Xcitium Advanced — EPP + EDR + ZeroDwell Containment
Xcitium Advanced is the entry tier of the Xcitium Platform (xcitium.com official lineup). EPP + EDR + ZeroDwell Containment. ZeroDwell virtualises unknown executables at the kernel-API level in real time, removing the "probably safe" gap of classic EDR. Self-managed by the customer's SOC/IT team; can be upgraded to the Xcitium Managed (MDR) tier for 24/7 outsourced SOC.
ZeroDwell Containment
Patented kernel-level API virtualisation — all unknown executables run isolated.
EDR Telemetry
Process tree, file/registry/network events, root-cause analysis.
Behavioural AI
Behaviour modelling + cloud verdict engine for unknown threats.
Breach Warranty
Architectural warranty: financial responsibility for breaches Xcitium failed to catch.
Default-Deny vs Default-Allow
Classic AV/EDR runs unknowns until proven bad. Xcitium runs them inside ZeroDwell until proven good. Critical against modern ransomware and zero-days.
Xcitium Tier Comparison
The table below compares the Advanced tier you are viewing with other Xcitium tiers.
| Feature | Advanced (you) | Managed (MDR) | Complete (XDR) |
|---|---|---|---|
| ZeroDwell Containment | ✓ | ✓ | ✓ |
| EPP (Endpoint Protection) | ✓ | ✓ | ✓ |
| EDR (Detection & Response) | ✓ (Windows) | ✓ (Windows) | ✓ (Windows) |
| 24/7 Xcitium SOC service | — | ✓ | ✓ |
| Proactive threat hunting | — | ✓ | ✓ |
| Cloud-layer correlation (M365/AWS/Azure) | — | — | ✓ |
| Network telemetry correlation | — | — | ✓ |
| Identity / email correlation | — | — | ✓ |
| Management model | Self-managed | Co-managed | Fully-managed |
| Typical user count | 20-500 | 30-500 | 100+ |
When to move to Managed (MDR)?
Organisations without their own 24/7 SOC who need monitoring, triage and response should consider Xcitium Managed. Advanced provides the technology; Managed adds the expert team.
Licensing
Per Managed Device · Annual Subscription
- 1 year
- 3 years (recommended)
Each active managed device (Win/macOS/Linux workstation or server) consumes one seat. Mobile (iOS/Android) counts as a separate seat. EDR module is Windows-only.
Who is this for?
Frequently Asked Questions
Yes — Defender stays passive; Xcitium becomes the primary EDR. Hybrid configuration is common.
OS-level virtualisation, not a hypervisor. Users notice nothing in 99% of scenarios; allowlist solves any heavy-I/O edge cases.
No — EDR module is currently Windows-only. ZeroDwell + EPP cover macOS/Linux too.
Xcitium Mobile is available for iOS/Android but is licensed as a separate seat. Confirm exact SKU with the distributor.
Advanced = technology (your team manages it). Managed = same technology + 24/7 monitoring, triage and response by the Xcitium SOC.
Xen Bilişim Deployment Process
- 1. Discovery & sizing: Current environment, user count, OS/cloud distribution and compliance requirements analysed; correct SKU and licence count proposed.
- 2. Pilot deployment: A 10-25 device subset goes live; integration with existing security stack tested; alerting + reporting configured.
- 3. Full rollout: Phased rollout across all endpoints; policy templates applied; user training and IT runbook delivered.
- 4. Optimisation & follow-up: 90-day post-launch tuning: false-positive triage, policy hardening, KPI review and quarterly health-checks.
Typical end-to-end timeline: 2-4 weeks (varies by user count and integration scope).