Secureworks (a Sophos company) vs Critical Start
Secureworks (a Sophos company)
Secureworks pioneered the modern MSSP model and was majority-owned by Dell before its acquisition by Sophos in an $859M deal that closed February 2025. The Taegis platform (MDR, XDR, NDR, VDR, embedded SIEM) continues as a standalone, vendor-open product line within Sophos with native Sophos Endpoint integration. The Counter Threat Unit (CTU) remains a key differentiator.
Pros
- Counter Threat Unit is one of the longest-running in-house threat research teams
- Taegis remains vendor-open / BYO-EDR even post-Sophos
- Embedded SIEM removes the need for a separate Splunk-class deployment for many customers
- Deep history with regulated industries and global SOC footprint
Cons
- Ongoing integration risk following the Sophos acquisition
- Heritage SIEM/MSSP roots can mean a heavier deployment than newer cloud-native MDRs
- Limited public list pricing
Pricing: Custom (contact sales)
Critical Start
Founded in 2012 by Rob Davis to address alert fatigue, Critical Start's Trusted Behavior Registry (TBR) auto-resolves known-good behaviours at scale so analysts focus on true positives. The MOBILESOC iOS/Android app lets customers triage, escalate, and contain incidents from a phone. The firm runs MDR across multiple third-party EDR/XDR/SIEM stacks rather than shipping its own endpoint agent.
Pros
- Trusted Behavior Registry materially reduces alert noise at scale
- MOBILESOC is one of the more mature mobile SOC apps in the MDR market
- Multi-EDR / multi-XDR coverage gives customers stack optionality
- Strong transparency posture; customers see every alert decision and SLA in the portal
Cons
- Smaller scale than Arctic Wolf, Sophos/Secureworks, or eSentire
- Service quality depends on customers having a supported EDR/XDR already licensed
- Limited public pricing
Pricing: Custom (contact sales)