ELASTIC ENDPOINT SECURITY

Stop threats in their tracks

Elastic Endpoint Security is the only endpoint protection product to fully combine prevention, detection, and response into a single, autonomous agent. It's easy to use, built for speed, and stops threats at the earliest stages of attack.

Get notified about Elastic Endpoint Security developments.

MarketoFEForm

Cultivate the skills and procedures that enable successful threat hunting with this guidebook.

View free guidebook

Learn how your security team can benefit from our resource-based pricing model.

Make sense of how each security vendor performed in MITRE ATT&CK® evals.

View the results in Kibana

New

7.7 upgrades the Endpoint Security macro protection model, protects against command line spoofing, and enhances prebuilt protections.

Learn more

EASY TO USE

As simple as antivirus, but way more powerful

Integrating endpoint security with Elastic SIEM delivers a comprehensive security operations solution that supports multiple users and use cases.

Ransomware prevention

With a combination of behavior-based detection, MalwareScore, and exploit prevention technology, we stop ransomware and other destructive attacks before disk encryption occurs.

Phishing prevention

The industry's only on-endpoint phishing prevention. Machine learning blocks the execution of malicious Microsoft Office documents and PDFs.

Reflex™ Custom Prevention

The first autonomous prevention and detection engine that invokes custom incident response actions on the endpoint without the need for cloud connectivity.

Malware prevention

MalwareScore® is the only machine learning-powered, signatureless prevention. Blocking known and unknown attacks, MalwareScore is published to VirusTotal and validated by third parties like NSS Labs.

Exploit prevention

Block attempts to exploit vulnerabilities — even zero-day vulnerabilities and kernel exploits designed to elevate privileges — before malicious code can execute.

Fileless attack prevention

Our injection protection stops in-memory attacks like reflective DLL and shellcode injection. We detect and can block suspicious and malicious PowerShell scripts, and CLR Guard is an industry first for .NET reflection attacks.

Validated by the best

ENDPOINT + SIEM

More than just endpoint protection

You're already deploying software to protect your endpoints, so why not ship the event data to Elastic SIEM? And if you're already shipping data from an endpoint to Elastic SIEM, why not secure that endpoint at the same time? Now you can get the best of both worlds in one experience.

SCALABLE & FAST

Get total attack (way, way) lookback

Endpoints aren't forever: containers are destroyed, laptops wander, cloud instances shut down, and when you're looking for a needle in a haystack, you need the entire haystack. The average threat can incubate for more than 100 days, so centrally storing and analyzing data with an Elasticsearch-based product like Elastic SIEM is vital to a strong security posture.

PROTECTION ANYWHERE

Works with speed and without compromise

From submarines to Starbucks, attacks can happen anywhere — and endpoints aren't always connected to the cloud. We've designed for hybrid environments by locating prevention and detection logic on the endpoint, making our protection as effective in a Faraday cage as it is when cloud-connected. Go even further against advanced attacks with global detection on Elastic SIEM.

PRICING

Keep it simple. No more pricing by endpoint.

Traditional cybersecurity licensing forces you to make compromises. Why should you need to count the number of devices you need to protect? Or choose how many days of threat intelligence data you can afford to retain? With Elastic, you won't have to do any of that to get the best protection from our products. Just pay for the resources you use and continue doing great things with Elastic.

COMPARISON

Here’s how we stack up

The rest of the industry focuses on monetizing protection capabilities. With Elastic you get optimal protection the first time.