Ken Levine, CEO, Xcitium

NetEvents Global Live! – CxO Perspectives: Improving End-Point Security solutions with Zero Dwell Containment
~ Ken Levine, Chief Executive Officer, Xcitium ~

Xcitium is a cybersecurity company that promises to solve the problem of “known unknowns” – the malware that traditional detection methods miss. With an estimated 560,000 new pieces of malware created every day, new threats are constantly crossing enterprise networks and lurking in their systems, usually for several weeks before being detected. The damage has often already been done by the time the security team is aware of the problem.


Xcitium, formerly known as Comodo Security Solutions, is taking on some of the big names in the EDR/MDR/XDR space. Instead of going head to head, it is taking a more nuanced approach by using its secret weapon ZeroDwell Containment to infiltrate the installed base of rival vendors.


Xcitium took the wraps of the ZeroDwell Containment strategy at the NetEvents Global Media Summit in San Jose in February where NetReporter’s Julian Patterson caught up the company’s CEO Ken Levine.


NetReporter: Tell us a bit about yourself, Ken


Ken Levine: I’ve been in the cybersecurity space since 2006. This is my fourth CEO gig of a cybersecurity company. Prior to that I was in the network infrastructure space for a decade or so. I really enjoy smaller type companies and trying to grow them, particularly companies that have some compelling technology.


NetReporter: Why does the cybersecurity market just keep growing?


Ken Levine: It’s a great question. It’s one of the only markets I can think of where you spend more and you become less secure. But the problem is so pervasive, the problem is so complex, that the solutions to the problems are also therefore complex. And you’ve got adversaries here that have companies with bonus structures and termination agreements just like regular companies. The criminal element is pervasive, and they only have to be right once. [The good guys have] to be right every single time. The result is you’ve got to keep spending, you’ve got to keep pace and try to outsmart the adversary because the damage continues to escalate.


NetReporter: Is there any end to what organisations are going to need to spend to protect themselves in future?


At some point the incremental spend has to level off. But there are so many tools coming out, integrating them into a single solution that will work for customers has become so complex. And the human element of it is, “well, if we’re not quite secure enough now, let’s add [more protection]”. I think that’s going to continue to build but at some point it will be fixed in terms of how much of the overall IT budget cybersecurity will become. When the repercussions of being breached go higher, so does your potential cost to solve that problem.


NetReporter: So let’s talk about Xcitium. Why does the world need another cybersecurity vendor?


Ken Levine: What we’re trying to do is fundamentally invert the formula in play today in endpoint security, which is where Xcitium is focused. The industry relies on detection first, and detection is fallible. There’s no way to detect 100%. It’s a mathematical impossibility.


So what do you do when you’ve got unknown, potentially malicious malware running in your network? And we guarantee the whole industry would agree that’s happening in every single company of any size right now. It takes time to detect and sometimes you can’t ever detect it. Because if the malware doesn’t declare what it’s trying to do, you don’t know what it is.


Rather than relying only on detection, we’ve flipped it and say if we can stop the breach, we can prevent damage from the breach, [even if] we still can’t stop malware from getting into your network any better than anybody else can. What we can do is make sure it never executes, so it never does any damage. And that’s a really a fundamental shift in endpoint security. We’re saying prevent then detect, versus right now [when] we have detect and detect.


NetReporter: What is zero dwell containment and why do people need it?


Ken Levine: The longer unknown malware sits on your network, the more dangerous it is. It used to be that it could take malware months to grab hold of what it needs in order to execute and cause problems. The longer it dwells inside your network, the more dangerous [it is]. Dwell times have continuously come down where malware can execute and start causing damage in hours. So how do you make sure it doesn’t dwell at all? And that’s what our ZeroDwell Containment is about. It’s about taking anything unknown, that’s coming into your network [and] quarantining it until we have a chance to figure out what the heck it is. Because it never dwells, it’s never there. It’s always in its own containment. That’s how we prevent any damage from occurring.


NetReporter: What is it exactly that you’re announcing at NetEvents here in San Jose?


Ken Levine: We’re announcing that the ZeroDwell Containment that we just spoke about is now licensable on its own. The significance of that is that we have a full endpoint platform: we do antivirus, we do EDR, we do host intrusion prevention. But not every customer out there [has Xcitium installed], either because they’re under contract for another couple years, or they have an embedded system that they don’t want to displace.


But they want this ZeroDwell containment, they want this damage prevention piece. So we’ve now certified nine different endpoint vendors that we can run compatible. So if you’ve got a CrowdStrike or Sentinel One or a Microsoft Defender implementation right now and you’re using EDR, you’re using their endpoint, keep it, but we can just layer in on top of it.


So we now have two points of entry. We can run right on top of what they’ve gotten. It’s a relatively frictionless way to bring this this technology to more people. Or of course, we compete on the whole endpoint as well.


NetReporter: As you’ve said, Xcitium sells its own EDR platform. So why are you giving away the thing that makes your product unique? Isn’t it a bit like Coca Cola licencing its recipe to other soda makers?


Ken Levine: We’ve thought about that a lot. And I think barriers to entry into markets play a role. At the end of the day, while we provide EDR and we have all of those platforms, our value to the industry is this ZeroDwell Containment, that’s what nobody else has. We would argue EDR is it’s almost commoditizing now. It’s fabulous, it gives you great visibility, and detection is better and better every day, but it will never be enough. So we don’t want anybody to throw out EDR- and you can have ours if you want – but the ZeroDwell is where we think our value on the endpoint is. So we charge a higher percentage for that than we do for the entire endpoint, because that’s where we feel the value is. That’s all we’re doing differently, and just letting them take advantage of ZeroDwell Containment.


NetReporter: We’ve got the international tech media at this event today, Ken. What else do you have to tell them?


Ken Levine: We’ve always had a large global presence. More than 50% of our business is coming from various international geographies. And so we’re announcing a number of partnerships that we’ve developed over the last six plus months. A lot of them are now ready to go. It takes some time to get the whole sales motion down but we have some fabulous companies that are ready to ready to take this unique messaging to their customers.


So we’re announcing partnerships in Brazil as well as in Europe and Asia. We’re really excited about what we can do in the international markets.


NetReporter: Finally, what can we expect to see from Xcitium in the next year or so? What are your immediate goals?


Ken Levine: We want to establish ourselves as a market leader, as somebody trying to disrupt a market that needs disruption, but doing it in a non-disruptive way, if you know what I mean.


On the technology strategy front, we’re looking at extending this containment idea to the cloud, to the edge of the network and anywhere that it’s needed. In networks the attack threat surface gets larger and larger all the time with new devices coming on and with IoT. We want to be able to bring this kind of this prevention first, technology and philosophy to a to a broader market.






Call for Papers

  • About You

  • About Your Paper Submission