Elastic blends SIEM and endpoint security into a single solution for real-time threat response
Elastic, the company behind Elasticsearch and the Elastic Stack, announced the introduction of Elastic Endpoint Security, based on Elastic’s acquisition of Endgame, a pioneer and industry-recognized leader in endpoint threat prevention, detection, and response based on the MITRE ATT&CK matrix.
Elastic is combining SIEM and endpoint security into a single solution to enable organizations to automatically and flexibly respond to threats in real time, whether in the cloud, on-premises, or in hybrid environments. Elastic is also eliminating per-endpoint pricing.
“Two key trends in endpoint security – the importance of a strong analytics back-end and the rise of the MITRE ATT&CK framework as a lingua franca – help make the case for greater emphasis on threat hunting and incident response use cases,” said Fernando Montenegro, Principal Analyst at 451 Research.
“Elastic’s acquisition of Endgame fits well within these trends, and the combination of SIEM and endpoint security should enable organizations to pursue efficiencies around those use cases.”
Endgame has been validated by numerous independent testing organizations, including NSS Labs, SE Labs, MITRE, and others as having both the strongest preventions and detections available.
Additionally, Elastic Endpoint Security brings one of the strongest sources of endpoint security data, raw endpoint event data, and alerts to the Elastic Stack, joining the existing logging, security, APM, and infrastructure event collection.
With the average threat dwell time exceeding 100 days, shipping, scaling, and storing data efficiently in Elasticsearch makes searching through all of this disparate security-related data practical, easy, and fast.
Accordingly, endpoint security is a natural fit for the Elastic Stack to provide prevention against threats and the fastest detection and response to stop attacks at the earliest stages possible.
“Users deserve more from the tools they deploy. That’s why we are providing immediate value today through the simplicity of a single stack to search, store, analyze, and secure your data,” said Shay Banon, founder and chief executive officer of Elastic.
“This is an exciting step toward realizing our vision for applying search to multiple use cases, as we are now able to offer users the best threat hunting solution with the best endpoint protection.”
Elastic’s journey into SIEM and endpoint security
Tools working in isolation can’t safeguard an organization, and the data that those tools collect isn’t actionable without a centralized management console. Security teams are faced with siloed data, slow query times, and compromised analysis that lacks relevance and context.
Organizations already know they need to work in real time; they need to ingest and store all types of data in a way that is unbounded; and they need to produce relevant results and automatically operationalize them into existing and new security workflows.
Nearly two years ago, Elastic embarked on a mission to help organizations evolve their security efforts. While the Elastic Stack has been adopted and is used as a security solution for use cases like threat hunting, fraud detection, and security monitoring, Elastic wanted to make it even easier for users to deploy its products for security.
Elastic first worked in collaboration with its community to develop the Elastic Common Schema (ECS) to provide an easy way to normalize data from disparate sources from network and host data. Then Elastic launched Elastic SIEM, the world’s first free and open SIEM.
Now, when users deploy a data collection agent for Elastic SIEM, they can protect the endpoint simultaneously and remove the inefficiency of multiple solutions that can’t respond in time to prevent damage and loss.
“Stopping attacks as early as possible is the goal. That requires the best preventions and the highest fidelity detections on the endpoint.
“The combination of Endgame’s leading endpoint protection technology with Elastic SIEM creates an interactive workspace for SecOps and threat hunting teams to stop attacks and protect their organizations,” said Nate Fick, formerly CEO of Endgame and now general manager of Elastic Security.
The end of endpoint pricing
In addition to combining the world’s first free and open SIEM with the best endpoint protection technology, Elastic is eliminating per-endpoint pricing.
“Why should users need to count the number of devices they need to protect? Or choose how many days of threat intelligence data they can afford to retain?” added Banon. “We want organizations to have the best protection, use it everywhere, and not be penalized with per-endpoint pricing.”
Elastic customers pay for resource capacity for any solution they use — Elastic Logs, APM, SIEM, App Search, Site Search, Enterprise Search, and now Endpoint Security — with a consistent and transparent pricing framework. This ensures organizations can capture maximum value from their data.
With Elastic Endpoint Security, customers get full protection for as many endpoints as they need, and full data collection and shipping without having to compromise.
Texas A&M University, Andrew Stokes, Assistant Director and Information Security Officer: “We value speed of response and the ability to learn from and analyze our historical data.
“Elastic Endpoint Security has dramatically dropped our mean time to remediate from seven days to 30 minutes over legacy antivirus, and the Elastic Stack has provided an unparalleled way to store, analyze, and react to data well beyond any competitor in the market.
“Combining Elastic Endpoint Security and the Elastic Stack into a single, intelligence-led platform will further simplify and automate our security operations.”
Optiv, Anthony Diaz, Divisional Vice President, Emerging Services: “Elastic is bringing together the integration of a next-generation SIEM, robust visualization engine and a best-in-class endpoint product all backed by the world’s leading search technology.
“This combination provides a foundation for enterprises to combat the growing complexity of cyber threats. Elastic’s vision for bringing together these components in an open ecosystem is a revolutionary, yet practical idea that helps organizations of all sizes maximize all of their data to manage their cyber security needs.”