Elastic N.V. (NYSE: ESTC), the company behind Elasticsearch and the Elastic Stack, has announced the introduction of Elastic Endpoint Security.
The solution will be based on Elastic’s acquisition of Endgame, a pioneer and industry-recognised leader in endpoint threat prevention, detection and response, based on the MITRE ATT&CK™ matrix.
Elastic is combining SIEM and endpoint security into a single solution to enable organisations to automatically and flexibly respond to threats in real time, whether in the cloud, on-premises, or in hybrid environments.
The company has also announced that it is eliminating its standing per-endpoint pricing model.
Elastic customers pay for resource capacity – with Elastic Endpoint Security, customers will get full protection for as many endpoints as they need, and full data collection and shipping.
“Two key trends in endpoint security – the importance of a strong analytics back-end and the rise of the MITRE ATT&CK framework as a lingua franca – help make the case for greater emphasis on threat hunting and incident response use cases,” said Fernando Montenegro, Principal Analyst at 451 Research. “Elastic’s acquisition of Endgame fits well within these trends, and the combination of SIEM and endpoint security should enable organisations to pursue efficiencies around those use cases.”
Endgame has been validated by numerous independent testing organisations, including NSS Labs, SE Labs, MITRE, and others as having both the strongest preventions and detections available.
Sebastian Mill, Chief Technology Officer, Global Development at InfoTrack, said: “At InfoTrack, we’ve come to realise just how valuable endpoint data can be for gaining visibility into our operations and making sure our infrastructure remains secure. Toward these goals, our innovation team has already been scoping Auditbeat into our environments, but introducing Elastic Endpoint Security takes it to a whole new level. We are intrigued by the ability to stop threats with Elastic Endpoint Security while pairing security event data with some Elastic machine learning-powered anomaly detection. It will be a killer setup.”
Additionally, Elastic Endpoint Security brings one of the strongest sources of endpoint security data, raw endpoint event data, and alerts to the Elastic Stack, joining the existing logging, security, APM, and infrastructure event collection. With the average threat dwell time exceeding 100 days, shipping, scaling, and storing data efficiently in Elasticsearch makes searching through all of this disparate security-related data practical, easy, and fast. Accordingly, endpoint security is a natural fit for the Elastic Stack to provide prevention against threats and the fastest detection and response to stop attacks at the earliest stages possible.
“Users deserve more from the tools they deploy. That’s why we are providing immediate value today through the simplicity of a single stack to search, store, analyse, and secure your data,” said Shay Banon, founder and chief executive officer of Elastic. “This is an exciting step toward realising our vision for applying search to multiple use cases, as we are now able to offer users the best threat hunting solution with the best endpoint protection.”