It's a paid product sold to enterprise and the consumer comodo is based on the same client they sell to enterprises
Xcitium product earns very little revenue. Not enough to justify dedicating a development team to it.
The basic formula in software development is that a software must generate 750,000 Euros in revenue to support 3 employees with a salary of less than 60,000 Euros on the payroll.
Xcitium very likely generates less than 300,000 Euros per year in revenue. That is not nearly enough to even support 1 dedicated development employee. Unless Melih hires developers from poor 2nd and 3rd world nations. He can hire an army of programmers in Zimbabwe or Vietnam for only 100,000 Euros.
The main product is an enterprise one sold with claims that zerodwell(container ) can stop 100% etc
The marketing can say whatever it wants.
The EULA however states that the buyer/end user assumes all risk and the product is sold "AS IS" with no warranty of fitness of purpose. The product is not guaranteed to provide any protection and upon installation the end user agrees to these terms.
What that means is this: "You use this product and if it is bypassed then it is on you, and not on Xcitium or Comodo."
Nowadays, the recommended solution is the Zero Trust Model, where AV/EDR is only a part of the solution.
A true Zero Trust protection begins at the physical layer and goes all the way to the application layer in the network stack. Then on the operating system it is from the physical layer to the application layer. Then in the non-digital security realm, Zero Trust includes physical and personnel security. Next, Zero Trust includes very robust Governance, Risk Management and Compliance (GRC). All of these are combined.
I don't know how many times an enterprise has stated to me "We purchased Product XYZ marketed as Zero Trust and thereby implemented a Zero Trust Protection Model throughout our organization." They are extremely disappointed when I tell them they don't understand Zero Trust and that they need to spend another 5,000,000 Euros to get there.
Very, very few service providers know how to properly implement true Zero Trust and even fewer enterprises and governments can do it themselves. I don't know how many times a government has said to me "We air gap these high sensitivity machines. They are Zero Trust."
It takes a lot of time, resources, patience, knowledge, experience, and money to do Zero Trust the right way. It can be done - and done very well - using 100% Microsoft security. Why is this? Because Microsoft does adhere fully to the first principle of security: "Security is not software. It is a process." Plus it works so closely with the U.S. Government that it integrates many of the capabilities developed by NIST Special Publications that inform & guide virtually 100% of global enterprise security practices.
Lots of people and organizations think "Zero Trust implementation is purchase Zero Trust software and deploy it."
Meanwhile, for a small company, a correct Zero Trust security implementation is a 2 to 3 year process requiring an army of SMEs and implementers. And that usually only happens in very highly regulated industries where serious negative consequences can happen. It is not at all unusual for a financial transaction processor to take a couple of years fully implementing PCI DSS. And that is just the beginning of the security requirements and regulations that are applicable to their operations.
Most every Zero Trust product out there just exploits the words "Zero Trust." Why? Because people have no idea what Zero Trust really is.
Many organizations fail Zero Trust assessments and audits.
app.any.run
any.run
