Introducing Elastic Endpoint Security

These people move fast. Completed acquisition last week, Oct 8. Launching Elastic Endpoint Security today, livestream ongoing and impressive.

https://www.elastic.co/blog/introducing-elastic-endpoint-sec…

Integrates Endpoint security and automated threat hunting and remediation into Elastic SEIM and the Elastic Stack. Integrating into the data sets that also provide monitoring, logs, and APM. Customizable dashboard with Canvas.

Eliminating per endpoint pricing structure with data set pricing structure.

The end of endpoint pricing

In addition to combining the world’s first free and open SIEM with the best endpoint protection technology, Elastic is eliminating per-endpoint pricing.

“Why should users need to count the number of devices they need to protect? Or choose how many days of threat intelligence data they can afford to retain?” added Banon. “We want organizations to have the best protection, use it everywhere, and not be penalized with per-endpoint pricing.”

Elastic customers pay for resource capacity for any solution they use — Elastic Logs, APM, SIEM, App Search, Site Search, Enterprise Search, and now Endpoint Security — with a consistent and transparent pricing framework. This ensures organizations can capture maximum value from their data. With Elastic Endpoint Security, customers get full protection for as many endpoints as they need, and full data collection and shipping without having to compromise.

An interesting development in the space. Endgame is a very capable product achieving very high ratings in the endpoint space, if not so much the reach that other products have achieved. With this converging with the other Elastic use cases under a single pane, I think this could prove a very powerful platform for Elastic’s SaaS roadmap. Tremendous value from a single platform.

A year earlier than what I was originally thinking this would hit the market as an integrated product.

Darth

32 Likes

The end point security market is making me crazy.

Until some company comes up with an endpoint security product that provides all the modern security features for the retail consumer displacing McAfee and Norton (and Kaspersky) as well as addressing the corporate market I really have no idea who’s the winner.

So far, my bets are on Crowdstrike. But I’m about ready to just bail on the whole space and sit on the sidelines until a clear tech winner moves to the front.

8 Likes

Seems like more competition for CrowdStrike. I do not understand why ZS needed to partner with CrowdStrike. If you are using ZS all the time would’nt that be protection enough? Why would one need endpoint security? Is the fear that you will not use ZS all the time?

2 Likes

ZScaler doesn’t quite eliminate the need for protecting endpoints. Something will inevitably get through and you don’t want it spreading from inside. You will also need to hunt and eliminate things that do.

Also there may be substantial traffic or uses that don’t flow through ZScaler in an organization. Insiders and accidents.

ZS may help make your EPP more like the Maytag guy, sitting around for longer periods not doing anything, but EPP will always be something that every company will need.

6 Likes

https://digitalguardian.com/blog/what-endpoint-security-data…

Endpoint protects the device and network security the network as a whole. One would think the distinction meaningless over time. But Zscaler says they will not do end point security (too competitive and difficult to make money) and thus the distinction will remain.

As I am typing on my iPad, an end point I am sending things through the network when Inhit send. Not my field but it makes sense that end point protects my iPad or even specific server in an anti virus sort of way and network security protects what is coming to and from the corporate data center from all sources (end points included) along with what is coming to and fro from SaaS services.

Protecting the device vs protecting the integrity of the network and the data center/SaaS.

https://www.hpe.com/us/en/insights/articles/5-ways-cloud-sec…

The single biggest concern is the security of the communications link between your data center and the cloud data center where your data and applications are stored. Similarly, you need to be concerned about the communications security between your cloud provider’s diverse data centers.

You also need to take into account the potential communications security issue involving your employees and customers. Many SaaS (software as a service) applications allow end users to access cloud information directly, meaning they don’t need to go through the company’s own data center and its related security and authentication processes.

Which sounds exactly what Zscaler does in protecting the network.

It seems an area where overlap may exist, but apparently that is not so much the case in practice.

Tinker
It’s one of those techie questions best answered by someone who really knows, but this seems the gist of difference between a Zscaler and a Crowd. Also, it shows why a Zscaler can sell from the C suite down as they protect the integrity of the entire network vs Crowd that protects the integrity of individual end points from outside intruders and malware.

Zscsler’s CEO uses an airport inspection analogy between the different aspects of airport security.

6 Likes

“Seems like more competition for CrowdStrike. I do not understand why ZS needed to partner with CrowdStrike. If you are using ZS all the time would’nt that be protection enough? Why would one need endpoint security? Is the fear that you will not use ZS all the time?”

Because you can plug a USB cable into a device you steal and hack it. This slightly oversimplifies the matter but ZS would have no idea, but a respectable endpoint product would.

2 Likes

Seems like more competition for CrowdStrike. I do not understand why ZS needed to partner with CrowdStrike. If you are using ZS all the time would’nt that be protection enough? Why would one need endpoint security? Is the fear that you will not use ZS all the time?

I can’t really answer because I don’t know other than you might have a contaminated device which is bad for business in general. And Crowdstrike has to connect to the device somehow, may as well connect via a protected network. Other than that, I don’t know.