Critical Start and Microsoft recently announced a collaboration that will see the Texas-based MSSP offer a managed detection and response service for Microsoft Defender Advanced Threat Protection (ATP). In addition to that deal, Critical Start accepted a $40 million minority investment from Sagemount, a growth equity firm. The money will help fuel Critical Start’s U.S. expansion – new field offices in Los Angeles and New York City are planned – among other things.

The two deals have put Critical Start in the spotlight; well, those and the company’s rapidly growing sales. Critical Start grew its MDR bookings by 300% in 2018. This year, they are expected to increase by another 250%. Critical Start is growing so fast that it has had to change buildings three times in the past three years. And the 15,000 square-foot facility that the company purchased in August? It will likely reach capacity this September.

One of the reasons why the company is growing so rapidly is its growing sales of managed security services to fellow channel companies. Today, sales to MSSPs and MSPs account for 10% of company revenue. But they are growing rapidly, and giving Critical Start a nationwide footprint among SMBs.

For insights on how fast-growing MSSPs like Critical Start are managing growth and girding for new opportunities and challenges, Channel Futures turned to Critical Start CEO Rob Davis. Davis, a former sales vice president at RSA and EMC, formed Critical Start in Plano, Texas, in 2012. He struck out on his own because he saw an opportunity to create a new kind of cybersecurity firm — one that prioritized outcomes over products. The company is a big believer that more technology isn’t the answer; better service is.

But delivering that can be a challenge today. Customers, Davis found, often buy a lot of products without realizing just how much it costs to put them to use effectively. They tend to overlook expenses associated with configuration, administration and optimization. 

That said, Davis has seen a change in thinking among customers today.

Critical Start’s Rob Davis

“Outsourcing is a lot more accepted now than it was just three, four or five years ago,” Davis says.

Here are some reasons: First is the lack of cybersecurity professionals available for hire. Second is the increased pressure on business owners and executives to protect their digital assets from theft or compromise. As a result, a soda company CIO, Davis suggests, is more likely to look at his or her company’s core competencies, which may include marketing, logistics and product R&D, and conclude that it doesn’t have a clue how to secure its systems, intellectual property and customer data today.

As their appetite for outsourcing has grown, however, so too have customers’ expectations of what they will get for their money. Today, they want service providers who can detect and respond to threats, not just monitor and manage systems.

To provide that level of service, Critical Start recognized that it couldn’t rely completely on platforms provided by various vendors. These, the company quickly realized, either missed important incidents that customers needed to be informed of, or, conversely, created so many alerts and notifications that they overwhelmed customers and impeded quality services delivery.

To overcome these issues, Critical Start decided to build out its own MDR platform, which it calls “ZTAP,” which is short for Zero Trust Analytics Platform. (The official name is actually the “Zero-Trust Security Orchestration and Response (SOAR) Platform,” but Davis refers to it as ZTAP.) The platform, Davis insists, disrupts legacy MSSP platforms. Without ZTAP, Davis says, there’s simply no way…

… his company could scale to serve hundreds of thousands of customers.

One of the problems that Critical Start set out to fix was the massive number of false positives that security systems produce each day. One of the benefits to ZTAP is that it can help Critical Start determine if a false positive is unique to one customer, or common to many. In addition, the platform provides Critical Start with many more options when it comes to producing detailed reports to customers. The platform provides complete transparency on how alerts are handled, which rules apply, and more.

Given its target customers, which range in size from 1,000 users to 25,000, the level of detail that Critical Start can provide has turned into a competitive advantage, Davis says. So has its security operations center (SOC), which has experienced zero employee turnover in the past three years. In all, the company grew its workforce by 50% in the last year. It plans to add 20 new positions, including security analysts, software developers, sales, solution architects, and sales and marketing specialists this year.

“We’ve been able to create a culture where people want to work. We’ve been able to keep up with growth by attracting people from other companies,” says Davis.

Critical Start actually has more people looking to join it than it has jobs available, which is rare in security these days.

In addition to its Microsoft partnership, Critical Start has a very close relationship with Palo Alto Networks, which Davis says could be one of the company’s most strategic alliances. One of the key reasons was Palo Alto Networks’ release of its Cortex XDR technology, which is a cloud-based detection and response app that helps MSSPs and others eliminate blind spots often found in cybersecurity systems. Davis believes the tight integration with Palo Alto Networks’ technology puts his company in a unique position to generate new revenue through the resell of Critical Start’s monitoring technology through fellow MSPs and MSSPs.

As for the influx of capital, Davis says he is interested in acquisitions, but only those that are an absolute fit. He’s not interested in a rollup strategy in which the company buys other companies for their revenue and customer bases. A deal that would bring Critical Start new technology and/or an opportunity to expand geographically, on the other hand, would be more likely. (Critical Start already monitors customer assets in Asia, Europe and elsewhere, but it doesn’t currently sell outside of North America.)

Looking at cybersecurity as a whole, Davis believes the threat landscape is expanding rapidly. One thing driving it is the relative newfound ability of cybercriminals to monetize their thefts.

“There’s an ecosystem that allows criminals to monetize any information that they steal that there wasn’t before. There’s also a quicker time between when a vulnerability is found and when the code required to exploit it surfaces,” he says.

From a customer perspective, there are simply more assets than ever before to protect. There’s infrastructure, mobile devices, work-from-home systems, SaaS applications, IoT devices and cloud infrastructure spread across Azure, Google, AWS and more. Although the number of assets that CIOs have to protect has doubled or tripled in the past decade, their cybersecurity budgets, typically, have not.

Ironically, Davis says he still sees a lot of skepticism surrounding cybersecurity among customers. Thought they all they need to invest wisely, they must also come to grips with the fact they have to stay disciplined after handing their cybersecurity to a third party.

“I compare staying safe to working out or staying in shape. It’s something everyone wants to do. But it takes a lot of discipline and effort. If you just buy a treadmill and put some clothes on it, then walking by it every day doesn’t get you into better shape,” Davis says.