Xcitium Managed Packages for Every Customer Need
Easily compare the security depth, capabilities, and service levels of Xcitium’s Managed Services
| Managed SOC-Guided | Managed EDR | Managed SOC- Device | |
|---|---|---|---|
| Managed Detection & Response | |||
| Detection and Monitoring | |||
| 24/7 Security Operations Center (SOC) Round-the-clock monitoring, analysis, and threat response by security experts. | |||
| Network Traffic Analysis (NTA) Monitors network traffic to detect anomalies or malicious activity patterns. | |||
| User Behavior Analytics (UBA) Analyzes user activity to identify suspicious or unusual behavior. | |||
| Log Management and Analysis Centralized collection and detailed analysis of system logs for threat detection. | |||
| Cloud Security Monitoring Specialized monitoring for cloud platforms like AWS, Azure, and Google Cloud. | |||
| Insider Threat Detection Identifies malicious activities initiated by employees or other internal actors. | |||
| Additional Log Retention Extends storage of log data for analysis, compliance, and forensic needs. | |||
| Threat Intelligence | |||
| Threat Feed Integration Provides real-time updates on vulnerabilities, exploits, and attack trends. | |||
| Adversary TTPs Maps and identifies attacker behaviors using frameworks like MITRE ATT&CK. | |||
| Monthly Threat Briefings Comprehensive summary of detected threats, containment actions, endpoint risk levels, and security trends across your environment.*Available with a minimum number of endpoints. Please contact sales for more information. | |||
| Threat Hunting | |||
| Proactive Threat Analysis Actively explores data to identify hidden or advanced threats. | |||
| Anomaly Detection Detects unusual activity patterns that automated systems might miss. | |||
| Incident Response | |||
| Automated Incident Containment Blocks malicious activity automatically to contain threats. | |||
| Incident Triage and Prioritization Assesses and prioritizes incidents based on their risk and impact. | |||
| Post-Incident Forensics Investigates incidents to determine their root cause and scope. | |||
| Remote Incident Containment Isolates compromised devices and threats without requiring on-site access. | |||
| Attack Surface Reduction Provides recommendations to minimize vulnerability to future attacks. | |||
| Vulnerability Management | |||
| Regular Vulnerability Scans Periodic scans to identify and report on system weaknesses. | |||
| Patch Management Recommendations Prioritizes updates to address critical vulnerabilities. | |||
| Compliance Support | |||
| Regulatory Compliance Assistance Guidance for adhering to frameworks like GDPR, HIPAA, PCI DSS, and SOC 2. | |||
| Audit-Ready Reports Provides documentation to support compliance audits. | |||
| Security Policy Development Helps create and maintain effective cybersecurity policies. | |||
| Reporting and Insights | |||
| Customizable Dashboards Real-time security status and incident visibility through tailored dashboards. | |||
| Executive-Level Reporting Summarized insights tailored for board or executive presentations. | |||
| Detailed Root Cause Analysis Explains how and why incidents occurred for better future prevention. | |||
| Key Performance Indicators (KPIs) Provides metrics to measure and improve security posture. | |||
| Advanced Capabilities | |||
| AI and Machine Learning Enhances detection and response through advanced analytics. | |||
| Cloud Sandbox Analyzes and isolates suspicious files in a secure virtual environment to detect and prevent advanced threats. | |||
| Zero Trust Architecture Support Implements Zero Trust principles for better access control and security. | |||
| Cross-Platform Protection Covers on-premises, cloud, and hybrid environments for comprehensive security. | |||
| Advanced Customer Support | |||
| 7x24 Advanced Customer Support Around-the-clock support for critical and non-critical issues. | |||
| Dedicated Account Management Provides a single point of contact for support and guidance. | |||
| Flexible Service Plans Tailored MDR packages to meet organizational needs. | |||
| Scalable Solutions Easily adjusts to accommodate growth or changes in the organization. | |||
| Platform SLA | |||
| 5x9 Customer Support Provides support during standard business hours. | |||
| 7x24 Advanced Customer Support Offers continuous support for critical security operations. | |||
| MDR SLA | |||
| Detection and Response | |||
| Threat Detection 95% of threats detected within 10 minutes of occurrence. | |||
| Incident Triage High-priority alerts triaged and escalated within 15 minutes of detection. | |||
| Threat Containment Active threats contained instantly with ZeroTrust Containment Technology. | |||
| Mean Time to Response (MTTR) Average response time of 30 minutes for critical incidents. | |||
