{
	"id": "46507254-aa79-4a16-a863-13fbb52aa1f6",
	"created_at": "2026-04-06T00:18:23.526933Z",
	"updated_at": "2026-04-10T03:21:34.908319Z",
	"deleted_at": null,
	"sha1_hash": "957b4d3d8f86bb7d443cd6376598e9d345c45fdc",
	"title": "Introducing Elastic Endpoint Security",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 551411,
	"plain_text": "Introducing Elastic Endpoint Security\r\nBy ByShay Banon\r\nPublished: 2019-10-15 · Archived: 2026-04-05 21:24:23 UTC\r\nEditor’s Note — August 19, 2020: The Elastic Endpoint Security and Elastic SIEM solutions mentioned in this\r\npost are now referred to as Elastic Security. The broader Elastic Security solution delivers endpoint security,\r\nSIEM, threat hunting, cloud monitoring, and more.\r\nToday we are excited to announce the introduction of Elastic Endpoint Security, based on Elastic’s acquisition of\r\nEndgame, a pioneer and industry-recognized leader in endpoint threat prevention, detection, and response based\r\non the MITRE ATT\u0026CK™ matrix. Elastic is combining SIEM and endpoint security into a single solution to\r\nenable organizations to automatically and flexibly respond to threats in real time, whether in the cloud, on-premises, or in hybrid environments. Also announced today, Elastic is eliminating per-endpoint pricing.\r\n“Two key trends in endpoint security — the importance of a strong analytics back-end and the rise of the MITRE\r\nATT\u0026CK framework as a lingua franca — help make the case for greater emphasis on threat hunting and incident\r\nresponse use cases,” said Fernando Montenegro, Principal Analyst at 451 Research. “Elastic’s acquisition of\r\nEndgame fits well within these trends, and the combination of SIEM and endpoint security should enable\r\norganizations to pursue efficiencies around those use cases.”\r\nEndgame has been validated by numerous independent testing organizations, including NSS Labs, SE Labs,\r\nMITRE, and others as having both the strongest preventions and detections available. This was recently illustrated\r\nby its performance in the AV Comparatives Independent Anti-Virus Test, where Endgame demonstrated\r\nexceptional protection against real-world threats, preventing 99.7% of malware with no cloud connectivity\r\nrequired.\r\nAdditionally, Elastic Endpoint Security brings one of the strongest sources of endpoint security data, raw endpoint\r\nevent data, and alerts to the Elastic Stack, joining the existing logging, security, APM, and infrastructure event\r\ncollection. With the average threat dwell time exceeding 100 days, shipping, scaling, and storing data efficiently in\r\nElasticsearch makes searching through all of this disparate security-related data practical, easy, and fast.\r\nAccordingly, endpoint security is a natural fit for the Elastic Stack to provide prevention against threats and the\r\nfastest detection and response to stop attacks at the earliest stages possible.\r\n“Users deserve more from the tools they deploy. That’s why we are providing immediate value today through the\r\nsimplicity of a single stack to search, store, analyze, and secure your data,” said Shay Banon, founder and chief\r\nexecutive officer of Elastic. “This is an exciting step toward realizing our vision for applying search to multiple\r\nuse cases, as we are now able to offer users the best threat hunting solution with the best endpoint protection.”\r\nhttps://www.endgame.com/blog/technical-blog/stopping-olympic-destroyer-new-process-injection-insights\r\nPage 1 of 4\n\nOur journey into SIEM and endpoint security\r\nTools working in isolation can’t safeguard an organization, and the data that those tools collect isn’t actionable\r\nwithout a centralized management console. Security teams are faced with siloed data, slow query times, and\r\ncompromised analysis that lacks relevance and context. Organizations already know they need to work in real\r\ntime; they need to ingest and store all types of data in a way that is unbounded; and they need to produce relevant\r\nresults and automatically operationalize them into existing and new security workflows.\r\nNearly two years ago, we embarked on a mission to help organizations evolve their security efforts. While the\r\nElastic Stack has been adopted and is used as a security solution for use cases like threat hunting, fraud detection,\r\nand security monitoring, we wanted to make it even easier for users to deploy our products for security. We first\r\nworked in collaboration with our community to develop the Elastic Common Schema (ECS) to provide an easy\r\nway to normalize data from disparate sources from network and host data. Then we launched Elastic SIEM, the\r\nworld’s first free and open SIEM... but we didn’t stop there.\r\nNow, when you deploy a data collection agent for Elastic SIEM, you can protect the endpoint simultaneously and\r\nremove the inefficiency of multiple solutions that can’t respond in time to prevent damage and loss.