Welcome Endgame: Bringing Endpoint Security to the Elastic Stack

Introducing Elastic Endpoint Security: We've officially joined forces and announced a new product vision for securing your organizations with the Elastic Stack. Read the announcement

We are excited to announce that we have entered into an acquisition agreement to join forces with Endgame, Inc. an endpoint security company. We believe that by joining forces, we can bring to market a holistic security product that combines endpoint and SIEM, and is delivered using our unique go-to-market model.

We have known about Endgame and its endpoint product for quite some time. The product embeds Elasticsearch as its main data store for its alerts and investigation workflows, and is considered one of the best endpoint solutions out there today. When we had a chance to meet with the team, we got even more excited by the quality and culture match between the two companies, and how much our product roadmaps were aligned.


Endpoints provides a critical source of security data. As we make our investments in the SIEM market, a big part of it is in our existing Beats agent-based technology. We have been working on expanding to collect additional security-oriented data, including data from hosts, in the Elastic Common Schema (ECS). Endgame's endpoint product would take that to a whole new level. It has built-in, enriched security data collection capabilities. This data is a gem to store in a powerful search engine like Elasticsearch. With Kibana's real-time visualization, security users would gain access to a whole new level of analysis to help protect their organizations from attacks.

Endpoint prevention, detection, and response (EPP + EDR) is a natural expansion to Elastic's security and agent efforts. On top of raw security data that is the foundation of SIEM, EDR and EPP are critical to any company's security posture. We are excited that we will be able to provide it as part of our product line upon consummation of the transaction.

The Elastic Stack is used for threat hunting by companies across the world, utilizing our unique ability to search across vast amounts of data in the blink of an eye. We believe that the ability to both bring another layer of data, as well as expanded threat hunting to the endpoint directly, is a unique value proposition of the combined products.

Endpoint protection will be a natural feature in our product line. We have been developing agent-based technology in our Beats product for years now, ranging from network packet capture, to logging, to metrics, and to security (audit). Endgame's endpoint agents fit nicely into this paradigm of agents shipping data as part of the Elastic Stack and its architecture. In addition to data collection capabilities, Endgame’s agents provides comprehensive protection against modern attacker techniques.

We have also started to see our Beats agents being used more and more beyond just as server-side machines, and being installed on endpoints of many kinds, including workstations. Endgame's endpoint product is purpose-built to run on a variety of endpoints, such as Windows, Mac, Linux, and Solaris devices, and using Beats will form a foundation to ship endpoint data into Elasticsearch.

Endgame has also developed a powerful language in EQL (Event Query Language), that can be executed on the endpoint, with its results stored in Elasticsearch. We are excited to explore this powerful query engine for all types of data in the Elastic Stack, which may be executed either on the endpoint or centrally.

Go to Market

The Elastic Stack has been used for a few years now as a place to collect, store and analyze security-oriented data. It has been adopted by the security community as a SIEM and threat-hunting tool long before we made significant efforts in the space because users see search to be a useful experience across any data. This is also the power of our bottom up, community-based, go-to-market model and how innovation begins from our users.

We have made significant investments in our Elastic Common Schema (ECS) to give users a uniform data modeling framework for any type of data, focused initially on the security space. We have enhanced our Beats technology to ship many types of data, including security-oriented data with Auditbeat, in ECS format. And we have been making investments in our SIEM efforts and going to market with it using our unique model.

We are excited to combine Endgame's endpoint product with our search technology and bring it to market using our unique model that is bottom up, open, community-oriented, and focused on end user success. More so, we are excited for the opportunity to converge the SIEM and endpoint markets to drive a whole new level of collaboration for security teams. After meeting the Endgame team and spending a lot of time with them, we are very much aligned on this go-to-market strategy.


We are announcing our intention to join forces today, but there are conditions to the merger and it will take some months until this transaction closes.

Like the alignment of our go-to-market strategy, our product roadmaps were also well aligned, even before we started our more intimate discussions. Based on existing and potential future customers, and Endgame's recognition that the Elastic Stack has become one of the most popular and useful destinations for security data, the Endgame team was already working with the Elastic Stack on additional integrations. This includes building support to ship raw security events (beyond alerts) from the endpoint and using the Elastic Common Schema (ECS) to format the data. Once the data is shipped to Elasticsearch, security teams and users would be able to instantly visualize the data in Kibana.

The Endgame team has also started to explore exposing Kibana on top of the existing bundled Elasticsearch deployments they have, to provide more dashboard and visualization capabilities on top of their built-in alerts, investigations, and threat hunting capabilities.

And, we have been working to expand our products to have more and more SIEM features, and by conforming to Elastic Common Schema (ECS), Endgame's endpoints will become natively integrated into any existing and future efforts of Elastic in the security space.

For Elastic users and customers, on top of using the Elastic Stack today as a SIEM tool, you will see significant additional value in deploying Endgame's endpoint product. And down the road following completion of the acquisition, you can rely on a much more integrated and native experience in the same way you get from any agent in the Elastic Stack.

