Livestream with Elastic CEO, Shay Banon SIEM + Endpoint Security

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

[Music] good morning ladies and gentlemen and welcome to elastic on Gov summit now please welcome to the stage founder and CEO of elastic shy Bannen hi everybody thank you very much for being here I think every year we about double the number of attendants here which is pretty exciting and I think I've said it last year as well this is where we held our first I'll have to go on tour ever and I still remember staying up until like very late at night trying to hack on the keynote and try to make it work now we have a very talented team get much nicer as you saw so let's get started we have about 30 minutes for my session and then afterwards we're gonna go over the various products and solutions that we have but let's get going so one of the things that we do at elastic that I'm really proud and I think that that's one of the unique advantages that we have as a company is that when we look at data and when we look at use cases we look at them through the prism of a search box and the benefit of looking at them through the prism of a search box allows us to really look at some situations in some use case slightly differently and hopefully through that being able to provide tons of value to you our users and when we started you know I wrote way way back the first few lines of code or Vlasic search and the goal was really to allow for a very flexible search engine that allows you to put any type of data into it and then being able to go and search on it and this search is a very powerful experience if you think about it every single day that you wake up in the morning you've probably been welcomed by a search box whether now it's the address bar on your browser or any type of app that you open and that search box is in front of you and elasticsearch probably there's a good chance that it powers most of these search experiences and they're very powerful they allow you to be in control of your data versus the data being in control of you then it never stops for us when it comes to search engine it's about the experiences that you as a user has so when we created the company when we started our asset search we very quickly joined forces with Teavana in order to be able to build a visualization layer and allow you to really extend that search box to a level that you can go and experience search in a in a curated way through qivana whether it's dashboarding whether it's custom visualization whether it's whether it's really advanced expresses that you would have when it comes to interacting with the data and it's not only then it's about also collecting data so even though a large Church has API is you can actually stream data into it we want to invest it quite heavily in two components logstash and beats that allows us to productionize the way of shipping data into the stack but at the end of the day the elastic stack or the ELQ stack is just a stack it's a pretty generic search engine pretty generic visualizations that allows you to do something with it but when we look through a search box we look through it through a use case again like that's one of the aspects that I think really allows us as a company and as a set of products to make you the users successful so we started look at it through a search box and we say okay what would it mean to take a search box and put it on top of a website inside search you want to go and allow our users to go search on a website what does it mean to take a search box and put it on an application in your phone in your internal company what does it mean to take a search box and put it on top of your corporate data sets in Enterprise Search and all of these in all of these use cases our products have become one of the most popular search engines of search experiences that you would have today we power almost any type of search box that you can imagine including Wikipedia for example any app that you open on your iPhone or your Android is probably powered that search box is powered by elastic like uber and most of the enterprise search products out there including ours is powered by elastic search that allows you to search through corporate data so when we go into a use case our goal is always to be the best and provide our users with the best experience possible that's what we double download these experiences that you would have now when we created elastic again the goal was not to go and create an enterprise search company and our users have innovated and said ok like there's a space that we have that allows for application they create this thing called logs this information and all of that information ends up being increased and increased these logs increased in size and our users and our community said ok like we want to create an open free and hopefully very fast search engine that allows you to search on these logs on this information so we became and we double down on it and we invested in it then we became one of the most popular if not the most popular logging solution out there in the world today and the reason why we became that is obviously our investment in community free and open so this ability to go and give our products and our you and give our products to all of our users that allow them to experience it but also because the product was so good the product was fast the data volumes were growing and the ability in logs to be able to go and find that needle in a haystack that error that is eluding us that causes the systems to be down or an application to not be you know to fail that's super important but also take a really high level view and being able to aggregate tons of data and being able to go and visualize it and aggregate it in - morning and other aspects so we build on top of the stack but also go deep within this logs use case up to a point where we are now the most successful logging solution out there in the world today but when we looked at logs we always look at it again through the prism of a search box and we said ok logs is actually just one data stream in the life of an Operations person in the life of a dev a person and it's only one part of the equation when it comes to making sure that you're successful as an operation person and if you're an operation person who's sitting there and he's saying I just want to know if my infrastructure is