TDN | Critical Start
Prepare your business with On-Demand Breach Response
Webinar Series | Once More unto the Breach | Lessons Learned from Billion Dollar Breaches

The Defendable Network

Every organization views the business impact of IT and risk differently. That’s why cybersecurity recommendations should be balanced against unique culture and business requirements. Developed by CRITICALSTART, The Defendable Network is a framework that aligns security improvement measures with an organization’s Security Readiness Condition (SECCON).


Create an IT infrastructure that’s capable of being protected against attack and disruption. CRITICALSTART‘s proven framework, The Defendable Network, demystifies complex security standards, while also adapting to ever-evolving technologies and threats.

The Defendable Network framework combines controls for people, policy, and products to boost an organization’s ability to resist initial compromise, restrict lateral movement, and detect and respond to breaches while maintaining security governance. Influenced by popular frameworks like PCI, NIST, SANS, ISO, and ASD35, The Defendable Network simplifies implementation by providing defined, detailed, and actionable controls. These controls map to a specific SECCON level, which allows organizations to align their security efforts with their business objectives.

Prevent compromise before it happens. How could you benefit from a more proactive security approach?

If an attacker gets inside your network, how far can they go? Protect critical assets and information by restricting lateral movement.

Monitor network infrastructure to recognize suspicious activity and receive timely alerts. What’s your plan for failure?

Timely response is a critical component of any sound security strategy. What’s your approach to incident response?

What’s Your
security readiness condition?

From risk tolerance to budget constraints to compliance requirements, your business needs are diverse. That’s why we’ve developed a unique approach to evaluating Security Readiness Condition or SECCON.

Find Your SECCON Level with our quiz below.


Take our brief quiz to identify your Security Readiness Condition. 


When it comes to security strategy, one size doesn’t fit all. Some organizations have basic needs when it comes to security. Their goals and needs are simple. Others must contend with compliance requirements, but their budget is still limited. Some organizations must protect highly sought-after assets and require advanced security protocols and intense manpower and expertise. And some organizations fall somewhere in the middle of the spectrum.

Our SECCON levels are described below. The Defendable Network framework maps to each of these levels to support the development of security programs that suit an organization’s own strategy.

CRITICALSTART has developed detailed reference architectures for each of our SECCON levels within The Defendable Network framework. View descriptions of each SECCON level and download the reference architectures below.

Multiple Devices

Operational Security

Security focuses on implementing controls that can prevent basic, automated attacks, without affecting any other aspect of the organization. 

Compliance Focused

Given the nature of the organization, mandated compliance requirements drive the implementation of security controls. 

Industry Standard

Using their peers as a baseline, the organization implements security controls to meet risk acceptance while avoiding impact to user experience.

Best Practice

Leading the industry in security control implementation, the organization prioritizes a culture of security, with a heavy investment in the proper products to protect the business.

Advanced Security

A breach of the organization could result in possible loss of life or a threat to national security. Most worried about nation-state sponsored attacks, security is prioritized over user-acceptance and cost.


To learn more about Critical Start’s common-sense approach to cybersecurity, contact us today.

The Defendable Network is the intellectual property of CRITICALSTART, Inc.
and is licensed under the Creative Commons guidelines with Attribution and Share-alike.
For more information visit