For Endgame customers, you will be able to enjoy deploying the Elastic Stack next to Endgame's endpoint product, combining our search technology to extend your threat hunting and SIEM capabilities.

I am humbled to welcome such a talented team from Endgame to Elastic, and I am very excited for what our combined future holds. Here are brief thoughts from Nate and Jamie:

  1. Nate Fick, CEO of Endgame: "We've built an Endpoint security platform that simplifies security so that all organizations can prevent, detect, and respond to attacks. It's been wonderful to see the impact our product is having on the organizations using it, from successfully stopping targeted attacks, reducing time to detect attacks, and cutting operational costs. By joining forces with Elastic, we will be able to take our endpoint platform to another level, integrate with their SIEM efforts, and give users everywhere in the world a complete security solution."
  2. Jamie Butler, CTO of Endgame: "In information security, nothing is more critical to comprehensive protection than access to rich, actionable data in real-time. The combined force of Elastic's powerful search technology and Endgame's award-winning endpoint security offering gives customers unparalleled insight into their data for maximum protection. Both organizations share a commitment to openness, transparency, and user enablement, making this an exciting opportunity for both our employees and for the joint user community. We believe the combination of our solutions will change how the world thinks about data, analytics, and security."

Additional Information and Where to Find It

Elastic N.V. ("Elastic") plans to file with the Securities and Exchange Commission (the "SEC"), and the parties plan to furnish to the security holders of Endgame, Inc. ("Endgame") and Elastic, a Registration Statement on Form S-4, which will constitute a prospectus of Elastic and will include a proxy statement of Elastic in connection with the proposed merger of Avenger Acquisition Corp., a Delaware corporation and a direct wholly-owned subsidiary of Elastic ("Merger Sub") with and into Endgame (the "Merger"), whereupon the separate corporate existence of Merger Sub shall cease and Endgame shall continue as the surviving corporation of the Merger as a direct wholly-owned subsidiary of Elastic. The prospectus/proxy statement described above will contain important information about Elastic, Endgame, the proposed Merger and related matters. Investors and security holders are urged to read the prospectus/proxy statement carefully when it becomes available. Investors and security holders will be able to obtain free copies of these documents and other documents filed with the SEC by Elastic through the website maintained by the SEC at In addition, investors and security holders will be able to obtain free copies of these documents from Elastic by contacting Elastic's Investor Relations by telephone at +1 (650) 695-1055 or by e-mail at, or by going to Elastic's Investor Relations page at and clicking on the link titled "SEC Filings" under the heading "Financials." These documents may also be obtained, without charge, by contacting Endgame's COO and General Counsel by telephone at +1 (703) 650-1264 or by e-mail at

The respective directors and executive officers of Endgame and Elastic may be deemed to be participants in the solicitation of proxies from the security holders of Elastic in connection with the proposed Merger. Information regarding the interests of these directors and executive officers in the transaction described herein will be included in the prospectus/proxy statement described above. Additional information regarding Elastic's directors and executive officers is included in Elastic's proxy statement for its Extraordinary General Meeting of Shareholders, which was filed with the SEC on March 28, 2019. This document is available from Elastic free of charge as described in the preceding paragraph.

Forward-Looking Statements

This blog contains forward-looking statements which include but are not limited to: Elastic's ability to offer a comprehensive security solution focused on endpoint security and integrated with Elastic's existing security efforts; Endgame's EDR and EPP capabilities, in combination with Elastic's security efforts, will help organizations extend threat hunting to the endpoint; the benefit to Elastic customers of deploying Endgame's product; the benefit to Endgame customers of deploying the Elastic Stack; our ability to successfully integrate our products, technologies and businesses; the ability to use Elastic search technology in combination with Endpoint data; our ability to successfully align our product roadmaps and go-to-market strategy; customer acceptance of our combined product lines and the value proposition of our combination; the future conduct and growth of our business and the markets in which we operate; our ability to obtain necessary regulatory approvals to close the Merger; our ability to obtain shareholder approval for the Merger; and the expected timing of the proposed Merger. These forward-looking statements are subject to the safe harbor provisions under the Private Securities Litigation Reform Act of 1995. Our expectations and beliefs regarding these matters may not materialize. Actual outcomes and results may differ materially from those contemplated by these forward-looking statements as a result of uncertainties, risks, and changes in circumstances, including but not limited to risks and uncertainties related to: the ability of the parties to consummate the proposed Merger, satisfaction of closing conditions precedent to the consummation of the proposed Merger, potential delays in consummating the Merger, and the ability of Elastic to timely and successfully achieve the anticipated benefits of the Merger. Additional risks and uncertainties that could cause actual outcomes and results to differ materially from those contemplated by the forward-looking statements are included under the caption "Risk Factors" and elsewhere in our most recent filings with the SEC, including our Quarterly Report on Form 10-Q for the fiscal quarter ended January 31, 2019 and any subsequent reports on Form 10-K, Form 10-Q or Form 8-K filed with the SEC. SEC filings are available on the Investor Relations section of Elastic's website at and the SEC's website at Elastic assumes no obligation to, and does not currently intend to, update any such forward-looking statements after the date of this release, except as required by law.