up I want to know if I have an application and what are they behaving what are they healthy I want to know if something is not working how quickly can I go and fix it and logs aren't only part of the equation so for the past few years we've really invested in making sure that we bring the other data streams into the equation and provide you with a single holistic view into this operations experience now we didn't know how to call it back then but we knew that we wanted to provide you with all of that information we got into the metric space how do you collect metrics next to your logs in order to provide you with this breadth of information and we joined forces with an APM company and now we have a fully featured APM product as well the ability to go an instrument an application so instrument an application collect the metrics and statistics about an application or environment and collect the data that it generates in logs to be able to provide you with a single view and we are one of the only companies in the world today or the only product stacks in the world today they're providing with these three capabilities in a single technology stack and that's super critical because if we really believe that the story of what is has become known as observability is true then you want to have all of that collapsing into a single technology stack that you can weave between these use cases as a user and we've been investing in this space and you hope you'll see tons of demos and discussions about it and and I'm really but I really believe in this observability movement and I'm happy to see it being realized and being discussed by our user base and by the community the operations community in general now when you look at logs if you take a right turn then you get into the observability space you want to monitor your infrastructure your monitor your operations and make sure up if you take a left turn you quite quickly be get into security so the ability to go and look at logs not necessarily as operational data but as security events and sometimes most of the time they're actually the same data is super critical for your organization so the ability to go and find a needle in a haystack being able to find that anomalous event that represents someone potentially hacking your system the ability to go and look at tons of data and aggregate it into a high level view and to be able to get an insight into your system from a security posture perspective that's also super critical to your system and our users and our community especially in the security space have taken the stack and our investments in logs and started to use it in the context of security which is amazing and even before we started to get into what is known as this SIEM the same space we've already been embedded and being used as one of the leader vendors in the threat hunting threat hunting solutions of threat hunting use cases in the world today and why is that as I mentioned data volumes are growing significantly and you need the ability when something happens to go and have an interactive session with the data to be able to go and try to find what is going on and every single minute that passes its a minute that you should allow someone to be in your systems and users have obviously gravitated towards the tool that provides them with the best possible experience that they would have to be able to go and solve that data and that ended up being our stack they had experience with it in the context of logging the fast and interactive experience that you had that the users have with that and started to use it in the context of threat hunting now if you think about threat hunting this is typically the top of the spear you would take a system and store tons of information in it in the context of sim to allow you to provide multiple use cases or or multiple support for that and one of them is now Paul you want to have a chat box for certification another one is you do want to do vulnerability management but really all of that ends up coming up and really summarizing in this pinnacle of threat hunting that's when something bad happens and you really want to go and try to hunt and that's where we are and that's what we exist today and we created this same application and this same solution in elastic today to really cure it for that use case and then as we grow and enhance we will then go and support all the other ones vulnerability management threat Intel integration certification management and all of that but we really want to make sure that we focus on the most critical use case that you have today and be the best there and then expand from there and as you can see we've proven that we've done it in a p.m. in metrics in other use cases but our goal is definitely to be the best in each use case and grow from a former place of strength and that place of strength in the context of security is obviously many people of view that exist here today that use us in the context of threat hunting but again like when we look at a use case like security one of the benefits and something that is you know reminds me a lot when we looked at the logs use case we take a step back and we look at these use cases and we say what can we do more how can we provide more value to you the user and you look at the SIF space and one of the wonderful thing it's like it's in the center of all these data stream coming in network data endpoint data API data APM data sometimes and really you want to go and take that information and put it in a single place and we'll look at one of the most common places where you would collect security data ends up being the endpoint you have an endpoint security product that is hopefully protecting your system at a very good had provides protection and a very good capabilities but also instruments to a level where you can generate security events that you would want to then centralize into a single place so when we looked at it and typically what we do in elastic we don't look at necessarily lines that exist between use cases we want to take these lines and fold them together and we know about many different companies that end up using us in the context of security because we are being embedded in it and we decided together with the team at endgame to join forces with one of the best endpoint security companies in the world today and that company is endgame and we're happy