Endpoint detection and response (EDR)

Elastic endpoint security (EPP & EDR)

Security starts at the endpoint and Elastic Endpoint Security is the only endpoint protection product to fully combine protection, prevention, detection, and response with machine learning technology without cloud connectivity into a single autonomous agent.

It requires zero training, It is built for speed, and stops threats at the earliest stages of attack.

Elastic brings you the only security platform that makes advanced endpoint protection as simple as AV.

Malware and ransomware prevention

Behavior-based ransomware prevention blocks attacks before full disk encryption, and MalwareScore™ for Windows and macOS is the machine learning-powered malware prevention with 99% block rate and zero false positives.

Phishing prevention

The industry’s only on-endpoint phishing prevention. Using machine learning to prevent malicious Microsoft Office documents and PDFs before they can execute.

Exploit prevention

Block attempts to exploit vulnerabilities — even zero-day vulnerabilities and kernel exploits designed to elevate privileges — before any malicious code can execute.

Fileless attack prevention

Injection protection stops in-memory attacks like reflective DLL and shellcode injection. We detect and can block suspicious and malicious Powershell scripts.

Comprehensive MITRE ATT&CK protection & Threat hunting

Improved Threat Intelligence with mapping detections to MITRE ATT&CK framework.

Elastic endpoint achieves outstanding MITRE ATT&CK validation to become the only endpoint protection solution to meet the complex compliance requirements.

Threat hunting with Endpoint security

Models and Machine Learning

Built through a collaboration between threat experts and data scientists and trained against meticulously labeled data

Adversary Behavior Prevention

Operate in-line at the lowest level, using autonomous prevention to block techniques like vulnerability exploits, process injection, credential dumping, and more.

MalwareScore and MacroScore

Powered by machine learning, prevents execution of 99+% of known and unknown malware and malicious macros without signatures.

Low Level Data Collection, High Fidelity Visibility

Provides the visibility and operational insight needed by threat hunters and incident responders.

User Configurable Autonomous Rules

Create custom rules for your environment if desired


Response actions include - host isolation, file upload, file execution, file retrieval, file deletion, process memory dumps, and more - eliminating the need for additional tools and ensuring rapid response.