Elastic

Security
The Elastic (ELK) Stack has long been used by security teams
and organizations to conduct fast and effective threat hunting
and SecOps. Now you can use robust security solutions —
Elastic SIEM and Elastic Endpoint Security — directly from the
makers of the technology that keeps the world’s largest
organizations ahead of threats.

Want to check it out for yourself? Try an extended 30-day free

trial of Elasticsearch Service at ela.st/siem, or spin up your own
open source deployment with no time or size restriction.
Elastic Stack for security
Why do organizations power their security operations and threat hunting programs
with the Elastic Stack? Speed, scalability, and relevance. By adopting Elastic security
solutions within your SOC, your team is equipped with the technology trusted by
security teams everywhere.

Collect at scale Ask your data questions of all kinds

Hints of a threat can come from Query structured, semi-structured,
anywhere, including places you and unstructured data. Perform
weren’t expecting. Centralize data ad-hoc searches across your
from across your environment. enterprise and get results in seconds,
Store petabytes of data and keep all made possible by ingestion-
it searchable for years. time indexing.

Monitor your attack surface Automate detection

Monitor your data in near real-time Automate threat detection with
on interactive dashboards. Drill down correlation rules. Implement Elastic
and pivot with direct access to and community security rules and
underlying data and the structure of tailor them for your environment. If
a purpose-built schema. you can query it in Elasticsearch,
you can alert on it.
Explore anomalies
with machine learning Accelerate incident response
Surface unusual events with machine Reveal the root cause of an attack
learning-based anomaly detection. and the extent of a compromise.
Equip threat hunters with evidence- Gather forensic evidence and
based hypotheses. Find the threats contextual data. Forward
you expected — and the ones investigations to ticketing and SOAR
you didn’t. platforms. Automate response with
Elastic Endpoint Security.

br-security-2019-1111 | elastic.co | © 2019 Elasticsearch B.V. All rights reserved.

Open source roots, enterprise-ready
Milliseconds matter Make any infrastructure “home”
Monitor your environment with Streamline platform setup,
interactive dashboards. Hunt for administration, and maintenance.
threats with a rapid succession of Deploy in the cloud or on-prem.
ad-hoc queries. Drill into and pivot Choose Elastic Cloud for simplified
through underlying data at will. And management and scaling or Elastic
do it all with the technology fast Cloud Enterprise to maintain
enough for the sharpest analysts. complete control.

Establish a holistic view Retain the data you need

Gathering all of your data is one With average dwell times in excess of
thing. Being able to uniformly 90 days, long-term data retention is
examine it is another. With the Elastic key. Elastic scales as big as you need,
Common Schema (ECS), you can stores data for as long as you want,
centrally analyze information like logs, and makes searching through it
flows, and contextual data from simple and fast. And you’ll only ever
across your environment — no matter pay for the resources you use.
how disparate your data sources.
Integrate and collaborate
Secure. By design. Extend the functionality of your
Don’t let adversaries target your solution with the Elastic Stack’s
platform. Implement authentication broad set of REST APIs. Integrate
and network traffic encryption. with your legacy systems.
Create user roles and implement Participate in Elastic’s flourishing
index- and cluster-level permissions. open source community.
Manage access to Kibana-saved
objects like dashboards. Be in great company
The Elastic Stack powers many of the
Security events are just the start world's most demanding security
Have metrics? APM data? Documents applications. The technology is
with tons of text? Bring it all into the trusted by security teams at Barclays,
Elastic Stack to enrich your security Cisco, the US Air Force, and many
analytics, enable new use cases, and other high-profile organizations.
streamline your infrastructure.

br-security-2019-1111 | elastic.co | © 2019 Elasticsearch B.V. All rights reserved.

Security starts at the endpoint
Elastic Endpoint Security
Elastic Endpoint Security combines prevention, detection, and response into a
single autonomous agent. It requires zero training, is built for speed, and stops
threats at the earliest stages of attack.

Elastic brings you the only security platform that makes advanced endpoint
protection as simple as AV.

• Malware and ransomware prevention: Behavior-based ransomware

prevention blocks attacks before full disk encryption, and
MalwareScore™ for Windows and macOS is the machine
learning-powered malware prevention with 99% block rate and zero
false positives.

• Phishing prevention: The industry’s only on-endpoint phishing

prevention. Using machine learning to prevent malicious Microsoft
Office documents and PDFs before they can execute.

• Exploit prevention: Block attempts to exploit vulnerabilities — even

zero-day vulnerabilities and kernel exploits designed to elevate
privileges — before any malicious code can execute.

• Fileless attack prevention: Our injection protection stops in-memory

attacks like reflective DLL and shellcode injection. We detect and can
block suspicious and malicious Powershell scripts.

Validated by the best

br-security-2019-1111 | elastic.co | © 2019 Elasticsearch B.V. All rights reserved.

See your data, your way
Elastic SIEM app
The Elastic SIEM app provides an interactive workspace for analysts to triage
events and perform initial investigations. Security teams use its interactive
timeline to gather and store evidence, pin and annotate key data, and forward
findings to ticketing and SOAR platforms.

There’s even more in Kibana for security analysts to love.

Full protection, no compromises
Prevent Detect Respond

We’re bringing endpoint protection and SIEM into a single experience to

provide optimal protection against cyber threats and streamline how you
secure your organization.

Built on the Elastic Stack

Elastic
SIEM app

Elastic
Common
Schema (ECS)
Network
and host
integrations