-
Protect Your Data
Trained analysts monitor your network for issues, reducing the impact of a potential breach.
-
Agentless System
Monitor your existing OT, IoT, or traditional infrastructure without the need for endpoint agents.
-
Extend Your Investments
Capitalize on security investments, including endpoint, firewall, & behavioral analytics technologies.
-
Source Data Agnostic
Monitor anything that security systems produce, whether on-premises, in a remote office, or in the cloud.
Advantages of Critical Insight MDR
-
Advanced Threat Detection
-
Monitor Cloud & Hybrid Environments
-
On-Premise Packet Capture
-
Separate Metadata from PII & PHI
-
SSAE-18 SOC 2 Type II Examined
-
Interactive Customer Portal
-
Customized Incident Action Plans
-
No New Technology Requirements
-
Network Security Testing
-
PCI-DSS Readiness
Real people hunt for threats, investigate them, and respond with incident action plans.
Every customer has a dedicated advocate in the Security Operations Centers—the Critical Insight Success Engineer—who has a deep understanding of the customer’s specific needs and assets. They serve as the central communication point while a team of Critical Insight Analysts investigate threats and evaluate the need for an IAP.
-
Solving the people problem
Our team includes experienced Security Analysts with decades of military, government, healthcare, and private sector experience.
-
Investigations and IAPs
Alerts and incidents go through full, expert investigations. When action is required, we provide clear & complete Incident Action Plans with post-incident monitoring & recovery assistance.
-
Critical Insight SOCs
CI Security performs annual Type 2 SOC 2 examinations for multiple Security Operations Centers and provides continuity of service, even in the event of a natural disaster.
-
Protecting privacy
Packet capture remains behind your firewall, with only metadata sent—fully encrypted—to the Critical Insight Data Center, keeping PHI/PII on-premises.
Critical Insight Managed Detection and Response integrates seamlessly into your existing architecture.
The Critical Insight Managed Detection and Response platform receives logs from our on-premises collector, the cloud, or hybrid environments. Our best-in-class technology then prioritizes alerts to send to the Critical Insight Expert Analysts for investigation in the security operations centers.
-
On-Premises
Packet Capture on Critical Insight Collector, Network-based ingest, creating full visibility including IoT, and Syslog and NetFlow for additional context.
-
AWS
Detailed audit logs through CloudTrail, events retrieved through CloudWatch, and alerts sent by AWS GuardDuty.
-
Azure
Logs from Blob storage from MS Graph API & Azure Event Hubs and events in Azure services.
-
Office 365
Logs & alerts using Microsoft Cloud Application Security (MCAS) and user behaviors in O365 applications.
Our expert analysts can take a proactive stance on your network to rapidly quarantine threats before they can attack and fully compromise the system.
Our Critical Insight Success Team works directly with organizations to set up a detailed “playbook” that outlines the details of when and how the analysts can intervene during an active cyber threat. If a threat emerges, CI Security can log into network switches disabling individual ports or the entire switch. The team also has the ability to disable network user accounts.
-
Detailed Network Diagram
The first step is to fully understand your network and how everything is connected to ensure that the team has a full understanding of what devices are attached to a port.
-
Comprehensive Playbook
By clearly outlining the structure of when analysts can quarantine with and without approval as well as when to not quarantine a threat, we ensure that your system will be minimally impacted in the event of a cyber security incident.
Add a full-service security and compliance suite to your existing infrastructure.
-
Managed Detection & Response
Critical Insight Security Analysts monitor anything that your security systems produce, whether on-premises, in a remote office, or in the cloud.
-
Continuous Vulnerability Identification
Set up custom scans on your network at the frequency that you choose, eliminating the risk of waiting for next year’s scan.
Learn about CVI -
Log Management
Manage log collection for AWS and on-premise networks. Your logs are encrypted, hashed, and securely stored for the amount of time you need.
Learn about Log Management