Critical Start

MDR ยท XDR

Critical Start MDR is a managed detection and response service that adds 24x7 SOC monitoring, investigation, response and CORR/MOBILESOC workflow around customer security telemetry. After an alert, Critical Start investigates, resolves false positives, escalates real risk and can take response actions on the buyer's behalf when rules of engagement and the connected tool allow it. The buyer still owns the underlying tools, telemetry coverage, approvals, remediation and recovery work.

Service
MDR
Handles
Contain threats
Price
Quote-based tiered MDR with AWS Marketplace private-offer procurement
  • Contain threats
  • Plano, Texas
  • 201-500
  • Founded 2012
Visit website

Shortlist fit

Mid-market and enterprise teams that want MDR around existing EDR and SIEM investments

Provider handles

Service can take or orchestrate containment actions within the approved scope.

Check before buying

Licensing, deploying and maintaining the EDR, SIEM, identity, cloud and other tools in scope

Also fits

  • Buyers that need 24x7 alert investigation but still want to own response authority and recovery
  • Microsoft, Splunk, Sumo Logic, CrowdStrike, SentinelOne or Cortex XDR customers seeking managed coverage
  • Security teams that value mobile access to investigations, analyst notes and containment workflow

Can replace

  • Some tier 1 and tier 2 alert triage for connected tools
  • Some after-hours investigation and response coordination work
  • Some manual false-positive handling and alert-status tracking

Coverage

Provider covers

  • 24x7 SOC monitoring, investigation and response around connected threat signals
  • Trusted Behavior Registry to reduce recurring false positives before they reach the buyer
  • CORR platform visibility into alert status, analyst notes, SOC activity and coverage gaps

Your team still owns

  • Making sure expected assets, log sources and telemetry are connected and reporting
  • Defining rules of engagement, response authority and approval paths for high-impact actions
  • Remediation, recovery and business decisions after containment or escalation

Tradeoffs

Works well

  • Strong fit for buyers that want MDR without replacing every existing security tool
  • Public materials support response actions on the buyer's behalf when rules and integrations allow them
  • Gartner Peer Insights shows more public review volume than many mid-market MDR providers

Watch out for

  • Public pricing is quote-based, and marketplace $0.01 dimensions are not real list prices
  • Response authority depends on rules of engagement, integration depth and service tier
  • Public evidence supports a U.S.-based SOC but not detailed multi-region SOC locations

Reviews

Review synthesis

Gartner Peer Insights shows favorable Critical Start MDR review volume, with buyers highlighting 24x7 monitoring, alert handling, transparency and support from analysts. Public evidence is not uniformly detailed: G2 lists only three reviews, and Reddit discussion includes both positive comments about multi-vendor MDR/SIEM support and negative anecdotes.

Customers like

  • Buyers praise 24x7 monitoring and useful analyst interaction
  • Reviews often point to alert-noise reduction and faster investigation workflows
  • Some practitioners value support for existing SIEM and multiple security vendors

Watch out for

  • Small G2 sample limits confidence outside Gartner
  • Reddit sentiment is mixed and includes concerns about service quality and scale fit
  • Buyers should ask for references that match their environment size and tool stack

Pricing

Price
Quote-based tiered MDR with AWS Marketplace private-offer procurement
Billing
Tiered, Custom

Questions to ask

  1. Which response actions can the SOC take directly in our tools, and which require our approval?
  2. Which assets, log sources and integrations are in scope for the quoted tier on day one?
  3. Are advisory SOC analysts, incident response services, custom detections and executive reporting included or tier-dependent?

Integrations

SIEM
  • Critical Start Managed XDR
  • Microsoft Sentinel
  • Splunk Cloud
  • Sumo Logic Cloud SIEM
EDR / Endpoint
  • CrowdStrike Falcon
  • Microsoft Defender for Endpoint
  • Palo Alto Networks Cortex XDR
  • SentinelOne
  • VMware Carbon Black
Cloud
  • AWS
  • Azure
  • GCP
Other
  • Microsoft Defender XDR
  • Microsoft Entra ID
  • Cisco Secure Email Gateway
  • Mimecast Email Security
  • Proofpoint
  • Okta
  • ServiceNow
  • Atlassian Jira

Editorial notes

Why contain threats

The MDR offer goes beyond monitor-and-notify because official sources support 24x7 investigation and response plus remote threat containment through MOBILESOC. It is still not a full SOC replacement because the buyer owns the stack, asset coverage, rules of engagement, remediation and recovery.

Rejected co-managed SOC

Critical Start can act as an extension of the buyer's team and tune MDR outcomes, but the profiled offer is primarily MDR around connected signals. The public service-tier material does not make Critical Start responsible for running every security-operations process or tool.

Response boundary

AWS Marketplace language says the SOC can take response action on the buyer's behalf based on rules of engagement and the security tool. This profile should not imply universal remediation across every product, identity workflow, cloud account or business system.

Pricing boundary

The public tiering datasheet describes Essentials, Enterprise and Signature packages, and AWS Marketplace supports private-offer contract procurement. The $0.01 marketplace dimensions are procurement placeholders, not usable MDR list prices.

Review evidence

Gartner has meaningful Critical Start MDR review volume, while G2 has only three reviews and Reddit evidence is mixed and anecdotal. Customer sentiment should be useful but cautious, especially for large-environment fit and support-quality questions.

Questions

Does Critical Start MDR replace a full SOC?
No. Critical Start provides MDR monitoring, investigation, alert resolution workflow and scoped response through supported tools. The buyer still owns the security program, connected controls, asset coverage, response authority, remediation and recovery.
Can Critical Start take response actions for the buyer?
Public marketplace and datasheet material support response actions and MOBILESOC containment when the connected tool and rules of engagement allow it. Buyers should confirm the exact actions, approval requirements and tier dependencies in the quote.
Is Critical Start pricing public?
No reliable public list price was found. Critical Start publishes tier names and AWS Marketplace private-offer procurement, but buyers need a current quote for scope, term and price.