Elastic endpoint security (EPP & EDR)
Security starts at the endpoint and Elastic Endpoint Security is the only endpoint protection product to fully combine protection, prevention, detection, and response with machine learning technology without cloud connectivity into a single autonomous agent.
It requires zero training, It is built for speed, and stops threats at the earliest stages of attack.
Elastic brings you the only security platform that makes advanced endpoint protection as simple as AV.
Malware and ransomware prevention
Behavior-based ransomware prevention blocks attacks before full disk encryption, and MalwareScore™ for Windows and macOS is the machine learning-powered malware prevention with 99% block rate and zero false positives.
The industry’s only on-endpoint phishing prevention. Using machine learning to prevent malicious Microsoft Office documents and PDFs before they can execute.
Block attempts to exploit vulnerabilities — even zero-day vulnerabilities and kernel exploits designed to elevate privileges — before any malicious code can execute.
Fileless attack prevention
Injection protection stops in-memory attacks like reflective DLL and shellcode injection. We detect and can block suspicious and malicious Powershell scripts.
Comprehensive MITRE ATT&CK protection & Threat hunting
Improved Threat Intelligence with mapping detections to MITRE ATT&CK framework.
Elastic endpoint achieves outstanding MITRE ATT&CK validation to become the only endpoint protection solution to meet the complex compliance requirements.
Threat hunting with Endpoint security
Models and Machine Learning
Built through a collaboration between threat experts and data scientists and trained against meticulously labeled data
Adversary Behavior Prevention
Operate in-line at the lowest level, using autonomous prevention to block techniques like vulnerability exploits, process injection, credential dumping, and more.
MalwareScore and MacroScore
Powered by machine learning, prevents execution of 99+% of known and unknown malware and malicious macros without signatures.
Low Level Data Collection, High Fidelity Visibility
Provides the visibility and operational insight needed by threat hunters and incident responders.
User Configurable Autonomous Rules
Create custom rules for your environment if desired
Response actions include - host isolation, file upload, file execution, file retrieval, file deletion, process memory dumps, and more - eliminating the need for additional tools and ensuring rapid response.