Endpoint security

Prevent threats. Optimize detection and response.

Elastic Security stops attacks, drives centralized hunting and detection, and enables interactive response.

It’s free and open, ready for scale, and built for performance.

Download Elastic Agent to secure your endpoints


Elastic Security 7.16 stops an expanded set of advanced attack techniques by extending malicious behavior prevention.

Secure your endpoints and power XDR

Go beyond blocking malware, ransomware, and advanced threats. Unify prevention, detection, and response across your entire ecosystem.


Thwart complex attacks

Block unknown and polymorphic malware and ransomware before execution with machine learning. Prevent advanced threats with behavior analytics.

Alert in ultra-high fidelity

Increase analyst efficacy by minimizing false positives via deep host data and environment-wide visibility.

Respond at scale

Perform ad-hoc correlation. Gather deeper context with osquery. Invoke remote response actions.

Proven anti-malware

Stop threats in their tracks

Avert threats with signatureless prevention, behavior analytics, centralized detection, and fast and informed response.


Prevent in depth

Secure your Windows, macOS, and Linux endpoints. Prevent malware execution and stop ransomware before data encryption. Disrupt advanced threats with behavior-based run-time prevention. Leverage protections from Elastic Security research engineers and our global user community.

Enhance SecOps visibility

Monitor your environment with kernel-level data collection and purpose-built dashboards. Probe hosts with osquery to gather further context. Quickly access embedded visualizations and relevant threat intelligence.

Detect in high fidelity

Generate useful alerts by continuously correlating host activity with other environmental data. Start a hunt from an anomaly spotted by a prebuilt machine learning job. Prepare for threats unique to your industry or environment.

Respond rapidly

Empower analysts with detailed data from across your endpoints. Examine host-based activity with interactive visualizations. Trigger remote response actions like host isolation. Connect response workflows with third-party orchestration and ticketing tools.

More than just endpoint protection

Streamline your security stack and transform your security program.

Limitless versatility

One agent, many use cases

Prevent threats and forward data with a single agent. Tackle multiple use cases, activating new features with just a click. It has a small footprint, so deploy far and wide.

Limitless data

Attack (way, way) lookback

Threats often incubate for months, exceeding the data retention period for most SOCs. Elastic enables security teams to analyze years of data, appreciably improving your security posture.

Limitless deployment

Works just about anywhere

From submarines to Starbucks, attacks can happen anywhere. Elastic secures hybrid environments with protections that work as well in a Faraday cage as when connected to the cloud.

Limitless value

Licensing that doesn’t interfere

With flexible licensing, use Elastic as you see fit and make adjustments as your needs evolve. No per-endpoint pricing. No high-stakes device count guesstimates. No artificial data caps.