to now that the transaction is finally closed we're happy to announce what we're going to do here but first let me welcome Nate on stage he's the CEO of endgame to talk a bit about the history of endgame and then hopefully demo the product as well Nate great sorry good morning everyone as I said my name is Nate Fick I'm the new general manager of elastic security for the seven years before that I was the CEO of endgame and so it's a it's a an exciting day for all of us on the endgame team to be here and it's really gratifying to look out here and I see I see a bunch of endgame customers in the audience and users I see many members of our team and of course many members of our new team at elastic and as Shai said the natural complementarity here was really strong we at endgame like many of you have been elastic users for a long time and games built on elastic and so we we love the technology and we've been fans for years we saw elastic beginning to make forays into security and had a lot of conviction that elastics technology applied to security it could be incredibly powerful and so it's hard to believe it was only six months ago that she and I had our first conversation where I said hey we're big elastic fans seems like you guys could do a ton in security and he said we're doing a lot in security and and very quickly it became clear that our culture's were aligned and our visions were security were aligned and so once we clicked at that level the rest of this was was pretty easy and obvious and endgame of course has been in security for almost a decade and much of that was right here in Washington we got our start actually in the federal market and most early stage software companies tend to stay away from government right these are hard use cases long sales cycles high degrees of customization sometimes but in security I would argue there is no better customer than the government supporting government missions is hugely galvanizing for teams and the government for better and worse is among the most attacked institutions on the earth and so it's a terrific place to build a very sophisticated very capable security product we got our start supporting intelligence community and DOD missions overseas and actually came to believe and really understand that a deep understanding of offense is a great enabler of defence and that early experience is still a core part of our DNA we went from that set of missions to hunting as the methodology of threat hunting became more prevalent and and frankly hunters were looking for a product that they could use to conduct their missions over time endgame grew to equip many of the hunt teams across different parts of the government and then we saw hunting as really a use case of EDR of endpoint detection and response and we saw EDR and EPP endpoint prevention coming together and users said hey what I really want is an easy to use technology that's going to stop the bad thing from happening and I need to recognize that I can't stop everything so when an attacker does get through those Prevention's I need a way to accelerate an East detection in response I need a way to empower my hunters to get out across my environment and look for a resident adversary that might be there undetected and so that's how we migrated really from red to blue from hunting to converged EDR and EPP and based on that experience we built a converged endpoint platform unifying prevention detection response and threat hunting in a single agent and then delivering it in a hybrid way for customers with cloud environments or customers who had a disconnected use case and you know we used to joke at endgame we needed a product that was going to work from Starbucks to submarines and so that was the mission we set for ourselves again evidence of why the government is such a terrific early customer for security companies so the endgame platform is distinguished by three things by high efficacy by ease-of-use and by this ability to operate with high fidelity and disconnected environments so efficacy speaks for itself right it has to work that's it stable sticks and fortunately time and again we've been validated in customer environments and independent third-party tests as having an extremely high efficacy product second it's got to be easy to use we all hear about the endemic talent shortage and security and the expertise in this room notwithstanding you are rare people and spread across the world exceedingly rare and so we needed to attack that talent shortage on the demand side not on the supply side and training and and and equipping people that's great but attack it on the demand side by building a product that was easy enough to use that more and more people could be capable defenders and frankly we had fun with this we built the industry's first natural language interface in the end game platform and we called it Artemis after the Greek goddess of the hunt and one year we even connected it to two Amazon's Alexa to let people use voice commands to to power the platform and that I admit was a little bit of a stun but still the natural language interface is a huge and compelling piece of what we do in order to make the product easy to use and accessible to more people and then third protection and disconnected environments obviously an important feature for federal customers who live in an air-gapped world but also important across large portions of commercial enterprise environments where an employee takes her laptop and goes to a coffee shop or takes a laptop and hops on an airplane or a supply chain that might extend across numerous intermittent low bandwidth or disconnected environments and we needed a product where you could unplug that end point and still maintain high fidelity protection that product no surprise meta-major need in the market and it was very well received so time and again in independent third-party tests the end game platform performed well we were in the upper right hand corner of the quadrant for NSS Labs with high efficacy and low total cost of ownership we debuted in a strong visionary position in the Gartner Magic Quadrant for endpoint protection we were really excited to collaborate with mitre early in their decision to build out the attack matrix and begin evaluating products and if anybody from lighters in the audience were huge fans of what you do and an FFRDC taking a position in evaluating