do that, period. But for quick remediation or quick alerting, it's perfect.

I haven't spoken to CRITICALSTART's analysts lately. During implementation, we had weekly meetings. Usually I only talk to them when things aren't going well, so the fact that I haven't talked to them in a while means we're good. But they were always available when I needed them. If I needed them quickly, they could join a meeting within a day.

Out of all the service providers I've had to work with over the years—I've been here six years—CRITICALSTART is my favorite to work with. I see them at almost every convention that I go to, no matter what city I'm in. I'm always happy to see them and they always recognize me. I feel like that's worth something when you're looking for someone to work with. They have a personal touch.