Managed Detection and Response
24x7 security monitoring, response, and more, tailored to defend smaller organizations and critical infrastructure.
Our experts bring the skills and knowledge needed to understand and protect your assets from sophisticated threats.
- Extensive experience in critical infrastructure environments
- Mission-driven talent pool, developed in collaboration with leading universities and public sector institutions
- Proven onboarding process gets you operational in 30 days
Spot more threats sooner by ingesting rich data from every corner of your environment.
- Open XDR platform with a broad range of integrations
- Unmatched support for IoT and OT systems
- Built-in user behavioral analytics
- Native network detection and response
Seamless and transparent collaboration with shared visibility and control across your hybrid organization.
- Uses your existing tech stack
- Comprehensive, proactive risk assessments
- Real-time view into all SOC activity
- On-demand access to your data
“Using Critical Insight's Managed Detection & Response service was just a better business decision. Our risk is lower now.”
Weather the Storm with Your MDR Crew
Your partner for solution design, implementation, and optimization
- Skills: Security architecture, risk and compliance
- Typical background: Former security architect for a regional hospital group
Security Operations Team
24/7 monitoring and response, always a phone call away
- Skills: Network traffic analysis, log analysis, threat hunting
- Typical background: Former incident response analyst for statewide college system
Customer Success Manager
Your dedicated advocate, ensuring your complete satisfaction and success
- Skills: Project management, business analysis, collaborative problem solving
- Typical background: Former client advocate for IT consulting firm
How it Works
Don’t settle for an MDR that simply detects and responds. Critical Insight is the trusted partner you’ve been looking for to help you to understand and reduce risk in your organization.
We collaborate with you to establish playbooks that describe what should happen in case of an intrusion, including notifications and rapid quarantine guidelines. You may choose which assets or accounts we should quarantine immediately, seek approval before quarantining, or simply notify without quarantine.
Your security strategist works with you to understand the key data sources in your environment and to connect them with our open XDR platform. Data for your endpoint, cloud, and identity solutions may be ingested through API-based connectors (cloud or on-prem), or from streaming log sources via protocols like Syslog.
Network sensors fill the gaps by creating visibility all the way to the edge. Sensors may be deployed on-prem as a physical or virtual appliance, that combines Deep Packet Inspection (DPI), Intrusion Detection System (IDS), Malware Sandbox and continuous full network packet capture into a single configurable package.
Once onboarding is complete, your Critical Insight team will perform an assessment against the NIST Cyber Security Framework (CSF), leveraging the CyberSaint compliance and risk platform. This assessment gives you an objective view of your overall security controls and provides a baseline for tracking your security program's evolution over time.
Assets across your organization are cataloged and High Value Targets (HVTs) are tagged to provide important context for the SOC team to help guide investigations and response.
Your network doesn’t stay still, and neither can your defenses. Monthly reviews will help ensure that your data pipeline remains healthy, security controls are properly tuned, and any new assets or data sources are onboarded cleanly.
As data is ingested, it’s parsed and normalized into a standard data model to simplify analysis and investigations. Common fields like source IP, timestamp, or logon type are standardized across all data sources. Data is also enriched with geolocation and threat context to increase the value of all telemetry.
Our advanced rules engine identifies tactics and techniques associated with known threats. New and updated rules are shipped continuously, sourced from our internal detection team, industry standard threat intelligence feeds, and open communities like SigmaHQ.
Supervised machine learning detection models are based on publicly available or internally generated datasets and are deployed to identify new and emerging threats.
Unsupervised machine learning techniques look for anomalous behavior indicative of a threat. These models baseline over several weeks on a per-customer basis.
Our SOC team performs ongoing threat hunts across your environment, searching for faint signals that are associated with stealthy, sophisticated adversaries.
When a threat is detected, no matter what time of day or night, the Critical Insight SOC team is ready to spring into action on your behalf. In minutes the team begins a thorough investigation and analysis and charts a course of action.
Correlation across detections and other data signals occurs through a Graph ML-based AI, aiding analysts by automatically assembling related data points. The AI determines connection strength between discrete events that can be sourced from any data source, based on property, temporal, and behavioral similarities. This AI is trained on real-world data and is continuously improved with its operational exposure.
In accordance with customized, approved playbooks, our SOC team will leverage your EDR solution to isolate compromised endpoints from your network. This contains the intrusion, preventing attackers from leveraging the endpoint to move laterally or to exfiltrate information.
Locking compromised accounts, based on rigorous processes laid out in playbooks, immediately halts unauthorized access, ensuring that intruders cannot leverage stolen credentials to pivot to other systems and extend their reach.
Every step of the way you’ll have transparent visibility into the activities and actions of the SOC team. You/’ll receive updates and notifications through multiple communication channels, including email, phone calls, and our dedicated client portal. You’ll get detailed information about the nature of any incidents, the potential impact, the immediate steps taken, and recommended actions for mitigation. Your team and ours will work closely for a coordinated response.
Critical Insight’s unique Cybersecurity-as-a-Service delivery model is a clean extension of MDR, helping you to spot and eliminate your strategic and tactical gaps. Whether you need help with continuous vulnerability identification, incident preparedness, ransomware response, or the full services of a vCISO, your Critical Insight crew stands at the ready.
Critical Insight MDR Use Cases
Visibility provides the foundation for detecting and responding to threats, and can be a real challenge in environments where endpoint agents aren’t an option. Network detection and response delivers comprehensive visibility into every corner of your network.
Digital transformation has pushed many mission-critical resources outside of the traditional network perimeter, and attackers are quickly following. MDR for Cloud ensures effective protection wherever your assets live.
Your endpoint protection solution not only blocks threats such as malware, but also provides important visibility into more sophisticated attacks. Our SOC monitors your endpoint protection solution, investigates activities and alerts, and responds rapidly.
Some of the earliest and clearest signs of attack are found in your identity systems. Our SOC monitors authentication and activity logs to spot and contain threats at the source.
IoT and Industrial Control
Many devices cannot make use of an endpoint agent, making them hard to monitor and secure. Our SOC gains real-time visibility by monitoring the device network activity and integrating with IoT/OT discovery solutions.