SecurityBrief New Zealand - Technology news for CISOs & cybersecurity decision-makers
Story image
Elastic launches endpoint security offering
Mon, 21st Oct 2019
FYI, this story is more than a year old

Elastic, the company behind Elasticsearch and the Elastic Stack, has announced the introduction of ​Elastic Endpoint Security​ based on Elastic's acquisition of Endgame, a company focusing on endpoint threat prevention, detection, and response based on the MITRE ATT-CK​​ matrix.

Elastic is combining ​SIEM​ and endpoint security into a single solution to enable organisations to respond to threats in real-time, whether in the cloud, on-premises or in hybrid environments.

Elastic also announced that it is eliminating per-endpoint pricing.

“Two key trends in endpoint security – the importance of a strong analytics back-end and the rise of the MITRE ATT-CK framework as a lingua franca – help make the case for greater emphasis on threat hunting and incident response use cases,” says 451 Research principal analyst Fernando Montenegro.

“Elastic's acquisition of Endgame fits well within these trends, and the combination of SIEM and endpoint security should enable organisations to pursue efficiencies around those use cases.

Endgame has been validated by numerous independent testing organisations, including NSS Labs, SE Labs, MITRE, and others.

Additionally, Elastic Endpoint Security brings one of the ​strongest sources of endpoint security data​, raw endpoint event data, and alerts to the Elastic Stack, joining the existing logging, security, APM, and infrastructure event collection. ​

With the average threat dwell time exceeding 100 days, shipping, ​scaling, and storing data efficiently in Elasticsearch makes searching through all of this disparate security-related data practical, easy, and fast.

Elastic founder and chief executive officer Shay Banon says, “This is an exciting step toward realising our vision for applying search to multiple use cases.

Elastic's journey into SIEM and endpoint security

Tools working in isolation can't safeguard an organisation, and the data that those tools collect isn't actionable without a centralised management console.

Security teams are faced with siloed data, slow query times, and compromised analysis that lacks relevance and context.

Organisations already know they need to work in real time; they need to ingest and store all types of data in a way that is unbounded; and they need to produce relevant results and automatically operationalise them into existing and new security workflows.

Nearly two years ago, Elastic embarked on a mission to help organisations evolve their security efforts.

While the Elastic Stack has been adopted and is used as a security solution for use cases like threat hunting, fraud detection, and security monitoring, Elastic wanted to make it even easier for users to deploy its products for security.

Elastic first worked in collaboration with its community to develop the Elastic Common Schema (ECS) to provide an easy way to normalise data from disparate sources from network and host data.

Then Elastic launched Elastic SIEM​, a free and open SIEM.

Now, when users deploy a data collection agent for Elastic SIEM, they can protect the endpoint simultaneously and remove the inefficiency of multiple solutions that can't respond in time to prevent damage and loss.

“Stopping attacks as early as possible is the goal. That requires the best preventions and the highest fidelity detections on the endpoint,” says former Endgame CEO and current Elastic Security general manager Nate Fick.

“The combination of Endgame's endpoint protection technology with Elastic SIEM creates an interactive workspace for SecOps and threat hunting teams to stop attacks and protect their organisations.

The end of endpoint pricing

Elastic is eliminating per-endpoint pricing.

“We want organisations to have the best protection, use it everywhere, and not be penalised with per-endpoint pricing,” says Banon.

Elastic customers pay for resource capacity for any solution they use ​—​ Elastic Logs, APM, SIEM, App Search, Site Search, Enterprise Search, and now Endpoint Security ​—​ with a consistent and transparent pricing framework.