Decoding Critical Start’s Rapidly Expanding MSSP Business
… his company could scale to serve hundreds of thousands of customers.
One of the problems that Critical Start set out to fix was the massive number of false positives that security systems produce each day. One of the benefits to ZTAP is that it can help Critical Start determine if a false positive is unique to one customer, or common to many. In addition, the platform provides Critical Start with many more options when it comes to producing detailed reports to customers. The platform provides complete transparency on how alerts are handled, which rules apply, and more.
Given its target customers, which range in size from 1,000 users to 25,000, the level of detail that Critical Start can provide has turned into a competitive advantage, Davis says. So has its security operations center (SOC), which has experienced zero employee turnover in the past three years. In all, the company grew its workforce by 50% in the last year. It plans to add 20 new positions, including security analysts, software developers, sales, solution architects, and sales and marketing specialists this year.
“We’ve been able to create a culture where people want to work. We’ve been able to keep up with growth by attracting people from other companies,” says Davis.
Critical Start actually has more people looking to join it than it has jobs available, which is rare in security these days.
In addition to its Microsoft partnership, Critical Start has a very close relationship with Palo Alto Networks, which Davis says could be one of the company’s most strategic alliances. One of the key reasons was Palo Alto Networks’ release of its Cortex XDR technology, which is a cloud-based detection and response app that helps MSSPs and others eliminate blind spots often found in cybersecurity systems. Davis believes the tight integration with Palo Alto Networks’ technology puts his company in a unique position to generate new revenue through the resell of Critical Start’s monitoring technology through fellow MSPs and MSSPs.
As for the influx of capital, Davis says he is interested in acquisitions, but only those that are an absolute fit. He’s not interested in a rollup strategy in which the company buys other companies for their revenue and customer bases. A deal that would bring Critical Start new technology and/or an opportunity to expand geographically, on the other hand, would be more likely. (Critical Start already monitors customer assets in Asia, Europe and elsewhere, but it doesn’t currently sell outside of North America.)
Looking at cybersecurity as a whole, Davis believes the threat landscape is expanding rapidly. One thing driving it is the relative newfound ability of cybercriminals to monetize their thefts.
“There’s an ecosystem that allows criminals to monetize any information that they steal that there wasn’t before. There’s also a quicker time between when a vulnerability is found and when the code required to exploit it surfaces,” he says.
From a customer perspective, there are simply more assets than ever before to protect. There’s infrastructure, mobile devices, work-from-home systems, SaaS applications, IoT devices and cloud infrastructure spread across Azure, Google, AWS and more. Although the number of assets that CIOs have to protect has doubled or tripled in the past decade, their cybersecurity budgets, typically, have not.
Ironically, Davis says he still sees a lot of skepticism surrounding cybersecurity among customers. Thought they all they need to invest wisely, they must also come to grips with the fact they have to stay disciplined after handing their cybersecurity to a third party.
“I compare staying safe to working out or staying in shape. It’s something everyone wants to do. But it takes a lot of discipline and effort. If you just buy a treadmill and put some clothes on it, then walking by it every day doesn’t get you into better shape,” Davis says.
- Page 1
- Page 2