products and a truly independent truly credible truly third-party way is exactly what this industry needed so more power to you and please keep it up beyond tests the product was validated in customer environments and we went from federal customers to hundreds of enterprise customers across you know wide swath of the economy from major league baseball to Boston Children's Hospital to Texas A&M and across all those customers end games always had one mission and that mission is to protect the world's data from attack and we've been proud of the job we were doing and we realized that we couldn't actually do it all ourselves so endgame was known for great prevention great detection and response and we looked at the year ahead or the years ahead and appreciated that security like every problem is increasingly a data problem and we needed a way to ingest analyze and search large volumes of security data to do it in a cost-effective way at scale quickly and reinventing the wheel it's usually not a good business strategy there was no more exciting and more compelling way for us to bring together best in breed technology than to combine the best endpoint with the best search and so elastic has reinvented how people store access and analyze data in search so now as we bring these things together we have in games Prevention's across a whole suite of of vectors on the endpoint from ransomware and phishing to malware and exploits fireless attacks and a whole set of custom Prevention's and we're marrying that to centralized storage Anila analytics the kind of centralized storage and analytics that are actually necessary to stop the most sophisticated attacks today and again elastic is the best in the world at ingest storage and search right so we're vertically integrating the endpoint with that storage and search the elastic sim and trying to really make good on a core conviction of ours that complexity is the enemy of security and so an elastic security one vendor product prevention analytics detection response and orchestration delivered in an easy to consume easy-to-use fashion and so that simple vision is what got us so excited about what we could do together and I'm glad to introduce my colleague Mike Nichols our head of product at endgame and now at elastic security to show you the product thank you thank you so much Nate and hello to this amazing room as they said I'm Mike Nichols the product leader for security and elastic and for the past four and a half years a product leader at endgame and what I want to do today is walk you through a day in the life of an analyst using the new elastic security platform so I'm Jane and I've logged in today to start my day like any analyst would and take a look at my alerts and when I jump into the alert dashboard I'm gonna notice that I have an alert assigned to me in this upper left hand side this is part of the workflow we have where managers can assign alerts to different analysts to digest in the environment so let me jump into this alert and I'm gonna look a little bit into the actual comment here to see what my boss asked of me so here's an my boss and she says hey you know this looks a bit strange I think it might be spear phishing can you figure out like if this is actually malicious and if anybody is an analyst I was an analyst in a previous life this is like all too familiar right you do this 100 times a day over and over and over again it's is this really bad how did it get here what did it do and of course the most important thing which we're excited to bring to elastic now fix it right response capabilities how can I actually stop this problem so we walk through those different steps and show you how easy it is to use now in elastic endpoint security so the first question of course is you know what is this thing like I have an alert great you know I get alerts all the time is this actually important well what elastic doesn't we put a plain English conversation up here at the top it says what this thing actually was in this case malware score which is our machine learning model that lives on the actual endpoints found a muchas macro and this is really important they mentioned phishing prevention and it's something we we push for pretty heavily about a year and a half ago as we saw less and less software exploitation you know zero day exploits because they're expensive and once you once an adversary uses it it's burned and more and more user exploitation because it's cheap and users always click right they always say oh go ahead so the you know sending somebody a juicy looking document and saying hey run this thing there's sure I open that up I don't know what macros are I'll hit it and in fact the system it became a really prevalent way if you go to any apt report or any threat report it usually starts with the user click the spear phishing email so we want to put a thing on the endpoint that he'll prevent that and this is a machine learning model that actually is able to prevent those moshus macros in this demonstration though I put everything in detect if it's been prevent it's pretty boring right to stops everything which is probably cool but in this case everything is in detect mode so let me pretend that I didn't stop it and it actually were in the mostess macro ran i mike nichols product leader at security I trust endgame right I trust what we do is say sure this is definitely bad but Jane she's a little skeptical right she gets alerts all the time and she's like I don't know it's just really bad and this is were the power of the coverage that elastic provides it's really important it's not just initial access it's not just what typical antivirus provides if malware or something like that we go far deeper across the minor attack matrix so we're covering post exploitation far beyond that so if I go up here and I see at the top it says I have 18 total hits if I click that you'll see this left-hand pane changes when I scroll down I see besides malware a whole bunch of post exploitation mitre attacks like circular field being used to decode files weird MS Office processes run DLL being executed a bunch of stuff that goes beyond that but I'm a visual guy right I'm a visual learner so if I just click this expand all and show you the breadth of resolver and look for just red boxes there's enough red boxes here for me to be worried and go that's a something's bad is happening right