XCITIUM

ADVANCED
PROACT I VE EDR WI TH
PRE- EM PT I VE CO NTA I N M ENT

©Xcitium Inc. All Rights Reserved

 Xcitium Advanced | Datasheet

THE WORLDWIDE CHALLENGE

U NKNOW NS & RANS OM WA R E A R E S O P H I ST I C AT E D I N D U ST R I E S

v v v
NEW M ALWARE N EW R A N S O M S VI C T I M S DA M AG E D

450,000 1 1 S EC S $350M
R ELEASED DAI LY E N AC T ED DAI LY I N RANSOM S PAI D

EDR A LO N E = BR E AC H E S R E P UTAT I O N SERV I C ES I NSUFFI C I ENT EX PE RTISE

99% DETECTIO N UN P R E D I C TA B L E H I G H C O ST SKI LLS
Current security solutions employ
Third-party intelligence services Limited cyber training, a high learning
detection as a prelude to protection.
fuel the detection world but remain curve, and finite number of available
This is backwards.. An undetected 1%
too slow and inefficient to be relied experts to address your risk. Add
means ongoing damage & breaches.
upon for full protection. in the high cost of alert fatigue.

THE XCITIUM ADVANCED SOLUTION

PROACTIVE END PO IN T D E T EC T I O N A N D R E SP O N S E (E D R)

There’s no question there is a need for EDR. Yet, detection-based EDR tools provide insufficient security. Attackers
are smart. They understand how detection-first solutions work, and they continuously develop techniques to slip
under everyone’s radar to attack as “Unknowns.” Unknowns cannot be detected. But when you add protection-
first, detection-less ZeroDwell Containment to an EDR solution’s front end, suddenly you experience a
paradigm shift and see breaches and ransom incidents plummet without needing to rely on detection.

The value of EDR becomes evident AFTER protecting first with ZeroDwell technology. When attacks are
preemptively contained with virtualization, there is no more alert fatigue because contained attacks are no longer
threats. With threats contained, real-time, continuous endpoint visibility and actionable alert management is
where EDR capabilities shine. Now you can harden your environment against zero-day and file-less attacks,
and EDR’s full-specturm visibility leads to immediate and accurate root-cause analysis for effective patching
and remediation. In this new context Xcitium EDR allows you to analyze what’s happening across your entire
organization at a granular, base-event level so you get detailed file and device trajectory information that reveals
potentially larger issues that may be leaving your endpoints vulnerable. Detection-less, real time ZeroDwell
Containment makes proactive EDR possible.

THE XCITIUM DIFFERENCE

O n l y Xc i t i u m’s p a t e n t e d Ze r o D w e l l C o n t a i n m e n t p r e v e n t s b r e a c h e s , r a n s o m w a r e , a n d
z e r o - d a y ’s f r o m c a u s i n g h a r m !

ZERO TRUST | ZERO BREACH | ZERO DAMAGE | ZERO DOWNTIME

©Xcitium Inc. All Rights Reserved

 Xcitium Advanced | Datasheet

XCI T IUM A DVA N C E D

Xcitium Advanced combines the benefits of the Xcitium Essentials product with advanced endpoint security Anti-Virus (AV), Viruscope (NGAV),
endpoint detection and response (EDR), Host Intrusion Prevention System (HIPS), Firewall (FW), and endpoint management (EM) capabilities,
to deliver exploit prevention, comprehensive visibility, enhanced reporting, and endpoint management from a centralized SaaS platform.

KE Y CAPA B I L I T I E S

MITRE ATTACK CHAIN MAPPINGS & VISUALIZATIONS

Attack vectors are shown on the dashboard. When combined with file trajectory and process hierarchy visualizations, this
accelerates investigations. Process-based events are shown in a tree-view structure to help analysts better understand process
behavior.

CONTINUOUS MONITORING | EDR | RECOMMENDED SECURITY POLICY

Every EDR license comes with a default endpoint security policy, which is customizable to meet individual needs. Our sales
engineering team is available to work with you to tailor security policy to your requirements, especially endpoint-specific policies.

SUSPICIOUS ACTIVITY DETECTION & ALERTING

Get notified about events such as file-less attacks, advanced persistent threats (APTs), and privilege escalation attempts.
Analysts can change status of alerts as they take counter-actions to dramatically streamline follow-up efforts. Because of
ZeroDwell Containment at runtime, alert fatigue is a thing of the past and you can focus on alerts that matter.

INCIDENT INVESTIGATION
The event search screen allows analysts to run queries to return any detail at base-event-level granularity. Aggregation tables
are clickable, letting investigators easily drill down into specific events or devices.

CLOUD-BASED ARCHITECTURE

Xcitium Advanced uses a lightweight agent on endpoints to monitor, process, network, download, upload, access file systems
and peripheral devices, and log browser events, and it enables you to drill down into incidents with base-event-level granularity.

VERDICT CLOUD DECISION ENGINE

While running in virtualized containment, unknown files are uploaded to the Xcitium global threat cloud for real-time analysis
and a verdict determination of benign or malicious. Benign entities are simply released from containment.

