Startup Profile: Exium Blends XDR with SASE


By: R. Scott Raynovich

The secure access service edge (SASE) market, which blends popular cloud security services with software-defined wide-area networking (SD-WAN), is gaining both sales momentum and popularity, with dozens of startups going after this multibillion-dollar market.

There are many use cases for SASE, including using secure access to replace virtual private networks (VPNs), zero-trust networking, implementing cloud access service broker (CASB), zero-trust network access (ZTNA), and web firewalling. You can read our SASE Cloud Market Trend report for the full download.

Exium is one of the latest SASE startups to pipe up, pointing out that its Intelligent Cybersecurity Mesh blends cloud-based Extended Detection and Response (XDR) security capability with additional SASE technologies such as secure Web access, ZTNA, and threat detection. The company recently announced that it has seen 10X growth in annual recurring revenue (ARR). That's a lot of acroynms!

Of course, that number should be taken cautiously -- Exium has only about 40 employees so its revenue base is likely low and easy to increase at a fast rate. The test will come this year as company adds staff. CEO and founder Farooq Khan said in an interview this week that the company plans to double staff to meet demand. Recent additions include industry veteran Michael Gallagher, recently hired as president and COO. Gallagher was previously the CEO at SpiderCloud Wireless and FiberTower, as well as the president of Flarion Technologies, which was acquired by Qualcomm.

A 5G Standards Strategy

Exium has a new spin on both 5G security as well as SASE. The company maps all of its security standards, including zero-trust authentication, to existing 5G core architecture. It also uses popular protocols such as Generic Routing Encapsulation (GRE) and IPsec. GRE is an encapsulation and encryption protocol that can be used to set up secure tunnels between networking devices. It also uses hardware root of trust to store encryption keys on trusted devices.

Exium uses these security techniques to build what it calls a "5G Clean Network" to authorize users and control encryption following the 5G standards architecture. It's another security overlay, but one based on existing standards, not proprietary technology. You might ask - what if a device does have 5G? In that case, Exium says it can "uplift" a device by using software to install the security overlay on a Linux virtual machine (VM), which mimics the 5G security architecture. See the 5G security diagram below.

Source: Exium

On the XDR front, which is a key feature set of SASE, Exium points out that it can run hybrid XDR, which means that it can accept and integrate data from third parties. XDR is a growing technology that ingests data from many sources and scans for security anomalies. Hybrid XDR can use integrations with third-party tools, such as telemetry, to ingest and process more data.

Public Cloud Native with Mid-market Focus

Another major differentiator for Exium is that its network runs in existing public clouds, rather than on a proprietary network. Exium refers to this as "cloud-native." Cloud-based SASE solutions and cloud access service brokers (CASBs) such as Cato Networks, Netskope, and Zscaler use their own networks to carry customer traffic.

"We are removing the complexity and cost by combining SASE with XDR and replacing SIEM to deliver that as a single cloud service," says Khan.

The company says it is primarily focused on the mid-market, where ease-of-use and affordability are in high demand. Exium isn't naming customers at this point but it points out that recent notable wins include multiple mid-market customers, federal government agencies, a Fortune 500 company, and the addition of major distributors with 15 overall in North America, EU, and Asia-Pacific regions.

Currently, Exium says it has five available modules in its network, including Secure Internet Access (SIA) to enable employees to securely connect to public websites and SaaS applications; Secure Private Access (SPA) to provide secure Zero Trust remote access to internal private applications; Secure SD-WAN to securely connect office or branch locations; Secure Things Access (STA) to protect IoT and OT devices with end-to-end encryption and Zero Trust authorization; and XDR to protect against zero-day and other advanced threats.

"The Exium cloud-native solution provides an integrated security and networking solution, aligned with top-of-mind Zero Trust initiatives, and provides flexibility and adaptability as well as integration into IT and security operations functions,” said Jerry Cochran, deputy chief information officer, Pacific Northwest National Laboratory, and former principal engineering manager, cloud + enterprise security engineering at Microsoft, in a published release.

Startup Profile: Exium

HQ Location: Palo Alto, Calif.

CEO: Farooq Khan (JMA Wireless, PHAZR, Samsung, Bell Labs)

Target Market: XDR, SASE, and ZTNA

Prominent Investors: 3i Infotech

Funding Raised to Date: Not disclosed.