Shortlist fit
Mid-market and enterprise teams that want MDR around existing EDR and SIEM investments
Provider handles
Service can take or orchestrate containment actions within the approved scope.Check before buying
Licensing, deploying and maintaining the EDR, SIEM, identity, cloud and other tools in scopeAlso fits
- Buyers that need 24x7 alert investigation but still want to own response authority and recovery
- Microsoft, Splunk, Sumo Logic, CrowdStrike, SentinelOne or Cortex XDR customers seeking managed coverage
- Security teams that value mobile access to investigations, analyst notes and containment workflow
Can replace
- Some tier 1 and tier 2 alert triage for connected tools
- Some after-hours investigation and response coordination work
- Some manual false-positive handling and alert-status tracking
Coverage
Provider covers
- 24x7 SOC monitoring, investigation and response around connected threat signals
- Trusted Behavior Registry to reduce recurring false positives before they reach the buyer
- CORR platform visibility into alert status, analyst notes, SOC activity and coverage gaps
Your team still owns
- Making sure expected assets, log sources and telemetry are connected and reporting
- Defining rules of engagement, response authority and approval paths for high-impact actions
- Remediation, recovery and business decisions after containment or escalation
Tradeoffs
Works well
- Strong fit for buyers that want MDR without replacing every existing security tool
- Public materials support response actions on the buyer's behalf when rules and integrations allow them
- Gartner Peer Insights shows more public review volume than many mid-market MDR providers
Watch out for
- Public pricing is quote-based, and marketplace $0.01 dimensions are not real list prices
- Response authority depends on rules of engagement, integration depth and service tier
- Public evidence supports a U.S.-based SOC but not detailed multi-region SOC locations
Reviews
Review synthesis
Gartner Peer Insights shows favorable Critical Start MDR review volume, with buyers highlighting 24x7 monitoring, alert handling, transparency and support from analysts. Public evidence is not uniformly detailed: G2 lists only three reviews, and Reddit discussion includes both positive comments about multi-vendor MDR/SIEM support and negative anecdotes.Customers like
- Buyers praise 24x7 monitoring and useful analyst interaction
- Reviews often point to alert-noise reduction and faster investigation workflows
- Some practitioners value support for existing SIEM and multiple security vendors
Watch out for
- Small G2 sample limits confidence outside Gartner
- Reddit sentiment is mixed and includes concerns about service quality and scale fit
- Buyers should ask for references that match their environment size and tool stack
Pricing
- Price
- Quote-based tiered MDR with AWS Marketplace private-offer procurement
- Billing
- Tiered, Custom
Questions to ask
- Which response actions can the SOC take directly in our tools, and which require our approval?
- Which assets, log sources and integrations are in scope for the quoted tier on day one?
- Are advisory SOC analysts, incident response services, custom detections and executive reporting included or tier-dependent?
Integrations
- SIEM
- Critical Start Managed XDR
- Microsoft Sentinel
- Splunk Cloud
- Sumo Logic Cloud SIEM
- EDR / Endpoint
- CrowdStrike Falcon
- Microsoft Defender for Endpoint
- Palo Alto Networks Cortex XDR
- SentinelOne
- VMware Carbon Black
- Cloud
- Other
- Microsoft Defender XDR
- Microsoft Entra ID
- Cisco Secure Email Gateway
- Mimecast Email Security
- Proofpoint
- Okta
- ServiceNow
- Atlassian Jira
Editorial notes
Why contain threats
The MDR offer goes beyond monitor-and-notify because official sources support 24x7 investigation and response plus remote threat containment through MOBILESOC. It is still not a full SOC replacement because the buyer owns the stack, asset coverage, rules of engagement, remediation and recovery.
Rejected co-managed SOC
Critical Start can act as an extension of the buyer's team and tune MDR outcomes, but the profiled offer is primarily MDR around connected signals. The public service-tier material does not make Critical Start responsible for running every security-operations process or tool.
Response boundary
AWS Marketplace language says the SOC can take response action on the buyer's behalf based on rules of engagement and the security tool. This profile should not imply universal remediation across every product, identity workflow, cloud account or business system.
Pricing boundary
The public tiering datasheet describes Essentials, Enterprise and Signature packages, and AWS Marketplace supports private-offer contract procurement. The $0.01 marketplace dimensions are procurement placeholders, not usable MDR list prices.
Review evidence
Gartner has meaningful Critical Start MDR review volume, while G2 has only three reviews and Reddit evidence is mixed and anecdotal. Customer sentiment should be useful but cautious, especially for large-environment fit and support-quality questions.