Elastic Security: Secure my hosts with endpoint security
Overview
Introduction to Elastic Security
Elastic Security is a unified security solution that brings together SIEM, endpoint, and cloud security into a single platform. This makes it easier to protect, investigate, and respond to security events from all parts of your environment. Learn how Elastic Security helps you protect your organization in the video below:
Get your hands on Elastic Security
Experience Elastic Security for yourself with this interactive demo.
Onboard your data
Create an Elastic Cloud account
Before you get started with Elastic Security for Endpoint, make sure you've set up Elastic Security for SIEM solution first. If you haven’t, check out the Elastic Security for SIEM getting started guide.
If you’re already set up Elastic Security for SIEM, continue following the instructions below:
Once your deployment is ready, under the Security tab, select Secure my hosts with endpoint security.
You'll need to install Elastic Agent with the Elastic Defend integration if you haven't already with Elastic Security for SIEM. Agent has hundreds of out-of-the box integrations available. Elastic Defend is an endpoint security solution that provides prevention, investigation, and response capabilities with deep visibility into host-based activity.
To learn how to get started with Elastic Defend and Elastic Agent, simply check out this guided tour or follow the instructions below:
Upon selecting Add Elastic Defend, you'll be prompted to install Elastic Agent on a host.
Simply click Install Elastic Agent, select the appropriate operating system and run the commands to install, enroll, and start the Elastic Agent.
Once you've installed the Elastic Agent, you'll see a confirmation that your agent has been enrolled successfully.
Next, select Confirm incoming data. By default, Elastic Defend is configured with only event collection enabled.
Keep reading to learn how to activate Elastic's complete endpoint detection and response (EDR) experience by enabling endpoint preventions in the policy.
Next you'll select View Assets.
Now you'll select Hosts.
Now you'll see that you're presented with the Elastic Security for Endpoints. Next, under policy, select the endpoint.
To take advantage of the complete endpoint detection and response (EDR) capabilities, from here, along the right, simply enable to following protections in your policy:
- Malware protections
- Ransomware protections
- Memory threat protections
- Malicious behavior protections
For more information on configuring your Elastic Defend policy check out our documentation.
Then select Save and you're ready to start exploring your data.
Working with Elastic Security for Endpoint
Analyze your data
Let's start exploring what's happening in your environment. See a holistic overview of security-relevant data, quickly investigate events, and more. The documentation below shows you how to explore your environment using interactive dashboards and analytics tools.
Automate protection
Next, activate out-of-the-box detection rules:
Go further by uncovering unknown threats with ML-based anomaly detection. Plus, protect your hosts by implementing ransomware and malware prevention via the Elastic Defend integration for Elastic Agent.
Investigate and hunt
Elastic is the platform of choice for threat hunting and incident investigation. Let’s put it to the test with your data. Use the following resources to perform your own investigations — from initial triage to closing a case.
Next steps
Congrats on beginning your Elastic Security for Endpoint journey. As you get started, be sure to review key operational, security, and data considerations for your deployment to make sure you get the most out of Elastic.