FILELESS MALWARE DETECTION

Not all malware is made equal. Some malware does not need you to execute a file when it is built in to the endpoint’s memory-
based architecture such as RAM. Xcitium EDR can detect against this threat before it appears.

PROACTIVE ZERODWELL CONTAINMENT

Unknown executables and other files that request runtime privileges are automatically run in Xcitium’s patented ZeroDwell
container that does not have access to the host system’s resources or user data. ZeroDwell Containment means malware
cannot move laterally across your network or organization.

ENTERPRISE LEVEL & MSP READY

Whether you’re an enterprise with thousands of endpoints or an MSP serving hundreds of customers, the EDR agent can be
instantly deployed via group policy object or the Xcitium ITSM with automatic updates every release.

©Xcitium Inc. All Rights Reserved

 Xcitium Advanced | Datasheet

PROACTIVE EDR IMMEDIATE TIME-TO-VALUE

CONTA I N T H R EATS I N REA L TIM E , ZEROD WELL CON TAIN MENT
GAIN D E E P V I S I B I LT Y, & H A R D E N A unified endpoint solution offering attack containment at runtime,

AGAINST FU T U R E AT TACKS threat detection and response lifecycle optimization, exploit

prevention, unparalleled visibility, and endpoint management to
EDR monitoring is continuously collecting attack telemetry and stop ransomware, avoid breaches, and sustain your business.
anomalous endpoint events data and performing correlations in concert
with the Xcitium Verdict Cloud, leveraging Xcitium Threat Laboratories ZeroDwell Containment is also compatible with existing
intelligence as well as recommended security policy. The Verdict EDR security infrastructure as an add-on first line of defense.
Cloud then analyzes and identifies the contained unknown files safely
Move from Detection to Prevention with ZeroDwell Containment
virtualized on endpoints and returns a fast malicious/benign verdict
to isolate attacks such as ransomware & unknowns without any
while EDR efforts are focused on real alerts, not alert fatigue.
disruption of your endpoints or business operations.
With Xcitium Advanced, you get actionable alerts based on customizable
security policy that notify you about the actions of contained activity F U LL SP ECTRU M VISIB ILI TY
that could represent ransomware, memory exploits, PowerShell abuse,
Gain full context of an attack to connect the dots on how hackers
enumeration — specific attack attempts made by the contained
are attempting to breach your network.
threat plus many other IoCs. Alerts are also triggered when the
Xcitium Recommended Security Policy is violated. Dwell time on your
real endpoint is literally zero, and no damage is possible, while your
ED R WITH OU T ALERT FATI GUE
EDR tech is now empowered for focus on remediation and resolving Gain full context of an attack to connect the dots on how hackers are

revealed vulnerabilities. For example, malicious behavior disguised as attempting to breach your network without a flood of alerts and false

action typically performed by signed and trusted applications such as positives burdening your security teams

PowerShell and Regedit would not be similarly flagged by other EDR

tools —this is exactly why attackers use trusted applications. But Xcitium EN D POIN T MAN AGER
can see this behavior clearly in containment. Without our EDR, the
Practice cyber hygiene to reduce the attack surface by
contained threat often goes unnoticed by other EDR vendors, allowing
identifying applications, understanding where your vulnerabilities
an attacker to steal or ransom your company’s confidential data. With
lie, and remediating with patches.
Xcitium, contained attacks are not longer threats.

CON SID ER ALSO: XCITIU M

GU ID ED
Many vulnerabilities are caused by a lack of resources and
maintenance processes, and possibly by a lack of the technology
required to integrate and coordinate security technologies, but every
one of these issues are fully covered and managed by Xcitium Guided
24•7•365 SOC alerts triage, security investigations and remediation
services. Xcitium Guide is an MDR-light managed endpoint solution for
those not yet ready for full MDR or MXDR cloud and network services.

ZERO TRUST. ZERO BREACHES.

Z E RO DWELL . Z ERO DAMAGE .

THE POW E R OF ZE R O.
©Xcitium Inc. All Rights Reserved
Xcitium, formerly known as Comodo Security Solutions, is used by more than 3,000 organizational
customers & partners around the globe. Xcitium was founded with one simple goal – to put an end to
cyber breaches. Our patented Xcitium Essentials ZeroDwell technology uses Kernel-level API virtualization
to isolate and remove threats like zero-day malware & ransomware before they cause any damage to any
endpoints. ZeroDwell is the cornerstone of Xcitium’s endpoint suite which includes pre-emptive endpoint
containment, endpoint detection & response (EDR), managed detection & response (MDR), and
managed extended detection and response (M/XDR). Since inception, Xcitium has a track record of zero
breaches when fully configured.

AWAR D S & REC O GNITI O N

OUR CU STO MERS

SALES
US: 646-569-9114
CA: 613-686-3060

EMA I L
[email protected]
[email protected]

V ISI T
200 Broadacres Drive,
Bloomfield, NJ 07003
United States

©XCITIUM INC. ALL RIGHTS RESERVED