Organization Overview
A leading oil and gas company with offshore subsea drilling services has diverse, disconnected endpoints located across multiple geographies. Their nimble security team was challenged with protecting assets both online and offline. The company’s existing endpoint security stack consisted of 5+ tools, including AV and NGAV, that had been bypassed by advanced attacks — including fileless attacks.
The oil and gas company chose Elastic Endgame for its scope, speed, and simplicity in protecting critical assets before damage and loss.
The Challenge: Too much time spent managing multiple solutions
The company had a complex enterprise security stack with 5+ tools encompassing AV, exploit protection, and application whitelisting. These tools required the security analysts to manage, maintain, and support multiple agents and consoles. Their small and nimble security team was consumed with managing a variety of platforms and triaging ambiguous alerts. The company was subject to targeted attacks, including fileless attacks that bypassed their existing endpoint security protections.
To further complicate things, high-value assets were often not connected to the internet, but still needed offline protection. Most NGAV tools depend on a cloud connection and provide no offline protection. Their security team was in need of a comprehensive solution; they built evaluation criteria to address these challenges:
- Stop targeted attacks, malware and beyond
- 24x7 online and offline protection, with minimal performance impact
- Provide accurate alerts with minimal false positives
- Rapidly triage and remediate alerts
The Solution: Full-stack protection across the MITRE ATT&CK® Matrix with Elastic Endgame
The oil and gas company evaluated 20+ endpoint solutions on the market — including AV and NGAV solutions — and chose Elastic Endgame because it was the only solution with full-stack protection across the MITRE ATT&CK® matrix. Elastic Endgame protections successfully stopped exploits, malware, phishing, fileless attacks, ransomware, and sophisticated attacker techniques from gaining a foothold on systems before data loss. They like that its fileless attack technology prevents techniques like shellcode injection and DLL injection. And kernel-level analysis, performed on every executing thread, stops fileless attacks before an adversary can gain a foothold in memory.
Elastic Endgame secures the company’s disconnected high-value assets with its lightweight autonomous agent — providing 24x7 protection for online and offline systems with no round trip to the cloud required. To improve their triage and response capabilities, Elastic Endgame augments the company’s existing security resources with Artemis®, an AI-powered natural language understanding (NLU)-based chat bot, and Resolver, an intuitive attack visualization engine that enables analysts to prioritize, triage, and remediate alerts before damage and loss occurs — all without relying on complex queries or IOCs.
The proven ability of Elastic Endgame to eliminate multiple host agents through one single agent, facilitating prevention, detection, and response to advanced threats while also reducing cost and saving time, worked wonders to cutting complexity in the company’s IT environment.