| Monitoring and Availability | |||
| SOC Availability Security Operations Center (SOC) available 24/7/365. | |||
| Platform Uptime 99.9% uptime guarantee for the MDR management portal. | |||
| Log Availability Real-time log ingestion and availability with a latency of no more than 5 seconds. | |||
| Reporting and Insights | |||
| Post-Incident Reporting Detailed forensic reports provided within 24 hours of incident resolution. | |||
| Compliance Reporting Compliance Reporting Generates automated reports to ensure regulatory and security compliance. | |||
| Dashboard Updates Threat dashboards updated every 5 minutes with the latest detections. | |||
| Platform Technology Stack | |||
| NGAV (1st Tech Stack on Endpoint) Next-Generation Antivirus leveraging AI and behavioral analysis to detect and prevent sophisticated threats. | |||
| Award-winning Firewall Control (2nd Tech Stack on Endpoint) Advanced firewall capabilities to monitor and control incoming and outgoing network traffic effectively. | |||
| EDR (EDR with HIPS) (3rd Tech Stack on Endpoint) Protects individual devices by monitoring, identifying, and auto-responding to potential intrusions at the endpoint level | |||
| Deception (4th Tech Stack on Endpoint) Xcitium delivers deception-like security by isolating unknown threats in a lightweight, non-persistent virtualised environment—no decoys, no assumptions, no impact. | |||
| Zero Trust (5th Tech Stack on Endpoint) Proactively neutralize unknown threats by virtualizing their attack vectors, effectively preventing damage from emerging and undetected threats with Patented Zero Trust Containment technology. | |||
| ITSM (6th Tech Stack on Endpoint) Tools and processes for managing IT services, incident response, and integration with security workflows. | |||
| EXDR (Enhanced XDR) (7th Tech Stack on Endpoint) Extends endpoint detection and response by integrating network, cloud, and identity telemetry to deliver unified threat visibility and automated cross-domain response across the enterprise. | |||
| SIEM - Security Information & Event Management (8th Tech Stack On cloud) Aggregates and analyzes security data across an organization for real-time threat detection and response. | |||
| Platform Capabilities | |||
| Tri-Detection vs Uni-Detection Tri-detection employs multiple methods (e.g., static, behavioral, and AI),compared to a single-detection approach. | |||
| Integrated AI/ML Threat Intel & Indicators Uses AI/ML to analyze threat intelligence and provide actionable insights for early threat detection. | |||
NGAV Static & Behavioral AI Threat Prevention Combines traditional static analysis with behavioral AI to identify and prevent known and emerging threats. | |||
| Data Loss Prevention & Remediation Prevents sensitive data exfiltration and provides automated remediation strategies to reduce data breaches. | |||
| Attack Surface Reduction Identifies and minimizes entry points for attackers, reducing overall exposure to threats. | |||
| Viruscope Monitors application behavior to detect and block malicious activity in real time. | |||
| Advanced EDR (AEDR) | |||
| Advanced Response Tools Provides centralized monitoring and control of endpoints for proactive management. | |||
| Remote Scripting Capabilities Enables administrators to execute scripts remotely for remediation and system management. | |||
| Quarantine and Removal of Files Isolates malicious files and removes them to prevent further infection or propagation. | |||
| Kill Processes Remotely Terminates malicious or unauthorized processes on endpoints from a centralized location. | |||
| File Retrieval Allows secure retrieval of files from endpoints for forensic analysis or investigation. | |||
| CLI access to the endpoint Allows secure command line and powershell access to endpoints for analysis or investigation. | |||
| Remote Windows Event log Allows for secure remote access to windows event logs for for analysis or investigation. | |||
| Network Isolation Segregates compromised endpoints from the network to contain threats and prevent spread. | |||
| Enhanced XDR (EXDR) Detection | |||
| Interprocess Memory Access Monitors and detects unauthorized or suspicious access between processes to prevent malicious exploitation. | |||
| Windows/WinEvent Hook Tracks hooks into Windows events, often used by attackers to monitor or manipulate system behavior. | |||
| Device Driver Installations Detects installation of potentially malicious or unauthorized drivers to protect system integrity. | |||
| File Access/Modification/Deletion Monitors changes to files for signs of tampering, unauthorized access, or data exfiltration attempts. | |||
| Registry Access/Modification/Deletion Tracks interactions with the Windows Registry to identify unauthorized changes or potential persistence mechanisms. | |||
