icon

ELASTIC ENDPOINT SECURITY

Security starts at the endpoint

Complexity is the enemy of security. We make it simple. Elastic Endpoint Security is the only endpoint protection product to fully combine prevention, detection, and response into a single autonomous agent. It requires zero training, is built for speed, and stops threats at the earliest stages of attack.

MarketoFEForm

New

7.6 improves visibility into Windows hosts and introduces new protections for automated detection and response.

EASY TO USE

As simple as antivirus, but way more powerful

Integrating the best endpoint security product available with the Elastic SIEM experience provides a whole new comprehensive security operations solution designed to support multiple users and use cases.

Ransomware prevention

Ransomware prevention

Using a combination of behavior-based detection, MalwareScore, and exploit prevention technology, we stop ransomware and other destructive attacks before disk encryption occurs.

Phishing prevention

Phishing prevention

The industry’s only on-endpoint phishing prevention. Using machine learning to prevent malicious Microsoft Office documents and PDFs before they can execute.

Reflex™ Custom Prevention

Reflex™ Custom Prevention

The first autonomous prevention and detection engine that issues customized incident response on the endpoint without the need for cloud connectivity.

Malware prevention

Malware prevention

Endgame MalwareScore® is the only machine-learning powered, signature-less prevention. Blocking known and unknown attacks, MalwareScore is published to VirusTotal and validated by third parties like NSS Labs.

Exploit prevention

Exploit prevention

Block attempts to exploit vulnerabilities — even zero-day vulnerabilities and kernel exploits designed to elevate privileges — before any malicious code can execute.

Fileless attack prevention

Fileless attack prevention

Our injection protection stops in-memory attacks like reflective DLL and shellcode injection. We detect and can block suspicious and malicious Powershell scripts and CLR Guard is an industry first for .NET reflection attacks.

Validated by the best.

ENDPOINT + SIEM

More than just the best endpoint protection

You’re already deploying software to protect your endpoints, so why not ship the event data to Elastic SIEM? And if you’re already shipping data from an endpoint to Elastic SIEM, why not secure that endpoint at the same time? Now you can get the best of both worlds in one experience.

SCALABLE & FAST

Get total attack (way, way) lookback

Endpoints aren't forever: containers are destroyed, laptops wander, cloud instances shut down, and when you’re looking for a needle in a haystack, you need access to that entire haystack. The average threat can incubate for over 100 days, so shipping, scaling, and storing data efficiently in Elasticsearch via products like Elastic SIEM is key for making searching through long-term historical data practical, easy, and fast.

PROTECTION ANYWHERE

Works with speed and without compromise

From submarines to Starbucks, attacks can happen anywhere — and endpoints aren’t always cloud connected. We’ve designed for hybrid environments by pushing the prevention and detection logic to the endpoint, making our protection as efficient in a Faraday cage as it is when cloud-connected. Plus, uncover cross-environment attacks and suspicious outliers by integrating with Elastic SIEM.

PRICING

Keep it simple. No more pricing by endpoint.

Traditional cybersecurity licensing forces you to make compromises. Why should you need to count the number of devices you need to protect? Or choose how many days of threat intelligence data you can afford to retain? No matter how you start or grow with Elastic, you won’t have to do any of that to get the best protection from our products. Just pay for the resources you use and continue doing great things with Elastic.

COMPARISON

Here’s how we stack up

The rest of the industry focuses on monetizing protection capabilities. With Elastic you get the right protection the first time.

ELASTIC ENDPOINT SECURITY

CROWDSTRIKEFalcon

CARBON BLACKCb Defense

Signatureless malware and ransomware prevention

Automated threat hunting and response

Additional products required
Additional products required

Comprehensive MITRE ATT&CK protection

Additional products required

Full protection when online and offline

Cloud lookup required
Cloud only

Unlimited forensic review

7 days
Additional products required

On-prem AND cloud management options

Signatureless malware and ransomware prevention

Automated threat hunting and response

Comprehensive MITRE ATT&CK protection

Full protection when online and offline

Unlimited forensic review

On-prem AND cloud management options

ELASTIC ENDPOINT SECURITY

CROWDSTRIKEFalcon

CARBON BLACKCb Defense

Additional products required
Additional products required
Additional products required
Cloud lookup required
Cloud only
7 days
Additional products required

More value

Plus all the goodness of Elastic

Because Elastic Endpoint Security is built on the Elastic Stack, an entire universe of products and features are available to enrich and extend your use case.

What's coming

Comprehensiveness without complexity

The complexity and limitations of a traditional SIEM are well known. That’s why we introduced our vision of what an open, flexible, fast, and scalable SIEM could be. Now we’re taking it further by bringing endpoint protection and SIEM together into the same experience to streamline how you secure your organization.

Join the Early Access Program for Elastic Endpoint Security