What does "no per-endpoint pricing" mean?

Editor’s Note — August 19, 2020: The Elastic Endpoint Security solution mentioned in this post is now referred to as Elastic Security. The broader Elastic Security solution delivers endpoint security, SIEM, threat hunting, cloud monitoring, and more. Future mentions of Elastic endpoint security will refer to the specific anti-malware protection that users can enable in Ingest Manager.

We recently made two big announcements:

  1. Endgame has joined forces with Elastic.
  2. We are eliminating per-endpoint pricing for not only the "traditional" endpoint protection use cases, but also for endpoint detection and response.

Some interested parties have asked, "what's the catch?" Endpoint security vendors have always priced per endpoint, and no longer needing to worry about this variable might sound too good to be true.

There is no catch. At Elastic, our pricing is just that simple.

We want you, our users, to continually find new ways to get value from our products. And we want you to be able to easily and accurately predict the cost impact of new use cases. Don't waste time counting devices and negotiating licensing — you have an organization to protect.

What do we charge for?

Starting November 1, Elastic Endpoint Security will be included in a new Enterprise subscription lane. You simply pay a subscription fee that is based on the computing resources you use to manage, store, search, and analyze event data from your endpoints. This gives you the flexibility to allocate resources as your needs change and Elastic's capabilities grow.

With the Elastic Stack Enterprise subscription, you can bring all of your endpoint security event data into the Elastic Stack for detection and threat hunting and to enable automated response and orchestration. You can benefit from a flexible architecture of hot/warm/cold storage so that you have access to all the data you need when you need it, and you aren't charged for ingestion rates, per-device, or per-user. On top of that, you also get the best malware and threat prevention technology for your laptops, desktops, and servers, in one single experience.

And because our solutions are built upon the world's leading search technology, you can actually use your data to surface anomalies, hunt for the unknown, and prevent damage and loss to your organization.

When you only pay for the resources you use, you aren't locked into a specific use case or approach.

Say you want to try a new Elastic capability, like Observability. You could experiment with application metrics and would only need to expand your resources if you decide to store and analyze more data. It is that easy.

When historical data becomes less valuable, you can move it without the need to delete it completely. Put it on cheaper hardware with frozen indices. If certain data is no longer valuable, you can delete or archive it and reorient your Elastic resources to other projects.

Our simple and flexible approach to pricing makes it easier to account for your current usage, and in the future, adopt new capabilities and fulfill new use cases.

Triage events, not budgets

The old per-endpoint and per-feature pricing model only works well for vendors — and it often stands in the way of security. Information security vendors have made nickel-and-diming customers the norm. Instead of having their customers' best interests in mind, vendors provide "tiers" of protection laced with add-ons. If you've ever had to choose which of your endpoints and servers get "full" protection and which get only some protection (or even none), you know what we mean. Then, when a breach occurs, it's because you hadn't upgraded to the latest buzzword-laden SKU...

When the average adversary dwell-time is over 90 days, it makes no sense for vendors to limit your data storage to seven days. It makes even less sense to have to choose which endpoint events you can afford to ingest into the SIEM and which ones you must discard. As they say, "To find the needle in the haystack, you really do need the whole haystack."

Committed to a fair and predictable approach

Elastic has upheld a consistent resource-based pricing model across all of our products, from Elastic SIEM to Logs, Metrics, and APM. Resource-based pricing simply means that our subscription fees are based on the computing resources you use to run your Elastic stack.

For example, we chose not to price Elastic SIEM based on seat or ingestion rate. With Observability, we have eliminated per-agent and per-host pricing, and with search, we eliminated per-document, per-query, and per-user pricing.

At Elastic, we charge only for the resources used to store, search, and analyze your data.

Now, we're continuing this approach with Elastic Endpoint Security.

Try it for yourself

To get started, spin up a cluster on Elasticsearch Service or install the latest version of the Elastic Stack.

Already have ECS data in Elasticsearch? Just upgrade your clusters to 7.4 and give Elastic SIEM a try.

Elastic Endpoint Security is coming soon.