Understanding Xcitium in Plain English
Xcitium is a bundled cybersecurity and IT operations platform. While it can be explained in layers (RMM, AV, XDR, SIEM, etc.), it is actually sold as integrated packages where multiple capabilities are combined together.
Feature vs Xcitium Package Mapping
| Capability | Endpoint Platform | RMM / ITSM | XDR | MDR | SOCaaP |
|---|---|---|---|---|---|
| Antivirus (AV) | ✔ Included | — | Uses data | Uses data | ✔ Included |
| Firewall | ✔ Included | — | Uses data | Uses data | ✔ Included |
| Containment | ✔ Core feature | — | Supports detection | Monitored | ✔ Included |
| EDR | ✔ Included | — | ✔ Core input | ✔ Used heavily | ✔ Included |
| RMM | — | ✔ Core feature | Optional input | Optional | ✔ Included |
| Patching | — | ✔ Included | Supports risk context | Reviewed | ✔ Included |
| SIEM (Log Collection) | Feeds data | Feeds data | ✔ Embedded | ✔ Used | ✔ Core feature |
| XDR | Feeds data | Feeds context | ✔ Core platform | ✔ Used | ✔ Included |
| MDR (Human Response) | — | — | Optional add-on | ✔ Core feature | ✔ Core feature |
Key Takeaway
Xcitium does not sell these as completely separate tools. Instead, it bundles capabilities into platform packages:
- Endpoint Platform = AV + Firewall + Containment + EDR
- RMM / ITSM = Device management + patching
- XDR = Cross-environment detection layer
- MDR = Human-led monitoring and response
- SOCaaP = Full stack (everything above combined)
The Simplest Way to Think About It
| Run and maintain | RMM + Patching |
| Protect the device | AV + Firewall + Containment + EPP / EDR |
| See attacks | XDR + SIEM + IDS |
| Operate security | MDR + SOCaaP |
Understanding Xcitium in Plain English
Xcitium is a broad platform that combines IT management, endpoint protection, security monitoring, threat detection, and managed security services. The easiest way to understand it is to break it into the main functional layers shown below.
| Component | What it means in plain English | Main purpose | How it fits |
|---|---|---|---|
| RMM | The IT operations toolset used to manage devices day to day. | Monitor systems, remote in, automate tasks, manage devices, and keep them working properly. | This is part of the run and maintain the devices layer. |
| Patching | The updating engine for operating systems and applications. | Reduce risk and improve stability by applying security and software updates. | Normally sits under RMM and is also part of run and maintain the devices. |
| AV / Antivirus | The malware scanner and blocker on the endpoint. | Detect and block known malicious files, behaviours, and threats. | Part of the protect the device layer. |
| Firewall | The traffic gatekeeper controlling what network traffic is allowed or blocked. | Stop unauthorised or unwanted network activity reaching or leaving a device. | Part of the protect the device layer. |
| Containment | A way to let unknown files run safely in a restricted environment until they are proven safe or unsafe. | Prevent suspicious or unknown items from damaging the endpoint. | A key Xcitium feature and part of protect the device. |
| EPP / EDR | Endpoint protection and endpoint detection/response tools. | Protect the endpoint, record suspicious activity, investigate incidents, and take response actions. | These sit with AV, firewall, and containment in the protect the device layer. |
| XDR | A wider security detection and response layer that looks across multiple systems, not just one PC. | Correlate activity from endpoints, servers, networks, identities, cloud systems, and more to spot attacks. | Part of the see attacks across the environment layer. |
| IDS | Intrusion detection that watches network traffic for suspicious patterns. | Identify possible attacks or unusual activity moving across the network. | Also part of see attacks across the environment. |
| SIEM | The central event and log layer. | Collect logs from endpoints, servers, firewalls, identity systems, cloud platforms, and other systems; make them searchable and reportable; correlate them; and raise alerts. | SIEM is not the same as RMM or AV. It fits in the see attacks across the environment layer. It focuses on log analysis, while XDR adds broader detection and automated response. |
| MDR | Managed detection and response provided by security specialists. | Monitor, investigate, triage, and respond to threats for the client. | This is part of the have people and a SOC operate it for you layer. |
| SOCaaP | Security Operations Centre as a Platform. | Provide a broader managed or co-managed security operations capability including tools, workflows, visibility, and analyst support. | This is also part of have people and a SOC operate it for you. |
The Simplest Way to Think About It
| Layer | What it means | Included components |
|---|---|---|
| Run and maintain the devices | Keep the fleet operational, accessible, updated, and manageable. | RMM + Patching |
| Protect the device | Stop malicious or unknown activity from harming the endpoint. | AV + Firewall + Containment + EPP / EDR |
| See attacks across the environment | Watch what is happening across systems and detect suspicious patterns. | XDR + IDS + SIEM |
| Have people and a SOC operate it for you | Add human expertise to monitor, investigate, and respond to threats. | MDR + SOCaaP |
Where SIEM Fits
SIEM is not the same as RMM or AV. It is the central event and log layer. It takes logs from endpoints, servers, firewalls, identity systems, cloud services, and other platforms, then makes those logs searchable and reportable, correlates them, and raises alerts when suspicious behaviour is identified.
In simple terms, SIEM focuses on log analysis and alerting, while XDR goes further by joining signals from multiple systems together and helping drive broader detection and response actions.
In Plain MSP Language
| Service area | How you could explain it to a client |
|---|---|
| RMM / Patching | We keep your fleet working and updated. |
| AV / Firewall / Containment | We stop bad things on the endpoint. |
| SIEM / XDR | We watch what is happening and detect threats. |
| MDR / SOCaaP | Real security people are watching and responding. |
Need more help with this?
© 2021–2026 XSTRA Group Pty Ltd (Australia). All rights reserved.