Solution Overview

The Elastic Endpoint Security Lab is a capability of the Advanced Technology Center (ATC) designed to provide an environment to gain hands-on experience with the fundamental features of Elastic Endpoint Security.

Endpoint detection and response (EDR) is an integrated endpoint security solution that combines real-time monitoring with rule based response. First generation EDR tools are becoming ineffective due to lack of efficiency in detecting fast moving threat and with increase visibility comes increased amounts data and analysis.

Elastic Security provides a different approach to EDR by combing EDR and SIEM capabilities which leads to reduced mean time to detect and respond to threats. Elastic Security for endpoint prevents ransomware and malware, detects advanced threats and arms responders with vital investigative context, such as prioritized detections to help stop alert fatigue.

Lab Diagram