| Network Connection Observes outgoing and incoming network traffic to identify malicious connections or data exfiltration. | |||
| URL Monitoring Tracks access to URLs to detect phishing, malware downloads, or command-and-control (C2) communication. | |||
| DNS Monitoring Monitors DNS queries to detect suspicious or anomalous domain resolution activity linked to attacks. | |||
| Process Creation Tracks the creation of processes to identify unauthorized or suspicious execution patterns. | |||
| Thread Creation Monitors thread-level activity for malicious behavior, such as injected or rogue threads. | |||
| Inter-Process Communication (Named Pipes, etc) Observes inter-process communications like named pipes to detect covert data sharing or control signals. | |||
| Telemetry data itself can be extended in real time Enables real-time expansion of telemetry data for deeper insights and rapid response to emerging threats. | |||
| Event chaining and enrichment on the endpoints Correlates and enriches security events directly on endpoints for contextualized threat detection and response. | |||
| Enhanced XDR (EXDR) Investigation | |||
| Adaptive Event Modeling Dynamically models events to identify anomalous patterns and detect evolving threats. | |||
| Behavioral Analysis Examines active memory, OS activity, user behavior, and application processes for signs of malicious behavior. | |||
| Static Analysis of Files Analyzes files using machine learning to detect threats, excluding traditional signature-based methods. | |||
| Time-Series Analysis Evaluates data over time to identify trends, anomalies, and patterns related to potential security events. | |||
| Integration with Automated Malware Analysis Connects with sandboxing solutions to analyze malware in isolated environments and enhance investigations. | |||
| Threat Hunting Interface or API Provides tools like YARA, REGEX, ElasticSearch, and IOC search capabilities for advanced threat hunting. | |||
| Support for Matching Against Private IOC Allows comparison of observed data with private Indicators of Compromise (IOC) for tailored threat detection. | |||
| Threat Intelligence Integration Insights and visibility into cyber threats and vulnerabilities | |||
| Linking Telemetry to Recreate Events Connects observable data to reconstruct the sequence of events for detailed investigations. | |||
| Process/Attack Visualization Visualizes attack paths and processes to simplify analysis and understanding of threats. | |||
| Alert Prioritization Based on Confidence Ranks alerts by confidence level and allows threshold settings to avoid noise and improve response accuracy. | |||
| Alert Prioritization Factors System Criticality Considers the criticality of affected systems when prioritizing alerts for response. | |||
| Risk Exposure Monitoring Tracks risks across the environment and organizes them by logical asset groups for targeted action. | |||
| Reporting on Frequent Alerts for Automation Identifies repetitive alerts suitable for automated responses to reduce manual workload. | |||
| Services | |||
| (CTRL) Xcitium Threat Research Labs Service Offers access to expert threat researchers for advanced analysis and threat intelligence. | |||
| Automation Scripting Service Provides custom automation solutions to streamline and accelerate security operations. | |||
| Baselining Pro Service Assists in creating system baselines for normal behavior to enhance anomaly detection. | |||
| Cyber Transparency Service Delivers insights and visibility into cyber threats and vulnerabilities affecting the organization. | |||
| Endpoint Compliancy & Management | |||
| Patch Management Automates the deployment of software updates and patches to reduce vulnerabilities. | |||
| Vulnerability Reporting Identifies and reports on unpatched vulnerabilities, such as those tied to CVEs, to reduce risk exposure. | |||
| Xcitium Custom Security Policies Enables creation of tailored security policies to address unique organizational needs. | |||
| Device Asset Discovery Identifies and inventories all devices within the network to enhance visibility. | |||
| Remote Monitoring and Management Provides centralized monitoring and control of endpoints for proactive management. | |||
| Vulnerability Scanning Scans systems to identify and report on vulnerabilities that could be exploited. | |||
| Device Enrollment Simplifies onboarding of devices into security and management systems. | |||
| Incident Log Activity Tracks and records security incidents for auditing and investigative purposes. | |||
| Application Control Manages and restricts application usage to prevent unauthorized or risky software. | |||
| External Device Control Restricts access and usage of external devices like USB drives to prevent data loss. | |||
