The presentation discusses the forward-looking statements related to Elastic's security offerings and their business outlook, emphasizing that actual outcomes may differ due to various risks and uncertainties. It highlights the evolution of Elastic Security, aiming to democratize security through a free and open SIEM, and discusses collaborative efforts with the security community to enhance protection. The document also emphasizes the importance of integrating diverse data sources for comprehensive security monitoring and incident response.

1. 1
ElasticON Security Keynote
Nate Fick, Mike Nichols
Elastic Security

2. 2
This presentation and the accompanying oral presentation contain forward-looking statements, including statements
concerning plans for future offerings; the expected strength, performance or benefits of our offerings; and our future
operations and expected performance. These forward-looking statements are subject to the safe harbor provisions
under the Private Securities Litigation Reform Act of 1995. Our expectations and beliefs in light of currently
available information regarding these matters may not materialize. Actual outcomes and results may differ materially
from those contemplated by these forward-looking statements due to uncertainties, risks, and changes in
circumstances, including, but not limited to those related to: the impact of the COVID-19 pandemic on our business
and our customers and partners; our ability to continue to deliver and improve our offerings and successfully
develop new offerings, including security-related product offerings and SaaS offerings; customer acceptance and
purchase of our existing offerings and new offerings, including the expansion and adoption of our SaaS offerings;
our ability to realize value from investments in the business, including R&D investments; our ability to maintain and
expand our user and customer base; our international expansion strategy; our ability to successfully execute our
go-to-market strategy and expand in our existing markets and into new markets, and our ability to forecast customer
retention and expansion; and general market, political, economic and business conditions.
Additional risks and uncertainties that could cause actual outcomes and results to differ materially are included in
our filings with the Securities and Exchange Commission (the “SEC”), including our Annual Report on Form 10-K for
the most recent fiscal year, our quarterly report on Form 10-Q for the most recent fiscal quarter, and any
subsequent reports filed with the SEC. SEC filings are available on the Investor Relations section of Elastic’s
website at ir.elastic.co and the SEC’s website at www.sec.gov.
Any features or functions of services or products referenced in this presentation, or in any presentations, press
releases or public statements, which are not currently available or not currently available as a general availability
release, may not be delivered on time or at all. The development, release, and timing of any features or functionality
described for our products remains at our sole discretion. Customers who purchase our products and services
should make the purchase decisions based upon services and product features and functions that are currently
available.
All statements are made only as of the date of the presentation, and Elastic assumes no obligation to, and does not
currently intend to, update any forward-looking statements or statements relating to features or functions of services
or products, except as required by law.
Forward-Looking Statements

3. 3
Security is a
data problem Data
Analytics
Visualization
Operations

4. Lack of data
fidelity

5. Cost and
complexity
of data
completion

6. Security analysts
overwhelmed
Everyone is a
potential target
Attack surface rife
with blind spots
1 2 3
Elastic Security helps us perform the threat
detection, continuous monitoring, and incident
response functions that we need to effectively
protect UC Davis … Since the solution is
backed by the security community’s
continuing contributions, we gain the
capability to handle the latest attacks.
Jeff Rowe, UC Davis - Security Architect
Protecting against cyber
attacks at UC Davis with
Elastic

7. Enterprise Search SecurityObservability
Kibana
Elasticsearch
Beats Logstash
Three solutions powered by one stack
Powered by
the Elastic Stack
3 solutions
Deployed
anywhere Elastic Cloud Elastic Cloud
on Kubernetes
Elastic Cloud
Enterprise
Saas Orchestration

8. 8
How did we get here?
Going where our users are

9. 2,000 employees in 40 countries
IPO 2018, NYSE “ESTC”
Founded 2012
A Brief Overview
About Elastic
World’s #1 database
search engine (DBEngines)
Opening keynote

10. 2010
Today
Elasticsearch 0.4
released
ECS 1.0
released
Elasticsearch 1.0
released
Growing use of ELK for
threat hunting
SIEM app
released
Perched
acquired
Endgame
acquired
Logstash
joins forces
Kibana
joins forces
Beats to collect
all the data
Prelert acquiredElastic Cloud
launched
Elastic Security
Unified
security
for all

11. Monitoring
and Compliance
Hunting and
Incident Response
Threat Prevention
and Detection
SIEM & Endpoint
Elastic Security

