Elastic expands its threat prevention capabilities to stop advanced threats at the endpoint

Elastic announced expanded Limitless Extended Detection and Response (XDR) capabilities across the Elastic Security solution in its 7.15 release, including new layers of prevention for Windows, macOS and Linux, and host isolation for cloud-native Linux environments.

Malicious behavior protection, now generally available, stops advanced threats at the endpoint for Windows, macOS and Linux hosts. Powered by analytics that prevent attack techniques leveraged by known threat actors, malicious behavior protection strengthens existing malware and ransomware preventions by pairing post-execution analytics with response actions to stop attacks before they cause damage.

Providing organizations another layer of prevention against cyber attacks, Elastic Security now provides memory threat protection for Windows endpoints, preventing memory manipulation via shellcode. Memory threat protection prevents attacks engineered to evade less sophisticated security technologies.

Leveraging cloud-native extended Berkeley Packet Filter (eBPF) technology, Elastic also introduces host isolation for cloud-native Linux environments, enabling security analysts to quarantine Linux hosts directly from Kibana by isolating the host from the network, containing the attack, and preventing lateral movement.