Elastic N.V. today introduced Elastic Endpoint Security, its latest cybersecurity product, which provides protection against hackers for enterprises’ backend infrastructure and employee devices.

The software is based on technology that the company obtained through its acquisition of Endgame Inc. in June. Elastic paid $234 million for the startup, which counted the U.S. Air Force among its customers and had raised over $100 million in funding. Its backers included major Silicon Valley investors such as Kleiner Perkins Caufield & Byers.

Elastic Endpoint Security is a software agent that companies can install on a device much like an antivirus to scan for threats. It detects malware, phishing attempts and so-called fileless attacks that the hijack existing, legitimate programs on a machine to carry out malicious activity. The agent can operate autonomously without sending data to the cloud for analysis, which allows it to spot intrusions even when there’s no internet connection. 

Elastic Endpoint Security’s other function is to serve as a data collection tool for a company’s network protection team. It gathers detailed information about suspicious activity that administrators can use to investigate breaches and plan appropriate countermeasures.

That information is beamed up to Elastic’s Elastic SIEM product, another recently launched security tool from the company. It’s a kind of virtual command room for tracking down breaches that enables administrators to look at security data from multiple sources. An analyst could, for example, correlate malware alerts from Elastic Endpoint Security with user and network activity logs.

“Elastic Endpoint Security has dramatically dropped our mean time to remediate from seven days to 30 minutes over legacy antivirus,” Andrew Stokes, the information security officer at Texas A&M University, was quoted by Elastic as saying.

For a company whose core competency isn’t security, Elastic has built up quite an arsenal of network protection features. The publicly traded firm is best known for its Elasticsearch search engine, which helps enterprises make their internal databases easier to navigate. Elastic first launched a push to add security-specific features two years ago, after seeing that network protection teams were using its software to help make sense of the data generated by their threat detection tools.

“Endpoint prevention, detection, and response (EPP + EDR) is a natural expansion to Elastic’s security and agent efforts,” Chief Executive Officer Shay Banon explained when the company announced its purchase of Endgame back in July. “We believe that the ability to both bring another layer of data, as well as expanded threat hunting to the endpoint directly, is a unique value proposition of the combined products.” 

Photo: Elastic