12. Powering security teams
around the world
Security analytics with
Elastic at Square Enix

13. 13
Elastic Security
evolution and vision

14. Where we are today

15. Monitoring &
compliance
Always on
Free and open cloud
security posture
monitoring

16. Threat
prevention &
detection
Prevent first,
detect always
SIEM, malware protection,
deep data visibility -- for
free

17. Hunting &
incident
response
It’s a marathon,
not a sprint
Operationalizing Elastic
Security for practitioners

18. The evolution of security

19. Democratizing Security
Elastic for everyone
Build on the
free and open
Elastic (ELK
Stack
1 2 3 4 5

20. Democratizing Security
Elastic for everyone
Build on the
free and open
Elastic (ELK
Stack
Release a free
and open SIEM
1 2 3 4 5

21. Free and open
SIEM for users
everywhere
The importance of
normalizing your security
data

22. Democratizing Security
Elastic for everyone
Build on the
free and open
Elastic (ELK
Stack
Release a free
and open SIEM
Eliminate
antiquated
pricing models
1 2 3 4 5

23. Eliminating
per-endpoint
pricing at
ElasticON
Washington, DC
October 2019
Stop attacks with Elastic’s
signatureless anti-malware
model

24. Democratizing Security
Elastic for everyone
Build on the
free and open
Elastic (ELK
Stack
Release a free
and open SIEM
Eliminate
antiquated
pricing models
Develop
protections in
the open with
the community
1 2 3 4 5

25. Security
through
obscurity
doesn’t work
Get involved with the
security community at
Elastic

26. Democratizing Security
Elastic for everyone
Build on the
free and open
Elastic (ELK
Stack
Release a free
and open SIEM
Eliminate
antiquated
pricing models
Develop
protections in
the open with
the community
Release free
and open
endpoint
protection
1 2 3 4 5

27. It's dangerous to go alone!
Take them.

28. 28
● Security
orchestration,
automation,
response
● Security incident
response
● General ticket &
case management
These are just some of our partners and community members. The presence of a vendor logo doesn’t imply a business relationship with Elastic.
Elastic community – scale your security program
Kibana
Elasticsearch
● Host sources
● Network sources
● Cloud platforms &
applications
● User activity sources
● SIEMs & centralized
security data stores
● Internal context
● External context
● Consulting
● Education & training
Solutions
Integrators,
Value-added
Resellers,
MSPs & MSSPs
LogstashBeatsAgent

29. Elastic
Security
The foundation of
modern security
programs
SIEM, endpoint security,
threat hunting, and more
● One Agent - One Click
Only Elastic Security provides a free
agent to instantly collect and protect
● Elastic SMEs + the Community
 Unparalleled protection
Protections are developed in the
open with community engagement
and contributions
● Action all data, for all time
Only Elastic empowers seamless
searching across data anywhere,
including snapshots
Elastic Security under the
hood

30. Adding a use case with
one click

31. One unified shipper tomorrowMany data shippers today
Filebeat
Metricbeat
Winlogbeat
Heartbeat
Security
APM
Elastic Agent
Filebeat
Metricbeat
Winlogbeat
Heartbeat
Security
APM
Easier to install
Easier to upgrade
Easier to scale

32. Instant on protection

33. Correlation!
• Correlate across all your
data with Event Query
Language (EQL
• Elastic Security
delivering the first
experience soon
• Available today with
many examples of doing
things never before
possible in Elastic.
• Attend the EQL talk later
today

34. A Public Repo!
Community & Collaboration
• A dev-first mentality for malicious
behavior detection
The Rules
• A place to engage on rules for all
users of Elastic Security
Contribution Guides
• Creating issues, submitting PRs,
our philosophy, and more!
Developer Tools
• Interactive CLI to create rules
• Syntax validation, ECS schemas,
metadata checker, etc. github.com/elastic/detection-rules
Get involved with the
security community at
Elastic

35. Doing more with data

36. Hot Warm Cold
Snapshot
$$ $/2
Frozen

37. Schema on write
query performance
Schema on read
flexibility, cost, ingest pace
Advantages:
● Immediate response time
● Flexibility for new docs
Advantages:
● Flexibility for ingested docs
● Start without data/use knowledge
● Improved ingest rate
● Lower hardware costs
Extract, transform, index
Readiness for immediate query /agg Prep query upon need
Load almost raw

38. Take a quick spin
demo.elastic.co
Join the
Elastic
community Try free on Cloud:
ela.st/security-trial
Connect on Slack:
ela.st/slack
Using Elastic @ Elastic:
InfoSec and Elastic
Security

39. 39
Thank You!