there's a lot of indications across this entire attack that tells me something bad is in the environment I don't know what yet but I want to stop the bleeding right the first thing I need to do is sort of batten down the hatches and this is the power now we bring to elastic you can actually respond I'm gonna show you with one click though I can go up here and say take action isolate host yes that's it now if I watch here if I'm fast enough to see this little lock will pop up but it's already done so you see the lock here where it says endpoint it's already what we've done is we've send a command down to the colonel level agent on the system to lock network communications completely on that box so the adversary cannot communicate they can't destroy or steal data but the platform the elastic stack can still communicate into its forensic activity in fact you can open up other things if you wanted to dynamically so you've been able to figure out there's a problem lock it down and now you can pass it off to your team to say ok I didn't lose any forensic artifacts I didn't crush this thing but I did block the adversary from stealing or destroying data and now I can do the rest of my activities rest of my forensic analysis without the fear that data is being bled out to some somewhere else all right so now I have to figure out you know what happened how did this happen what did it do let me pull this back up into resolver the resolver is really our our pictorial way of describing the timeline that sequence of events and hopefully a pretty simplistic way for the user the first thing is just a big red box here on Outlook tell me something bad happened if I click on that outlook it's gonna tell me that there was a email called upcoming Defense events if I actually go back to this alert you see this was the file was a spreadsheet that was open that I say had that malicious macro let me see what that look did outlook first open Excel that seems normal right Excel opens up as how I view a spreadsheet but what happened after that well mrs. strange Excel opened Excel why would Excel open itself and then Excel also opened something called circuito I don't know what that is and J something something that exe that doesn't sound right either why is Excel opening all these things well let me a momento this from it I'm gonna go to the end and then I'm gonna back into it this is actually an apt 28 attack which is a allegedly Russian military intelligence nation-state that you might be familiar with from the supposed DNC attack that happened and this is very sophisticated and the reason I'm showing it to you is not because I think everybody needs to be scared of advanced persistent threats but I do think you need to worry about the fact that they are very experienced and talented development shops that are building techniques and tactics that are being quickly federated down to crime where groups you know we see people like fin 7 and others adopting these techniques almost instantly once they're being used so even if you don't have to worry about ABT's you've got to worry about 8 what apts are building and developing so we see that it's Paul's Excel the reason it does that is because to the end user when this when they first Excel opens and runs all this bad stuff it spawns an actual spur so what the user goes oh look it's a spreadsheet cool I don't need this anymore and they closed it but they're not worried about it they don't have to go call the help desk because this looks like it was normal but meanwhile a bunch of badness is happening circ utils actually a built-in Microsoft Windows application and again the adversaries know what you do they know you have a bunch of technologies that are looking for bad things that happen on the endpoint so instead of bringing in their toolkits they use the built-in Microsoft stuff right Microsoft Windows is one of the best exploit kits in the world hit it's all this fantastic technology that you can use cert utility code files so what was encoded in Excel is now decoded and executed as J for whatever dot exe and ultimately they run inside of run dll 32 they actually use run dll to launch a malicious DLL again hiding themselves by not launching an actual application I'm gonna go a lot deeper in this actual attack I have a 30-minute breakout session later on called security starts at the endpoint at two o'clock happy to go more into this but I want to show you quickly how if I were to say something like well what's the C - well here's DNS right here we capture all the DNS entries I can actually click and see what it is don't go here this is actually the most you see - but there's lots of other data I can take an action and pivot on any of these for example this file I wanted to grab I can actually click here and download this malicious DLL right from this box and actually have that for my friends at analysis and of course as we mentioned Artemis I can actually ask our des planning those questions like search for this malicious thing and it's gonna say hey I'll do that for you I'm not gonna do that right now in the interest of time but again I could show you in the breakout session we also have an AMA booth and a demo booth as well in that other room if you want to talk more but again in one glance what I hope you can solve quickly here is that I is a junior analyst was able to determine is probably pretty bad lock the box and nothing gets stolen or destroyed at least Payton pasted together a pretty sophisticated story of an advanced adversary and have enough data now to move into the next stage of building a response or remediation plan and guess what you can actually respond and or mediate now from elastic but what if it happened and I wasn't actually already installed or what if I didn't find the threat well this is where we get into threat hunting and again we have now built into elastic endpoint security automated threat hunting where I can click in here and let's imagine I just did a one-click hunt I'm now finding an already injected attack so this is that same attack injected into run DLL 32 running in run GL 32 I did this by doing automated memory analysis with one click across all my endpoints I did memory forensics and brought back the data and told you here's where the problem is again thread hunting at scale in an extremely simple way for the user and that's not all of course cuz you know