Elastic Security performance in MITRE APT29 evaluation

In April 2020, Elastic Security, which includes endpoint security, SIEM, threat hunting, and cloud monitoring, participated in MITRE's APT emulation round 2, focusing on evaluating detection capabilities against APT29 techniques. Elastic Security excelled in the evaluation, identifying 100% of the attack steps and over 90% of the sub-steps, demonstrating its ability to eliminate blind spots and provide actionable telemetry, even as adversaries use techniques like PowerShell and WMI to evade detection. The evaluation, which aimed to assess visibility across a single attack rather than make direct vendor comparisons, reinforced Elastic’s mission to provide accessible security solutions by leveraging the Elastic Stack's capabilities for massive-scale data ingestion and analysis. Over the past six months, Elastic Security has made significant advances, including eliminating endpoint-based pricing and integrating new features, while being recognized as a strong performer in enterprise detection and response by Forrester. Elastic continues to work towards a unified security solution, inviting users to stay informed about upcoming developments.