4. We’ve met our next major milestone in
our vision for joining forces with Endgame:
Elastic introduces the first
free and open, Limitless XDR
unifying SIEM and Endpoint Security
for analysts everywhere.
6. X is for eXtended
D is for Detection
R is for Response
7. Why do we need XDR?
“We noticed this network
activity from our endpoint
events, did we see anything
on our firewalls?”
“This user is downloading
files from s3 onto their
desktop, can we view the s3
events?”
8. Limitless XDR
XDR modernizes security operations, enabling analytics across all data,
automating key processes, and bringing native endpoint security to every host.
SIEM Endpoint
Security
...
9. What is “Limitless”?
Limitless visibility
Hundreds of one-click integrations, a
community of extensions, and simple
custom ingestion with a single Agent
Limitless data
Action frozen storage data, like S3, for
years of search, threat intelligence,
dashboards, reports, and more
Limitless value
Elastic Security is all inclusive, with no price
per seat, agent, GB ingested, etc. Deploy
anywhere on any cloud or on prem (or both)
Limitless analysis
Search, correlate, look for outliers with
machine learning, finding threat intelligence,
aggregate results, prioritize, and investigate
across multi-cloud environments
10. Elastic Security
Pre-execution prevention
❏ Malware prevention
❏ Ransomware prevention
Post-execution prevention
❏ Behavioral ransomware
Prevention
Collect
Continuous visibility
❏ Kernel-level data collection
❏ Tailored host data collection
❏ Ad-hoc host analysis via osquery
Prevent
Elastic Agent
❏ Alert triage and hunting workflows
❏ Insights, context, and
recommendations
❏ Threat intel. integrations
❏ Prebuilt detections: use cases,
rules, ML models
❏ Advanced analytics, interactive
visualizations, root-cause analysis
❏ Fast and scalable search platform,
open data schema, on-prem to
multi-cloud
Detect
Elastic Stack
❏ Investigation & response workflows
❏ External alert actions: email, Slack,
SOAR & ITSM platforms
❏ External case connectors: IBM,
JIRA, ServiceNow, Swimlane
❏ Simple custom connections
Respond
Elastic Stack
❏ On-demand osquery inspection
❏ Remote host isolation
Elastic Agent