that's all great we can find these advanced problems we can stop them we can respond to them but also now that were part of elastic we have all the goodness that elastic brings with it as well so all of our data all of our security data is being ingested in the elastic stack in ECS elastic comment schema format so if you want to do something like build an amazing dashboard well you can have that data available right here in canvas you can make your own customized dashboards how many people have gotten a security product it has like two installed reports and like I want more than this well you can make whatever you want now in elastic what if you want to use other parts of elastic how about the sim now if if an attack spans more than just my single endpoint expands the enterprise I can use the power of sim to find uncommon processes to find anomalies and to use all the breadth and power of that search technology that Cheyenne Nate both talked about and again there's more and more stuff here here's your custom dashboards here's a custom dashboard we built for thread hunting to look for things like strange PowerShell and strange logon processes and of course just the power of discover that ability that actually search you know the average dwell time an adversary is about a hundred days but endpoint vendors are giving you seven days or less I mean that doesn't make any sense right now with the power of elastic you can search and store and get answers back instantly across you know six months of data years of data why not that's the power that we bring when we put Mary endpoints with elastic so I hope you can come see more of what I to demo this again we have a demo booth in ma me and AMA booth as well as a 30-minute breakout session about endpoint security I'll be happy to go deeper into mitre and the rest of what we cover hopefully recited enough about this to see us and talk more about it and I'd like to bring Shai back up to talk more about the merger thank you [Applause] thank you so one of the ways that I'm excited about the Nate and Mike talked about it is that when we try to think about how do we bring value to your youth to you users I'm as excited about bringing these great products to market but also just bringing the security DNA just like get people into elastic that really understand the security space really understand your needs when it comes to solving the most challenging and the most mundane security challenge problems that you have today and try to build the products that you want so what do we announce today as Mike said we announcing elastic endpoint security so its endgame the product itself that you can go download and run yourself or deploy on cloud by reaching out to us and it's already pre-built integration into our stack so it streams all the security data that you get from the endpoint streaming it into our stack into the elastic stack and being able to use it whether it's in same whether it's in dashboarding whether it's in many of our various integrations and I'm super excited about it as we think about this endpoint security market we look at it from I look at it at least from a we look at it from different prisms the first one is well obviously if you want to go and implement a security use case you need the best threat hunting tool in the world today we're together with one of the best endpoint tools in the world today and we're marrying the two together we're breaking these lines we want to make sure that endpoints are the same are actually the same thing that you as a security professional we're trying to solve which is like prevent people from doing bad things in your company or in your organization the other one that we're thinking about a lot is how do we make sure that every single endpoint in the world today is protected and we really want to bring all of that technology to you the user and when I look at it even in our company so first of all when you observe when you go and install something to collect information from laptops from servers why not protect while you observe why not protect if you already have something deployed let's make sure that we protect they try to prevent as much as possible but also collect all the data that is needed for further investigation and for the threat hunting more than that you deploy things on your laptops these endpoints are allowed to prevent what about your servers so when you go and deploy and many of us including our company have many servers and after seeing all the capabilities that endgame provides or a good end point system has I'm almost like wherewhere where are we installing these endpoints on our servers as well and this is critical because on the server's you have all of our agents elastic agents that collect logs and metrics and APM and we say why you'll observe why not protect why not protect the servers as much as you protect laptops and as you can see we think and already have the integration that we want but we want to bring it in the future to have a much more integrated solution so we want to bring endpoint security to be really one of the solutions that is built on top of the stack and again like that you will be able to weave between the various solutions and we want to bring endpoint as one of the data sources and they're just core functionality that you would expect from the staff and the team and us are working very hard to make sure that this is the future that you're going to have we're going to have some announcements about it in the upcoming months now let me talk a bit about another area that I think is critical when it comes to using the single technology stack so when we got into the various use cases and various solutions we always look at the fact that data is the most important thing that you have in your system and any other prism to be honest it's kind of like misleading so if you look at for example when we got into site search many vendors will go or many many vendors that you have will go and say okay I'm gonna have query based pricing so the amount of queries that you have that's what I'm gonna price on and we are elastic thing that we you know if you store more data in the system you're getting more value and that's what you're gonna that's what you would should pay for if you store more data in the system gonna have more servers deployed on the cloud or on Purim and that makes total sense for us to then