As the above asks.
if they are the same then what’s the point of paying $5 a device?
Great question.
OpenEDR and Xcitium EDR share the same foundational technology — OpenEDR is the open-source core of Xcitium’s commercial EDR solution. So in terms of endpoint visibility, security, and core telemetry collection, they are fundamentally same.
The key difference lies in what you do with the data and where it’s stored:
- OpenEDR is ideal if you want to host and manage everything yourself. You’ll need your own infrastructure — for example, setting up and maintaining an ELK stack or similar — to store, process, and analyze all the collected endpoint telemetry data. This gives you full control but comes with the operational overhead and costs of managing storage, scaling, and maintenance.
With Xcitium EDR, you’re paying for a fully-managed backend platform. That includes,
-SIEM (Security Information and Event Management) ,
-Secure cloud storage
-Advanced analytics
-Threat correlation
-Threat Labs that analyzes every unknown file (not only using automated systems that has a high FP rate, but also Human Analysts to make sure we don’t take risks with your security)
-Dashboards,
-Alerts
-Support — all hosted and maintained by Xcitium.
The $5/device fee primarily covers the cost of storing and analyzing the large volumes of telemetry data, not the Software license as its open source and free.
So you’re not paying for the EDR code itself — you’re paying for a turnkey experience, scalability, ongoing support, and a mature cloud backend that removes the burden of building and managing your own infrastructure.
Hope that helps clarify!