dcn-eu logo
Story image

Elastic launches endpoint security offering

21 Oct 2019

Elastic, the company behind Elasticsearch and the Elastic Stack, has announced the introduction of ​Elastic Endpoint Security​ based on Elastic’s acquisition of Endgame, a company focusing on endpoint threat prevention, detection, and response based on the MITRE ATT&CK​​ matrix.

Elastic is combining ​SIEM​ and endpoint security into a single solution to enable organisations to respond to threats in real-time, whether in the cloud, on-premises or in hybrid environments.

Elastic also announced that it is eliminating per-endpoint pricing.

“Two key trends in endpoint security – the importance of a strong analytics back-end and the rise of the MITRE ATT&CK framework as a lingua franca – help make the case for greater emphasis on threat hunting and incident response use cases,” says 451 Research principal analyst Fernando Montenegro.

“Elastic’s acquisition of Endgame fits well within these trends, and the combination of SIEM and endpoint security should enable organisations to pursue efficiencies around those use cases.”

Endgame has been validated by numerous independent testing organisations, including NSS Labs, SE Labs, MITRE, and others.

Additionally, Elastic Endpoint Security brings one of the ​strongest sources of endpoint security data​, raw endpoint event data, and alerts to the Elastic Stack, joining the existing logging, security, APM, and infrastructure event collection. ​

With the average threat dwell time exceeding 100 days, shipping, ​scaling, and storing data efficiently in Elasticsearch makes searching through all of this disparate security-related data practical, easy, and fast.

Elastic founder and chief executive officer Shay Banon says, “This is an exciting step toward realising our vision for applying search to multiple use cases.”

Elastic’s journey into SIEM and endpoint security

Tools working in isolation can’t safeguard an organisation, and the data that those tools collect isn’t actionable without a centralised management console.

Security teams are faced with siloed data, slow query times, and compromised analysis that lacks relevance and context.

Organisations already know they need to work in real time; they need to ingest and store all types of data in a way that is unbounded; and they need to produce relevant results and automatically operationalise them into existing and new security workflows.

Nearly two years ago, Elastic embarked on a mission to help organisations evolve their security efforts.

While the Elastic Stack has been adopted and is used as a security solution for use cases like threat hunting, fraud detection, and security monitoring, Elastic wanted to make it even easier for users to deploy its products for security.

Elastic first worked in collaboration with its community to develop the Elastic Common Schema (ECS) to provide an easy way to normalise data from disparate sources from network and host data.

Then Elastic launched Elastic SIEM​, a free and open SIEM.

Now, when users deploy a data collection agent for Elastic SIEM, they can protect the endpoint simultaneously and remove the inefficiency of multiple solutions that can’t respond in time to prevent damage and loss.

“Stopping attacks as early as possible is the goal. That requires the best preventions and the highest fidelity detections on the endpoint,” says former Endgame CEO and current Elastic Security general manager Nate Fick.

“The combination of Endgame’s endpoint protection technology with Elastic SIEM creates an interactive workspace for SecOps and threat hunting teams to stop attacks and protect their organisations.”

The end of endpoint pricing

Elastic is eliminating per-endpoint pricing.

“We want organisations to have the best protection, use it everywhere, and not be penalised with per-endpoint pricing,” says Banon.

Elastic customers pay for resource capacity for any solution they use ​—​ Elastic Logs, APM, SIEM, App Search, Site Search, Enterprise Search, and now Endpoint Security ​—​ with a consistent and transparent pricing framework.

Story image
Digital Realty scoops Green Lease Leaders award
Green Lease Leaders manage nearly three billion square feet of commercial and government space across North America, representing a huge potential for growth in green leases.  More
Story image
Google & Parallels to bring Windows apps to Chrome Enterprise
Google Chrome Enterprise users will soon be able to use fully-featured Windows applications such as Microsoft Office on their Chromebooks – a change expected to take effect later this year.More
Story image
Bamboo Systems launches servers for next gen data centres and computing
“Without the constraints of legacy designs, we are able to deliver servers that are built for today's microservices-based software, but which consume a fraction of the energy of traditional systems."More
Story image
Why DX is not complete without a transformed security architecture
Secure Access Services Edge (SASE) is the process by which core WAN edge capabilities like SD-WAN, routing, and WAN optimisation at branch locations are integrated with cloud-based security services like secure web gateways, firewall-as-a-service, cloud access security brokers, and more.More
Story image
Growth in edge computing could generate new revenue opportunities for operators
“The growth at the edge opens opportunities for telecom providers to develop new services related to 5G, IoT and other innovative technologies."More
Story image
LMS365 deploys new UK & Germany data centres
LMS365 will leverage the new data centres, running Microsoft Azure, to provide a learning platform that supports the data and compliance requirements within these local regions.More