

Critical Start MDR
Technology-agnostic MDR centered on the Trusted Behavior Registry, which auto-resolves the majority of alerts by identifying known-good behavior before they reach human analysts. One of the few MDR providers with OT/ICS monitoring through Claroty, Dragos and Nozomi integrations. Founded by Rob Davis (former RSA Security VP), now led by CEO Scott White and backed by Vista Equity Partners since 2022.
Buyer fit
Good fit when
- ✓Mid-market to large enterprises wanting technology-agnostic MDR that works with their existing security stack
- ✓Organizations suffering from alert fatigue wanting TBR's deterministic auto-resolution to reduce noise
- ✓Companies needing OT/ICS monitoring alongside IT MDR through Claroty, Dragos and Nozomi integrations
Watch out when
- ×SMBs or budget-conscious organizations, enterprise-focused pricing not published
- ×Organizations requiring native Slack integration for SOC communication
- ×Companies wanting a breach warranty or financial guarantee
Coverage
EDR
SIEM
Cloud
Additional capabilities
Incident response
Pricing
What costs extra
- –IR/DFIR via Cyber Incident Response Team (CIRT), separate from base MDR
- –Vulnerability management (Qualys VMDR-powered)
- –OT/ICS monitoring (Claroty, Dragos, Nozomi, Otorio integrations)
Cost caveats
- –No public pricing at all, requires sales call for any ballpark
- –OT/ICS monitoring and vulnerability management are separate purchases on top of base MDR
- –Full IR/DFIR requires separate CIRT engagement, not included in MDR contract
- –Annual contract commitment typically required with no published minimum seat count
Pricing compiled from public sources. Verify directly with the provider.
Team and access
Certifications
Reputation
Gartner Peer Insights 4.8/5 (53 reviews). PeerSpot 9.4/10, skewing large enterprise. Glassdoor 4.3/5 (140 reviews, some concerns about RIFs and turnover). IDC MarketScape Major Player (Emerging MDR, 2024). Praised for TBR noise reduction and SOC analyst accessibility. Criticized for onboarding communication gaps, missing Slack integration and opaque pricing.
What customers praise
- ✓TBR cuts false positives and alert fatigue from day one with deterministic auto-resolution
- ✓Easy direct access to SOC analysts and leadership for support, no tiered gatekeeping
- ✓24/7 monitoring with high confidence, reviewers trust it to catch things
Common complaints
- ×Onboarding communication breakdowns during complex enterprise rollouts
- ×No Slack integration despite years of customer requests
- ×Completely opaque pricing requires sales engagement for any ballpark
Questions to ask
- 1.
What is the exact pricing for our environment size, and how do costs scale with additional log sources or integrations?
- 2.
How does the TBR auto-resolution work in practice? Can we review what it resolves automatically and how does it adapt over time?
- 3.
What specific response authorizations can we pre-approve and how granular is the control?
- 4.
How does the two-person approval process work for response actions? Does it add meaningful latency?
- 5.
What is included in the base MDR vs. what requires separate purchase (OT/ICS, vulnerability management, IR/DFIR)?
- 6.
How does CORR platform integrate with our specific SIEM and EDR (CrowdStrike/SentinelOne/Defender)?
- 7.
What data and detection content do we retain access to if we terminate the relationship?
- 8.
How does the MobileSOC app integrate with our existing alerting and on-call workflows?
Evidence
Sources reviewed
Public-data caveats
- –SLA caveat: Contractual 60-minute or less time-to-resolution for all alerts. 10-minute notification for critical alerts. Two-person analyst validation adds safety before response actions are executed.
- –No public fixed price is recorded; compare only after a scoped quote.
- –No public breach warranty is recorded.
- –Response authority may depend on pre-approval and contract scope.
- –MDR analyst headcount or analyst-to-customer ratio is not public.
Also consider
Information compiled from public sources. Verify details directly with the provider before making decisions.