| Compliance Reporting Generates reports to demonstrate adherence to security and regulatory requirements. | |||
| Hosted Ticketing Provides a centralized ticketing system for managing security-related tasks and issues. | |||
| Customer Support | |||
| Response Time for Support Requests Support tickets acknowledged within 15 minutes for critical issues. | |||
| Issue Resolution Time Operational issues resolved within 4 hours for standard cases, 1 hour for critical cases. | |||
| Dedicated Account Manager Non-critical queries receive a response within 24 hours. | |||
| Data Security & Encryption | |||
| Data Encryption Ensures 100% encryption of data at rest and in transit. | |||
| Data Retention 7 to 30 days by default, customization options are available. | |||
| Breach Notification Customers notified of suspected data breaches within 4 hours of discovery. | |||
| Performance Metrics | |||
| False Positive Rate 0% false positive in escalated alerts. | |||
| Mean Time to Detect (MTTD) Incidents detected in 0 seconds with Zero Trust Containment technology. | |||
| Incident Success Rate 100% of incidents successfully contained and remediated. | |||
| Custom SLAs | |||
| Critical Applications Critical business applications monitored with a 5-minute SLA for threat detection. | |||
| Industry-Specific Compliance Ensures compliance with industry standards such as HIPAA, PCI DSS, or GDPR. | |||
| Cyber Insurance | |||
| Cyber Insurance | |||
| MDR - Cloud | |||
| 24/7 Security Operations Center (SOC) Round-the-clock monitoring, analysis, and threat response by security experts. | Yes | ||
| Network Traffic Analysis (NTA) Monitors network traffic to detect anomalies or malicious activity patterns. | Yes | ||
| User Behavior Analytics (UBA) Analyzes user activity to identify suspicious or unusual behavior. | Yes | ||
| Log Management and Analysis Centralized collection and detailed analysis of system logs for threat detection. | Yes | ||
| Cloud Security Monitoring Specialized monitoring for cloud platforms like AWS, Azure, and Google Cloud. | Yes | ||
| Insider Threat Detection Identifies malicious activities initiated by employees or other internal actors. | Yes | ||
| Additional Log Retention Extends storage of log data for analysis, compliance, and forensic needs. | Yes | ||
| Managed SOC- Network | |||
| Network Traffic Monitoring Continuous monitoring of inbound/outbound traffic for suspicious activity. | |||
| Intrusion Detection & Prevention (IDS/IPS) Detects and blocks malicious signatures, behaviors, and exploits. | |||
| Web Protection Filtering Blocks harmful or risky websites using category-based and threat-intelligence-based filtering. | |||
| Email Threat Protection Multi-layer filters for phishing, malware attachments, spoofing, and spam. | |||
| Firewall Rule Auditing & Optimization SOC reviews firewall rules and identifies overly permissive or risky configurations. | |||
| Lateral Movement Detection Identifies anomalous internal traffic between devices, servers, cloud services. | |||
| Encrypted Traffic Analysis Detects threats within encrypted traffic without decrypting payload content. | |||
| DNS Security Monitoring Detects malicious domains, command-and-control callbacks, domain generation algorithms. | |||
| Network Asset Discovery Finds unmanaged or rogue network devices. | |||
| Anomaly-based Network Behavioral Analytics Identifies zero-day patterns through baseline comparison. | |||
| Threat Containment Support SOC guides isolation of compromised networks or VLANs. | |||
| Email Fraud/Impersonation Detection Identifies spoofing, domain abuse, and unauthorized email senders. | |||
| Network Compliance Reporting Provides audits and reports aligned with ISO, SOC2, PCI, NIST. | |||
| Managed SIEM | |||
| 24/7 Security Event Monitoring Real-time monitoring of logs across endpoints, servers, cloud, network devices, SaaS apps. | |||
| Centralized Log Collection Aggregates logs from Windows, Linux, firewalls, routers, switches, cloud platforms, EDRs. | |||
| Correlation & Analytics Engine Correlates events across systems to surface high-fidelity threats. | |||
| Automated Threat Detection Rules Pre-built rules for brute force, privilege escalation, lateral movement, malware trends. | |||
| Behavioral Anomaly Detection Detects unusual login patterns, data access anomalies, script abuse. | |||
| Kill-Chain & MITRE ATT&CK Mapping Identifies an attacker’s tactics across the entire incident lifecycle. | |||
| Alert Triage & Prioritization SOC analyzes, validates, and prioritizes alerts to eliminate false positives. | |||
| Incident Ticket Creation Auto-creates actionable tickets with recommended remediation steps. | |||
| Log Retention Stores logs for compliance retention periods (configurable). | |||
