Xcitium CEO: ‘We’re Doubling Down On The Channel’

‘The entire industry’s ability to defend against cybersecurity attacks is predominantly detection based,’ says Ken Levine, CEO of cybersecurity company Xcitium. ‘But we actively prevent the damage that malware can do without relying on detection. We are the only company in the world that protects by preventing malware from doing any damage.’

After coming off a year of double-digit growth, cybersecurity company Xcitium has “really doubled and tripled down on the MSP market and on the channel market in general.”

“We’re kind of going all in,” Ken Levine, CEO of Bloomfield, N.J.-based Xcitium, told CRN. “You‘ll see it from who we hire, you’ll see it from how we engage with the partners going forward and the training and enablement program.”

Xcitium has about 1,500 MSP partners, and services about 1,500 end customers, around the world such as the U.K., Spain and the Middle East. Ending 2022 with about 50 percent growth, Levine said they’re on track to see hyper growth in 2023.

“We’re heavy channel now, but we‘re kind of going all the way there,” he said. “On the technology side, there’s lots of innovations that we continue to work on all around making the product more effective, easier to use and easier to deploy.”

Since the social media kerfuffle last summer where a Xcitium partner claimed 100 percent security, Levine said the company has taken “100 percent” out of its messaging completely.

Last August, an Xcitium partner claimed in a LinkedIn post that Xcitium’s software product is completely malware proof, which took a left turn into a social media mudslinging with cyber CEOs going to bat in the name of security.

“We never had intended to claim 100 percent protection,” Levine told CRN. “It got a little twisted. To date we’ve had perfect scores in protecting customers, but we’re just not guaranteeing 100 percent.”

The message the company tries to convey, he said, is that there’s “a fundamental difference between trying to detect or prevent the breach versus preventing the damage that a breach can cause.”

“The entire industry’s ability to defend against cybersecurity attacks is predominantly detection based,” said Levine. “But we actively prevent the damage that malware can do without relying on detection. We are the only company in the world that protects by preventing malware from doing any damage.”

Levine recently spoke to CRN about a variety of topics including cybersecurity, M&A, MSP pain points and what to expect from them in 2023. Check it out below.

What is your biggest challenge right now?

Well, I guess a few things. I think what always keeps me up at night is how do we get the message out. How do we differentiate in a very noisy space? We know that technology-wise we can differentiate, but messaging-wise it’s difficult. A lot of people say the same thing but can mean it in different ways. One is of how we get this message out that we have something different and we have something that‘s worth looking at, given a crowded market with a lot of great companies. We have a lot of competition, and they’re good. Everybody’s trying to do the same thing here in protecting against the bad guys, we just think we do it a little bit better. We never want to be on the negative end of a breach. What gets us going every day is when we hear from a customer, or we‘ve been able to tell a customer that, that we were able to contain some malware, we got rid of it and it saved you X. A lot of our clients have been breached, that’s why they’re there with us now.

What are your thoughts on all the M&A in the market right now?

I think that there‘s always going to be acquisitions and mergers given just the sheer amount of vendors that are in the space. I think it’s hard for a market to support 4,000 or something cybersecurity vendors. The combination of companies only makes sense when they can truly integrate the product and technology and make each product better than they are on their own, and that‘s hard to do. There’s the tuck-in acquisitions that happen where there‘s some good technology out there but they can’t find the market. Then there‘s the true mergers that have wildly different results based on how well the companies integrate. It could be great or it could be disastrous, and it all depends on are you really additive in enhancing security or are you just layering in another product to sell for revenue.

How are you helping your partners prepare for an economic downturn?

I think there’s a few problems facing the cyber market, but one of them is a shortage of personnel. And as a result, the personnel can be very expensive. The first thing we’re doing is we provide services around our products that can manage our solution and manage it very cost effectively. From one perspective, it‘s how do you enhance security when budgets might be reduced? We saw that when COVID-19 came out. I wasn’t with Xcitium, I was with another company, but we had customers that said, ‘Look, I’ve got to take a 30 percent cost reduction across the board within IT.’ You can’t get rid of the things that are mission critical. We think we can save our customers a tremendous amount of sheer cash capital by our solution, and we can do that because of the way we’ve set up our SOC (security operations center) and the way that we can provide a very cost-effective service. We can provide some human resources and product resources for significantly less than competitors can.

