Elastic announced the launch and general availability of the free and open Limitless Extended Detection and Response (XDR).
Part of Elastic Security, Elastic Limitless XDR modernizes security operations by unifying the capabilities of security information and event management (SIEM), security analytics, and endpoint security.
“Organizations have been spending regularly on threat detection and response but still can’t detect sophisticated threats,” says Jon Oltsik, Senior Principal Analyst at ESG. “By aggregating threat detection and response across multiple controls, XDR promises to improve threat detection and response, correlating endpoint detections with telemetry from other sources to simplify investigation and streamline operations.”
Elastic Limitless XDR is anchored in SIEM and enriched by a single agent for endpoint security to eliminate data silos, reduce alert fatigue, and arm practitioners to stop threats at cloud scale. Built into a single platform, Elastic Limitless XDR extends visibility across any environment to prevent, detect, and respond to threats and eliminate blind spots, everywhere.
According to the IDC EDR and XDR 2020 Survey, 55% of organizations currently use up to six endpoint security technologies. “While EDR technologies remain a popular choice for helping organizations strengthen their security posture, XDR is gaining in popularity as security teams require telemetry from many sources beyond the endpoint,” says Chris Kissel, Research Director Security & Trust Products IDC.
Elastic Limitless XDR powers centralized analytics on years’ worth of data, automates key processes, and brings native endpoint security to every host.
Elastic Limitless XDR stops threats at cloud scale on a single platform.
Extending visibility across any environment to eliminate security blind spots
- Block malware and ransomware, perform collection and inspection, detect and take responsive actions on the endpoint, and support DevSecOps and observability use cases by collecting application traces through a single agent.
- Accelerate security operations with automated hunting and investigation workflows, built-in case management, and hundreds of one-click integrations created by Elastic and its global user community.
- Deploy on premises, in the cloud, or hybrid.
Providing fast, cost-effective search to meet the evolving needs of security teams
- Ingest and prepare data from across any environment and search it in milliseconds to seconds with the frozen data tier, powered by searchable snapshots, on low-cost object stores such as Amazon S3, Google Cloud Storage, and Microsoft Azure Storage.
- Efficiently retain years of actionable telemetry to uncover long-dwelling threats and markers of newly discovered exploits.
- Uniformly analyze information stored across multiple clouds without the delay and expense of backhauling data.
Automating threat detection to reduce alert fatigue
- Automate threat detection with rules built by Elastic and community security researchers and shared on a public detection rules repository.
- Uncover security-relevant anomalies with prebuilt machine learning jobs.
- Aggregate results, prioritize, and investigate across multi-cloud environments.
“Elastic has disrupted the cyber security industry by providing an extensible product line that allows the State of South Dakota to detect endpoint, network, and even cloud threats at a very reasonable cost. Beyond the threat investigation aspect of the Elastic Security product is the community and open code that allows us to work with others in the industry and tailor the needs of our cyber security analysts and engineers to our organization. Having the Elastic stack as part of our security operations infrastructure has pushed us further to being a world class SOC so that we can best protect the State of South Dakota from cyber threats,” said Nicholas Penning, Cybersecurity Architect at the State of South Dakota Bureau of Information and Telecommunications.
“Elastic has given Sally Beauty the ability to streamline the security stack, while greatly expanding detection and prevention capabilities. Having one unified agent that can collect endpoint and network telemetry data, while also providing world-class prevention, has been a real game changer. The move to a decentralized workforce, due to the pandemic, would have previously left us scrambling to not lose capabilities. But due to the benefits of Elastic Cloud, we were perfectly positioned to continue securing our assets and infrastructure, regardless of location. With the Elastic Security Platform, our Security Operations Team has everything we need to Prevent, Detect & Respond to Cyber Security Threats,” said Sr. Information Security Engineer, Sally Beauty.
“Between today’s advanced attack techniques and complicated IT environments, it is more difficult than ever for organizations to stop threats before damage is done. Adding to this challenge, security teams have to pivot between multiple tools to investigate and respond fully to attacks. By combining SIEM and endpoint security, Elastic Limitless XDR provides fast detection and response capabilities with cloud, user, endpoint, and network telemetry to simplify investigation and response on a single platform,” said Nate Fick, General Manager, Security at Elastic.