jointly create more value to to solve a specific challenge that you have in this case having a search box on your website and that was I don't know if people remember that was pretty unique and then we took it to app search and we don't do document based pricing I don't remember if you remember those old days where you got penalized because you have more documents in the system or Enterprise Search if you add more connectors into your various corporate data sets and then you had to pay more in order to do that and we collapse all of that together and said well just pay for the data that you use there's no need to have this fake prison fake areas where you need to pay for that you shouldn't and then when we get into logs we said the same thing we said why why should you pay for various ways of ingest based on ingest data or something along those lines just pay for the data that you use and more than that when we started to get into the observability space we said okay like you're gonna capture metrics why does it matter if you have ten hosts or a thousand hosts or 10,000 hosts now with containers virtualization really why are you being penalized to pay per host so we said the same thing just pay for the data that you actually use and when we got into the APM space the same thing happened we said why should you pay for an application applications today are moving from one big monolith into microservices more and more smaller application that are more nimble deployed on something like kubernetes or containers why should you suddenly go and pay you used to pay for one application and suddenly have to pay for 10 or 20 or 30 just because you re a protected your system and the amount of data didn't change and those are very very strong statements that we're making if we believe that for example in the observability space in logs metrics and APM these things are folding it's not only that they're folding into a single technology and that's what we're pushing on inelastic but you need to have the ability to move between these use cases easily and that extends to how you package your software and how you price it and then we got into the security space guess what we're not gonna do that so we're not gonna have and there's various pricing models as well in the same space whether it's seat base pricing how many users are looking at the system or again like interest based pricing similar to logging said now just pay for the data that you use if you want to store more data ain't gonna see more value and we're all about making sure that our interests align we do our users when it comes to providing more and more valuable and we always want to give you more as a user and guess what when we got into the endpoint space were saying the same thing why should you be paying based on endpoints if you have a hundred endpoints if you have 10,000 hand points if you have a million endpoints you should not be paying based on endpoint based pricing we don't want to be in your way to deploy as many endpoints as possible to make sure that you protect your organization this is huge you're gonna get put to protection prevention threat hunting and you only gonna pay for the data that you actually store if you store more data and you want to go and threat hunt based on that based on the average well time perfect if you want to store last data that's also perfectly good and we don't want to stand in your way when it comes to adopting one of the best endpoint protection systems in the world today when it comes to endgame so go and deploy it deploy it on servers deploy it on laptops deployed everywhere to make sure that your company is protected and only pay for the data that you end up storing in elastic that's pretty huge we've seen that being manifested in the observability space in the fact that users operations people today don't have to worry about how much do they deploy a system like a PM or agents or post or something like that where it comes to adopting our stack and just making sure that they have full visibility across the whole and some application they'll store data for a day and some application that are more critical they store data for a week or two weeks or a year or many years if they need to do audit and we want to bring the same experience and the same level of flexibility and freedom that you our users should have in the security space and make sure that you are not constrained by that so going back into what you can actually have today one of the best endpoint protection system in the world today married with one of the best if not the best search platform in the world today that has use-cases curative just for you insane and dashboarding and logs and many others and we're going to allow you to deploy both of them side-by-side intimately integrated so you can stream all the raw security event that comes from the endpoint directly to the stack and all of that is going to have a pricing and packaging that does not include endpoint based pricing which is pretty huge in this space again and in the future I mentioned the future I'm super excited about that as well but focus on today and what you're gonna get and everything that you saw in the demo is available and you can go and register and ask for a demo or an installation and we'll go here and we'll provide it for you so I want to say thank you very much for being us with us today in this announcement this ends the announcements in the live stream so thank you everybody for signing in and and watching us and now we're going to continue with the rest of the talks that we have I welcome everybody to go and see the end game and our security future talk to our team many of the end game employees and now elastic employees obviously are here we're both very excited we're all very excited to get really seriously into this security space and making sure that we'll provide you with the most value that you can and we that I'll hand it over to you Kevin our VP of engineering to make sure to cover the elastic stack Kevin thank you [Applause] hi everybody I'm Kevin Klug I manage engineering at elastic and I just want to say I I know there's a lot of you standing in the back there's

Info

Channel: Elastic

Views: 10,613

Rating: undefined out of 5

Keywords: elasticsearch, endgame, endpoint security

Id: flKVDE33Q44

Channel Id: undefined

Length: 53min 1sec (3181 seconds)

Published: Tue Oct 15 2019