So how are you handling the ongoing talent shortage?

The interesting thing with the talent shortage is it‘s there if you can pay for it. Sometimes vendors are in a better position to pay for it then end users. We can leverage them to generate revenue across multiple sectors. It’s a combination of we know a lot of people in the market and we’ve been in it for a long time. I’m not saying that it’s simple, but by and large we‘re okay. I think between me and my staff, we have some solid relationships we’ve built over 15 years, so I don’t think we have the same pressure. Again, not easy. People are more expensive than they used to be. But it’s easier for us to do it than it is for an automobile dealership whose real business is selling cars and servicing cars. They can’t pay what we can pay for a security analyst.

What are your partners’ biggest need right now and how are you helping them?

MSPs are looking at extending their services and adding that other S, becoming a MSSP, and providing the security stack alongside what they‘re doing. If I were to list our top three value props, this is probably one or two in terms of what gets us most excited. We can turn a MSP and we can provide them with all of the security services to offer their customers without them doing anything. We become the staff behind the staff. We can almost literally, with a click of a button, be providing our managed detection and response service and our endpoint security through a MSP to their end user without them having to do anything, and then we can train them over time. We just become an extension of that team and we’re able to price it so that there‘s significant margin advantages for the MSP.

Where are you placing your bets in terms of market trends for 2023?

One would be in the security risk to the SMB up to the midmarket. We find that one of the biggest trends is just the SMB market is deluged with threats.

The second market trend we‘re trying to capture is we do think that the market is seeing that some of the endpoint security technology, while good and improving, has been around for a while. There hasn’t been a lot of new innovation in endpoint security. We talked about the term EDR, endpoint detection and response, and that was a real needle-moving innovation back in 2014, 2015, 2016. And while it‘s better and it’s expanded, I still think that there‘s a market need for a fundamental way to try to attack the security market without relying solely on detection. We don’t tell anybody to get rid of your EDR at all, we’re trying to build on it.

We talked off the record recently and you said, “cyber is not just for the rich.” Can you double down on that?

Our internal mantra is MDR for the masses. It is because enterprise-class security also comes with enterprise-size prices. We try to engineer our products for the big guys and then we try to come down market, and it doesn‘t always work that way. Xcitium was purpose built for the midmarket on up. The technology is fine but we built it with this market in mind. What the fear is is the SMB faces similar threats as the enterprise. It may not be dollar-for-dollar as catastrophic but proportionately it’s every bit as catastrophic, but they don‘t have anywhere near the resources to combat that. So that’s what we‘re trying to say, we’ll give you something that Citibank would have, from an endpoint security perspective and a managed response perspective, but we‘re going to do it at a price that you can afford. The idea is to strengthen security everywhere.

What can we expect from Xcitium in 2023?

We’re truly shifting to an entirely channel model. We’re heavy channel now, but we’re kind of going all the way there. On the technology side, there’s lots of innovations that we continue to work on all around making the product more effective, easier to use and easier to deploy. Those are our benefits now, but we just always try to improve on that. I think for us, everything is in place to have a pretty big breakout year. We’re above the hurdle that a lot of cyber companies struggled to get to. We’re in the double-digit millions in revenue and we‘re looking to double this year, and we’re looking at doing it through the channel. It‘s an enormous market when you think of it globally. A part of the challenge is saying, ‘Let’s do one or two things really well right within market.’ We‘ve really doubled and tripled down on the MSP market and on the channel market in general. We’re kind of going all in. You’ll see it from who we hire, you’ll see it from how we engage with the partners going forward and the training and enablement program. We just stay away from those 100 percent guarantees.