Decoding Critical Start’s Rapidly Expanding MSSP Business

Critical Start and Microsoft recently announced a collaboration that will see the Texas-based MSSP offer a managed detection and response service for Microsoft Defender Advanced Threat Protection (ATP). In addition to that deal, Critical Start accepted a $40 million minority investment from Sagemount, a growth equity firm. The money will help fuel Critical Start’s U.S. expansion – new field offices in Los Angeles and New York City are planned – among other things.

The two deals have put Critical Start in the spotlight; well, those and the company’s rapidly growing sales. Critical Start grew its MDR bookings by 300% in 2018. This year, they are expected to increase by another 250%. Critical Start is growing so fast that it has had to change buildings three times in the past three years. And the 15,000 square-foot facility that the company purchased in August? It will likely reach capacity this September.

One of the reasons why the company is growing so rapidly is its growing sales of managed security services to fellow channel companies. Today, sales to MSSPs and MSPs account for 10% of company revenue. But they are growing rapidly, and giving Critical Start a nationwide footprint among SMBs.

For insights on how fast-growing MSSPs like Critical Start are managing growth and girding for new opportunities and challenges, Channel Futures turned to Critical Start CEO Rob Davis. Davis, a former sales vice president at RSA and EMC, formed Critical Start in Plano, Texas, in 2012. He struck out on his own because he saw an opportunity to create a new kind of cybersecurity firm — one that prioritized outcomes over products. The company is a big believer that more technology isn’t the answer; better service is.

But delivering that can be a challenge today. Customers, Davis found, often buy a lot of products without realizing just how much it costs to put them to use effectively. They tend to overlook expenses associated with configuration, administration and optimization. 

That said, Davis has seen a change in thinking among customers today.

Critical Start’s Rob Davis

“Outsourcing is a lot more accepted now than it was just three, four or five years ago,” Davis says.

Here are some reasons: First is the lack of cybersecurity professionals available for hire. Second is the increased pressure on business owners and executives to protect their digital assets from theft or compromise. As a result, a soda company CIO, Davis suggests, is more likely to look at his or her company’s core competencies, which may include marketing, logistics and product R&D, and conclude that it doesn’t have a clue how to secure its systems, intellectual property and customer data today.

As their appetite for outsourcing has grown, however, so too have customers’ expectations of what they will get for their money. Today, they want service providers who can detect and respond to threats, not just monitor and manage systems.

To provide that level of service, Critical Start recognized that it couldn’t rely completely on platforms provided by various vendors. These, the company quickly realized, either missed important incidents that customers needed to be informed of, or, conversely, created so many alerts and notifications that they overwhelmed customers and impeded quality services delivery.

To overcome these issues, Critical Start decided to build out its own MDR platform, which it calls “ZTAP,” which is short for Zero Trust Analytics Platform. (The official name is actually the “Zero-Trust Security Orchestration and Response (SOAR) Platform,” but Davis refers to it as ZTAP.) The platform, Davis insists, disrupts legacy MSSP platforms. Without ZTAP, Davis says, there’s simply no way…