Sign In
BGP

Compare Xcitium To SentinelOne

EDR- labs statistics
Features Breakdown
Xcitium EDR Logo Horizontal Dark

SentinelOne EDR Logo
EPP Capabilities
    
Signature-based anti-malware protection
Machine learning/Algorithmic file analysis on the endpoint
Machine learning for process activity analysis
Process isolation
Memory protection and exploit prevention
Protection Against Undetected Malware
Application whitelisting
Local endpoint sandboxing/endpoint emulation
Script, PE, or fileless malware protection
Integration with on-premises network/cloud sandbox
Real-time IoC search capabilities
Retention period for full access to data No Limit 14 days, can be extended up to 365 days
Endpoint Firewall
FW Learning Mode
Automatically creates network traffic rules
URL Filtering
Host Based IPS
USB device Contol
Full Device Control (Device Control based on Device Class product ID, Vendor ID and Device Name)
Agent self-protection/remediation or alerting when there is an attempt to disable, bypass, or uninstall it
Ransomware protection
Protect/block ransomware when "Offline" or "Disconnected" from the internet?
VDI support
Manage, and maintain, an application control database of known "trusted" applications?
Multi-tenant cloud based service
EPP management console available as an on-premises virtual or physical server/application
Consolidated EPP management console to report on, manage, and alert for Windows macOS clients and mobile
Requires Additional Product(s)
Data loss prevention
Mobile Device Management Requires Additional Product(s)
Mobile Threat Defense Requires Additional Product(s)
Vulnerability and patch management
Network/Cloud sandboxing Cloud Sandbox
Security Orchestration, Analysis and Response (SOAR) Integration
Network discovery tool
Remote Access
Remote scripting capabilities
Default Deny & Containment
    
Default Deny Security with Default Allow Usability
Run unknown files with Zero Threat 100% Protection
Create Virtual environment for any unknowns
Virtualize file system, registry, COM on real endpoints
Telemetry (EDR Observables)
    
Interprocess Memory Access
Windows/WinEvent Hook
Device Driver Installations
File Access/Modification/Deletion
Registry Access/Modification/Deletion
Network Connection
URL Monitoring Requires Additional Product(s)
DNS Monitoring Requires Additional Product(s)
Process Creation
Thread Creation
Inter-Process Communication (Named Pipes, etc)
Telemetry data itself can be extended in real time
Event chaining and enrichment on the endpoints
Detection/Hunting/Reporting
    
Adaptive Event Modelling
Behavioral analysis (e.g. Analysis over active memory, OS activity, user behavior, process/application behavior, etc.)
Static analysis of files using capabilities such as machine learning (not including signature based malware detection)
Time-series analysis
Integration with automated malware analysis solutions (sandboxing)
Threat Hunting interface or API for searching with YARA/REGEX/ElasticSearch/IOC IOC / Regex
Support for matching against private IOC
Threat Intelligence integration (TIP, upload, webservice connector, etc) to enrich and contextualize alerts
Linking telemetry (observable data) to recreate a sequence of events to aid investigation
Process/attack visualization
Incident Response Platform (IRP) or orchestration integration?
Vulnerability reporting (ex. reporting on unpatched CVEs)
Alert prioritization based on confidence, able to define thresholds for alerting.
Alert prioritization factors system criticality
Able to monitor risk exposure across environment organized by logical asset groups
Reporting interface identifies frequent alerts that may be appropriate for automating response
Response
    
Remote scripting capabilities
Quarantine and removal of files
Kill processes remotely
File retrieval
Network isolation
Filesystem snapshotting
Memory snapshotting
Managed Endpoints (XMDR)
    
Manage customer endpoints and policies
Advanced Threat Hunting
Preemptive containment
Application profiling (AI support)
Customizable policy creation
Central monitoring of all endpoints
Live remote inspection
Tuning of monitoring rules for reduction of false positives
Forensic analysis
Managed Network
    
Cloud-based SIEM and Big DataAnalytics Requires Additional Product(s)
Log data collection/correlation Requires Additional Product(s)
Threat intelligence integration Requires Additional Product(s)
Network profiling (AI support) Requires Additional Product(s)
Available as virtual or physical Requires Additional Product(s)
Integrated file analysis (cloud sandbox) Requires Additional Product(s)
Full packet capture Requires Additional Product(s)
Protocol analyzers for 40+ different protocols such as TCP, UDP, DNS, DHCP, HTTP, HTTPS, NTLM, etc. with full decoding capability Requires Additional Product(s)
Managed Cloud
    
Includes ready-to-use cloud application connectors for:    
Azure Requires Additional Product(s)
Google Cloud Platform Requires Additional Product(s)
Office 365 Requires Additional Product(s)
AWS Requires Additional Product(s)
Threat detection for cloud applications Requires Additional Product(s)
Log collection from cloud environments Requires Additional Product(s)
Generating actionable incident response from cloud application Requires Additional Product(s)
Threat intelligence and Verdict
    
Holistic security approach Combined network, endpoint, cloud
Internal security sensor logs (IOCs)
Expert Human Analysis Requires Additional Product(s)
ML & Behavioral Analysis and Verdict
Open source threat intelligence feeds
Information sharing with industry
Clean web (phishing sites, keyloggers, spam)
Deep web (C&C servers, TOR browsers, database platform archives—pastebins)
Cyber Adversary Characterization
Security Operations Center (SOC)
    
Global, real-time support (24 / 7 /365) Requires Additional Product(s)
Dedicated cybersecurity expert Requires Additional Product(s)
Breach (case) management Requires Additional Product(s)
Security monitoring Requires Additional Product(s)
Incident analysis Requires Additional Product(s)
Incident response (handling) Requires Additional Product(s)
Extensive threat hunting (scenario-based) Requires Additional Product(s)
Awards/Certifications
CRN-EDRAVlab- EDRAVtest Approved Endpoint Detection and ResponseAVtest Approved EDRtop infosec innovator logo
View Our Report