Critical Start vs Red Canary (a Zscaler company)
Critical Start
Founded in 2012 by Rob Davis to address alert fatigue, Critical Start's Trusted Behavior Registry (TBR) auto-resolves known-good behaviours at scale so analysts focus on true positives. The MOBILESOC iOS/Android app lets customers triage, escalate, and contain incidents from a phone. The firm runs MDR across multiple third-party EDR/XDR/SIEM stacks rather than shipping its own endpoint agent.
Pros
- Trusted Behavior Registry materially reduces alert noise at scale
- MOBILESOC is one of the more mature mobile SOC apps in the MDR market
- Multi-EDR / multi-XDR coverage gives customers stack optionality
- Strong transparency posture; customers see every alert decision and SLA in the portal
Cons
- Smaller scale than Arctic Wolf, Sophos/Secureworks, or eSentire
- Service quality depends on customers having a supported EDR/XDR already licensed
- Limited public pricing
Pricing: Custom (contact sales)
Red Canary (a Zscaler company)
Red Canary delivers managed detection and response built on detection engineering rigor and broad telemetry ingestion (Microsoft Defender, CrowdStrike, SentinelOne, Palo Alto, Zscaler, AWS, Google Cloud, 200+ tools). It is widely regarded as a reference partner for organisations standardising on Microsoft Defender for Endpoint and Sentinel. Zscaler closed the $692M acquisition on August 1, 2025; Red Canary operates as a separate business unit within Zscaler.
Pros
- Reputation as one of the strongest MDR partners for Microsoft-centric security stacks
- Industry-recognised detection engineering and public threat research (annual Threat Detection Report)
- Vendor-broad integrations — does not require ripping out incumbent EDR
- Strong public research output keeps customer detections current
Cons
- Future roadmap will be shaped by Zscaler's strategy; long-term independence uncertain
- Premium positioning; not the cheapest option in mid-market deals
- Limited public pricing
Pricing: Custom (contact sales)