| Forensic Log Analysis SOC investigators provide root cause analysis and timeline reconstruction. | |||
| Threat Intelligence Integration Enriches logs with global threat intel to validate IoCs/IPs/domains. | |||
| Compliance Reporting Pre-built reports for PCI, HIPAA, SOC2, ISO27001, NIST. | |||
| Managed ITDR | |||
| Identity Behavior Analytics Detects unusual login frequency, odd hours, new device access, impossible travel. | |||
| Compromised Account Detection Alerts when credentials are reused, stolen, or traded on dark web. | |||
| Suspicious Login Monitoring Flags geo-anomalous, MFA-bypassed, or brute-force login events. | |||
| Privileged Account Abuse Detection Identifies misuse of admin or elevated accounts. | |||
| Lateral Movement Detection (Identity-based) Detects credential hopping, token theft, privilege escalation. | |||
| Cloud Identity Monitoring Supports Microsoft 365, Entra ID, Google Workspace, AWS IAM, Azure AD. | |||
| Script & Command Abuse Detection Identifies malicious PowerShell, CMD, Python, token-injection scripts. | |||
| Mailbox Rule Manipulation Detection Detects forwarding rules commonly used in BEC attacks. | |||
| OAuth App Abuse Monitoring Alerts on malicious applications requesting risky permissions. | |||
| Password Spray & Brute Force Detection Identifies repeated failed attempts across accounts. | |||
| Identity Risk Scoring Scores account exposure level for every user. | |||
| SOC-led Investigation & Guidance Human analyst validates identity threats and provides mitigation steps. | |||
| Identity-Focused Compliance Reporting Helps meet CIS, SOC2, ISO27001 identity standard requirements. | |||
| Managed SAFE | |||
| Managed Security Awareness Training | |||
| Interactive Video-Based Training Engaging, scenario-driven videos to reinforce real-world cybersecurity behaviors. | |||
| Automated Training Assignments Auto-enroll users into training programs based on risk level, department, or compliance requirements. | |||
| Cyber Hygiene & Best Practices Education Teaches password security, MFA hygiene, safe browsing, and email security basics. | |||
| Quarterly Security Refresher Courses Continuous education to keep cyber awareness top-of-mind. | |||
| Real-Time Learner Analytics Dashboard Tracks enrollment, participation, completion, and risk scores. | |||
| User Risk Scoring Automatically assigns risk levels based on training performance and phishing behavior. | |||
| Automatic Notifications & Reminders Email reminders to ensure your workforce completes assigned lessons. | |||
| Multi-Language Content Support Global-ready training library for multilingual teams. | |||
| Detailed Compliance Reports Exportable progress and audit reports for internal and regulatory requirements. | |||
| Managed Phishing Simulation | |||
| Quarterly phishing campaigns We use and develop new phishing campaigns quarterly based on what has happened to similar peers in your industry and department. | |||
| Realistic Phishing Attack Templates Library of spear-phishing, spoofing, credential harvesting, and malware-themed templates. | |||
| Credential Harvest Simulation Tests whether employees fall for fake login pages or credential theft traps. | |||
| Payload-Less Simulation Attacks Safe simulations mimicking real-world phishing without risk. | |||
| Targeted Campaigns by Department or Role Send specialized phishing tests to finance, HR, executives, IT admins, etc. | |||
| Click & Report Tracking Measures who clicked, who opened, who reported — and who needs more training. | |||
| User Susceptibility Scoring Assigns a risk score to each employee based on historical behavior. | |||
| Adaptive Difficulty Levels To keep your staff at the top of their game, our progressive difficulty campaign design delivers increasingly believable phishing attempts as their detection skills improve. | |||
| Real-Time Dashboard View campaign results instantly with visual breakdowns and risk distribution. | |||
| Automated Remedial Training Assignment Users who fail phishing tests are automatically assigned refresher courses. | |||
| Executive Summary Reporting Reseller-ready and compliance-ready reports to show risk reduction over time. | |||
Why Choose Xcitium?
Xcitium exists to ensure that people can embrace technology fully, without the shadow of insecurity hanging over them. We’re here to give users the freedom to explore, create, and connect without fear. Whether it’s preventing unknown files from compromising systems or offering innovative approaches to endpoint protection solution, Xcitium’s technology is designed to foster confidence. We believe that by keeping the digital ecosystem secure, we’re directly contributing to human evolution—by enabling people to take full advantage of the tools that define our era.
