sb-eu logo
Story image

Elastic launches endpoint security offering

21 Oct 2019

Elastic, the company behind Elasticsearch and the Elastic Stack, has announced the introduction of ​Elastic Endpoint Security​ based on Elastic’s acquisition of Endgame, a company focusing on endpoint threat prevention, detection, and response based on the MITRE ATT&CK​​ matrix.

Elastic is combining ​SIEM​ and endpoint security into a single solution to enable organisations to respond to threats in real-time, whether in the cloud, on-premises or in hybrid environments.

Elastic also announced that it is eliminating per-endpoint pricing.

“Two key trends in endpoint security – the importance of a strong analytics back-end and the rise of the MITRE ATT&CK framework as a lingua franca – help make the case for greater emphasis on threat hunting and incident response use cases,” says 451 Research principal analyst Fernando Montenegro.

“Elastic’s acquisition of Endgame fits well within these trends, and the combination of SIEM and endpoint security should enable organisations to pursue efficiencies around those use cases.”

Endgame has been validated by numerous independent testing organisations, including NSS Labs, SE Labs, MITRE, and others.

Additionally, Elastic Endpoint Security brings one of the ​strongest sources of endpoint security data​, raw endpoint event data, and alerts to the Elastic Stack, joining the existing logging, security, APM, and infrastructure event collection. ​

With the average threat dwell time exceeding 100 days, shipping, ​scaling, and storing data efficiently in Elasticsearch makes searching through all of this disparate security-related data practical, easy, and fast.

Elastic founder and chief executive officer Shay Banon says, “This is an exciting step toward realising our vision for applying search to multiple use cases.”

Elastic’s journey into SIEM and endpoint security

Tools working in isolation can’t safeguard an organisation, and the data that those tools collect isn’t actionable without a centralised management console.

Security teams are faced with siloed data, slow query times, and compromised analysis that lacks relevance and context.

Organisations already know they need to work in real time; they need to ingest and store all types of data in a way that is unbounded; and they need to produce relevant results and automatically operationalise them into existing and new security workflows.

Nearly two years ago, Elastic embarked on a mission to help organisations evolve their security efforts.

While the Elastic Stack has been adopted and is used as a security solution for use cases like threat hunting, fraud detection, and security monitoring, Elastic wanted to make it even easier for users to deploy its products for security.

Elastic first worked in collaboration with its community to develop the Elastic Common Schema (ECS) to provide an easy way to normalise data from disparate sources from network and host data.

Then Elastic launched Elastic SIEM​, a free and open SIEM.

Now, when users deploy a data collection agent for Elastic SIEM, they can protect the endpoint simultaneously and remove the inefficiency of multiple solutions that can’t respond in time to prevent damage and loss.

“Stopping attacks as early as possible is the goal. That requires the best preventions and the highest fidelity detections on the endpoint,” says former Endgame CEO and current Elastic Security general manager Nate Fick.

“The combination of Endgame’s endpoint protection technology with Elastic SIEM creates an interactive workspace for SecOps and threat hunting teams to stop attacks and protect their organisations.”

The end of endpoint pricing

Elastic is eliminating per-endpoint pricing.

“We want organisations to have the best protection, use it everywhere, and not be penalised with per-endpoint pricing,” says Banon.

Elastic customers pay for resource capacity for any solution they use ​—​ Elastic Logs, APM, SIEM, App Search, Site Search, Enterprise Search, and now Endpoint Security ​—​ with a consistent and transparent pricing framework.

Story image
Microsoft business applications support safer workspaces
A pre-built Power Platform solution includes location readiness for safe office reopening, employee health and safety management, workplace care management, and location management. More
Story image
Video: 10 Minute IT Jams – Who is Claroty?
Its focus is on simplifying OT availability, reliability, and safety for a more secure working environment – without requiring downtime or dedicated teams.More
Story image
Fortinet scoops commercial marketplace award at Microsoft partner awards
The win underscores its "commitment to enable easy and secure deployment of SaaS, VM or container security solutions" to protect Azure workloads and applications.More
Story image
Forescout and ServiceNow advance tech partnership to protect critical infrastructure
Forescout and ServiceNow have announced they are advancing their partnership for enhanced operational technology (OT) and industrial IoT capabilities, with an aim of helping organisations to protect critical infrastructure from cyber threats.More
Story image
Attivo Networks improves EDN solution with advanced features
“By detecting unauthorised ingress and egress connections both at the source and at the destination, security defenders gain real-time visibility along with conclusive detection alerts.”More
Story image
Adobe, IBM and Red Hat partner up to accelerate DX and real-time data security
"As companies undergo their digital transformations and move core workloads to the cloud, the entire C-suite is facing a re-framing of their roles to meet customer demands – all while keeping security front and centre."More