Understanding How Xcitium Is Sold
Xcitium is best understood as a managed security platform with a core endpoint-led offer and optional
extensions for wider network and cloud visibility. The important thing is not just the features, but how
Xcitium names and packages those features commercially.
In simple terms, Managed SOC – Device is the core endpoint security service.
Managed SOC – Network and Managed SOC – Cloud are the broader
XDR-style extensions that expand visibility and response beyond the endpoint into network and cloud data.
Xcitium Product Names
| Xcitium product name |
What it means |
Primary focus |
| Managed SOC – Device |
The core managed endpoint security service. |
Protect, monitor, investigate, and respond at the endpoint level. |
| Managed SOC – Network |
The network-side managed XDR extension. |
Network visibility, IDS, traffic analysis, log ingestion, and broader detection context. |
| Managed SOC – Cloud |
The cloud-side managed XDR extension. |
Monitoring and detection across cloud services and identity platforms. |
| Xcitium Complete / M(XDR) |
The integrated XDR story combining endpoint, network, and cloud telemetry with correlation and managed operations. |
Cross-stack detection, context, alerting, response, and managed SOC operations. |
| Network Sensor |
A passive monitoring and IDS data source that feeds the wider Xcitium platform. |
Packet capture, network monitoring, intrusion detection, and SIEM enrichment. |
How The Products Fit Together
| Layer |
What the customer is buying |
How Xcitium names it |
| Endpoint security and managed response |
A fully managed endpoint protection and monitoring service with containment, detection, response, threat hunting, and reporting. |
Managed SOC – Device |
| Network XDR extension |
Additional monitoring and correlation for network traffic, IDS events, firewall logs, Windows logs, Linux logs, and custom data sources. |
Managed SOC – Network |
| Cloud XDR extension |
Additional monitoring and correlation for cloud and identity systems such as Microsoft 365, Azure AD, and AWS CloudTrail. |
Managed SOC – Cloud |
| Unified broader XDR story |
The combined operating model joining endpoint, network, and cloud into one managed detection and response platform. |
Xcitium Complete / M(XDR) |
Features Inside Each Product
| Feature / capability |
Managed SOC – Device |
Managed SOC – Network |
Managed SOC – Cloud |
Notes |
| ZeroDwell Containment |
Yes |
Supports wider story |
Supports wider story |
Core Xcitium differentiator and the foundation of the wider platform story. |
| Endpoint Detection & Response (EDR) |
Yes |
No |
No |
Primarily endpoint-focused and part of the Device offer. |
| 24×7 SOC monitoring |
Yes |
Yes |
Yes |
Human-led SOC operations are part of the managed services model. |
| Threat hunting |
Yes |
Yes |
Yes |
Presented by Xcitium as part of the broader managed SOC value. |
| Built-in SIEM log ingestion |
Yes |
Yes |
Yes |
SIEM is the central event and correlation layer across the platform. |
| Incident response / forensics |
Yes |
Yes |
Yes |
Xcitium positions incident response as part of the managed service value. |
| Remote ops / RMM / MDM integration |
Yes |
Indirect |
Indirect |
Most closely associated with the endpoint/device side. |
| Network monitoring / NTBA |
Assessment context |
Yes |
No |
Core network-side visibility function. |
| IDS |
Assessment context |
Yes |
No |
Often supported by the Xcitium Network Sensor. |
| Windows / firewall / Linux / custom log ingestion |
Yes |
Yes |
Limited |
Especially important in the broader XDR and Network story. |
| Cloud monitoring |
No |
No |
Yes |
Includes services such as O365, Azure AD, and AWS CloudTrail. |
| Weekly / monthly reporting and security meetings |
Yes |
Yes |
Yes |
Part of the managed service positioning. |
How Licensing Is Counted
| Offer |
Likely counting method |
How to explain it simply |
| Managed SOC – Device / Zero Dwell / MDR / XDR endpoint-side offers |
Per endpoint / per protected device / per month |
Usually counted by the protected workstation or server running the agent. |
| Managed SOC – Cloud |
Per user / per month |
Usually aligned to the number of monitored cloud users or identities. |
| Managed SOC – Network |
Quote / architecture dependent |
Typically tied to network coverage, log sources, sensors, or scope rather than described here as a fixed per-router or per-switch licence. |
| Network Sensor |
Sensor / deployment dependent |
This is better described as a monitoring component deployed into the environment than a clearly documented per-switch or per-router licence in the supplied material. |
How To Explain Counting To Customers
| PCs and servers |
Count these as protected endpoints where the Xcitium endpoint agent and Device-level managed security service is applied. |
| Cloud users |
Count these where cloud monitoring and identity visibility is being provided under Managed SOC – Cloud. |
| Routers, switches, firewalls and other network gear |
Treat these as part of the monitored network estate and telemetry sources rather than assume a fixed one-licence-per-router or one-licence-per-switch model unless Xcitium or the distributor confirms that in pricing. |
| Logs and additional data sources |
These usually sit inside the XDR / SIEM / Managed SOC scope and should be positioned as part of the broader monitoring design. |
The Short Version
| Managed SOC – Device |
Sold as the endpoint-led managed security service. Think protected PC or server. |
| Managed SOC – Network |
Sold as the network XDR extension. Think network coverage, traffic visibility, IDS and log sources. |
| Managed SOC – Cloud |
Sold as the cloud XDR extension. Think monitored users and cloud identities. |
| Xcitium Complete / M(XDR) |
This is the joined-up XDR story across endpoint, network and cloud. |
Bottom line: Xcitium is sold first as a core Managed SOC – Device endpoint service,
then expanded with Managed SOC – Network and Managed SOC – Cloud to create the broader
XDR / M(XDR) outcome.
