Does Elastic Defend receive detection updates?

Hi,
I know that Elastic is a relatively new player to the EDR sector and I wanted to know, does Elastic have a team that is pushing updates to the Elastics EDR?

For example, a company like Palo Alto and their EDR Cortex is backed by their threat research team Unit 42. They research new emerging threats and all of their findings, detections are pumped into their EDR Cortex and in that way the EDR stays up to date on modern threats.

Does Elastic push new detections to their EDR?

Hello Matthew!

The Elastic Security Labs team regularly updates our behavioral detections, yara rules, machine learning malware models, and other detection content for Elastic Defend (EPP/EDR product). Many of these updates are visible in the open here. We also publish a ton of threat research articles at Elastic Security Labs. Our goal is to ensure our users are well protected from the evolving threat landscape. We participate in independent third party testing so existing or prospective customers can see how we stack up against the competition. In the latest test results from av-comparatives, we were the top ranked vendor for detection efficacy.

image813×613 29.2 KB

Hope this helps!

I've personally tested Elastic Endpoint using a Breach and Attack Simulation (BAS) tool, and I can confidently say it performed exceptionally well. In fact, it clearly outperformed a competing solution, which heavily market themselve as "the best in the industry."

If you're assessing endpoint security options, Elastic deserves serious consideration. It's more capable than many give it credit for.

Kudos to the Elastic Security team for setting such a high standard in the EDR space. The level of detection, performance, and transparency is top-tier. Please keep up the excellent work, it's making a real impact.

(Added bonus is that you get a true NG-SIEM and an Observability platform with your EDR)