\r\n“Stopping attacks as early as possible is the goal. That requires the best preventions and the highest fidelity\r\ndetections on the endpoint. The combination of Endgame’s leading endpoint protection technology with Elastic\r\nSIEM creates an interactive workspace for SecOps and threat hunting teams to stop attacks and protect their\r\norganizations,” said Nate Fick, formerly CEO of Endgame and now general manager of Elastic Security.\r\nhttps://www.endgame.com/blog/technical-blog/stopping-olympic-destroyer-new-process-injection-insights\r\nPage 2 of 4\n\nThe end of endpoint pricing\r\nIn addition to combining the world’s first free and open SIEM with the best endpoint protection technology,\r\nElastic is eliminating per-endpoint pricing.\r\n“Why should users need to count the number of devices they need to protect? Or choose how many days of threat\r\nintelligence data they can afford to retain?” added Banon. “We want organizations to have the best protection, use\r\nit everywhere, and not be penalized with per-endpoint pricing.”\r\nElastic customers pay for resource capacity for any solution they use — Elastic Logs, APM, SIEM, Elasticsearch,\r\nand now Endpoint Security — with a consistent and transparent pricing framework. This ensures organizations\r\ncan capture maximum value from their data. With Elastic Endpoint Security, customers get full protection for as\r\nmany endpoints as they need, and full data collection and shipping without having to compromise.\r\nSecurity leaders comment on Elastic Endpoint Security\r\nTexas A\u0026M University, Andrew Stokes, Assistant Director and Information Security Officer\r\n“We value speed of response and the ability to learn from and analyze our historical data. Elastic Endpoint\r\nSecurity has dramatically dropped our mean time to remediate from seven days to 30 minutes over legacy\r\nantivirus, and the Elastic Stack has provided an unparalleled way to store, analyze, and react to data well beyond\r\nany competitor in the market. Combining Elastic Endpoint Security and the Elastic Stack into a single,\r\nintelligence-led platform will further simplify and automate our security operations.”\r\nOptiv, Anthony Diaz, Divisional Vice President, Emerging Services\r\nhttps://www.endgame.com/blog/technical-blog/stopping-olympic-destroyer-new-process-injection-insights\r\nPage 3 of 4\n\n\"Elastic is bringing together the integration of a next-generation SIEM, robust visualization engine and a best-in-class endpoint product all backed by the world's leading search technology. This combination provides a\r\nfoundation for enterprises to combat the growing complexity of cyber threats. Elastic's vision for bringing together\r\nthese components in an open ecosystem is a revolutionary, yet practical idea that helps organizations of all sizes\r\nmaximize all of their data to manage their cyber security needs.\"\r\nInfotrack, Sebastian Mill, Chief Technology Officer, Global Development\r\n“At InfoTrack, we’ve come to realize just how valuable endpoint data can be for gaining visibility into our\r\noperations and making sure our infrastructure remains secure. Toward these goals, our innovation team has\r\nalready been scoping Auditbeat into our environments, but introducing Elastic Endpoint Security takes it to a\r\nwhole new level. We are intrigued by the ability to stop threats with Elastic Endpoint Security while pairing\r\nsecurity event data with some Elastic machine learning-powered anomaly detection. It will be a killer setup.\"\r\nSANS Institute, John Pescatore, Director, Emerging Security Trends\r\n“When SANS surveyed SOC managers about the tools they wish new SOC hires were skilled in the Elastic (ELK)\r\nStack was one of the top ones mentioned. The components of the ELK stack are used both by SOC analysts and\r\napplication developers. Having strong EDR capability integrated into the endpoint side of the standard packages\r\ndeployed by DevOps and CI/CD pipelines can be a real game changer in visibility, detection and prevention of\r\ncyber attacks.”\r\nResources\r\nIf you want to see Elastic Endpoint Security in action and hear more about our developments, please join us at one\r\nof our Elastic{ON} Tour stops in the US, EMEA, or Asia Pacific.\r\nElastic Endpoint Security solutions page\r\nElastic SIEM solutions page\r\nElastic SIEM documentation\r\nElastic SIEM community forum\r\nElastic SIEM webinar recording\r\nSource: https://www.endgame.com/blog/technical-blog/stopping-olympic-destroyer-new-process-injection-insights\r\nhttps://www.endgame.com/blog/technical-blog/stopping-olympic-destroyer-new-process-injection-insights\r\nPage 4 of 4",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"Malpedia"
	],
	"references": [
		"https://www.endgame.com/blog/technical-blog/stopping-olympic-destroyer-new-process-injection-insights"
	],
	"report_names": [
		"stopping-olympic-destroyer-new-process-injection-insights"
	],
	"threat_actors": [],
	"ts_created_at": 1775434703,
	"ts_updated_at": 1775791294,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/957b4d3d8f86bb7d443cd6376598e9d345c45fdc.pdf",
		"text": "https://archive.orkl.eu/957b4d3d8f86bb7d443cd6376598e9d345c45fdc.txt",
		"img": "https://archive.orkl.eu/957b4d3d8f86bb7d443cd6376598e9d345c45fdc.jpg"
	}
}