SIEM Player Elastic To Buy Endpoint Security Firm Endgame For $234M

Combining Endgame's endpoint protection, detection and response expertise with Elastic's security information and event management capabilities will help organizations extend threat hunting to the endpoint, the companies say.

Open-source search technology company Elastic plans to purchase next-generation endpoint protection company Endgame for $234 million to bring a comprehensive security offering to market.

The Mountain View, Calif.-based company said combining Endgame's endpoint protection, detection and response expertise with Elastic's security information and event management (SIEM) capabilities will help organizations extend threat hunting to the endpoint. The deal is expected to close in the fourth quarter of 2019 and is subject to a shareholder vote.

"We are very aligned on a go-to-market strategy and building solutions that combine our search technology with Endgame's endpoint product to give users the best possible threat hunting, SIEM and endpoint experience," Elastic founder and CEO Shay Banon said in a statement.

Sponsored post

[Related: Elastic, Developer Of Popular Search Technology, Files For IPO]

Endgame was founded in 2008, employs 154 people, and has raised $111.4 million in five rounds of outside funding, according to LinkedIn and CrunchBase. Elastic's stock fell $1.87 (2.28 percent) to $80.02 in after-hours trading Wednesday.

Endgame CEO Nate Fick said organizations have been able to use the company's product to successfully stop targeted attacks, reduce the time needed to detect attacks, and cut operational costs.

"We've built an endpoint security platform that simplifies security so that all organizations can prevent, detect and respond to attacks," Fick said in a statement. "By joining forces with Elastic, we will be able to take our endpoint platform to another level, integrate with their SIEM efforts, and give users everywhere in the world a complete security solution."

Endgame already embeds Elastic's flagship Elasticsearch product as it main data store for alerts and investigation workflows, Banon wrote in a blog post. Elastic's Beats agent-based technology is already used for functions ranging from network packet capture and logging to metrics and security audits, Banon said.

The endpoint agents from Endgame fit nicely into the paradigm of agents shipping data, Banon said, and provide protection against modern attacker techniques. Beats agents were already being used beyond just server-side machines and have been installed on many different types of endpoints, including workstations, according to Banon.

The Elastic Stack has been used for a couple of years as a place to collect, store and analyze security-oriented data, and was adopted by the security community as a SIEM and threat hunting tool long before Elastic made significant efforts in the space, Banon said. Ultimately, Banon said Beats will form a foundation to ship Endgame's endpoint data into Elasticsearch.

"The combined force of Elastic's powerful search technology and Endgame's award-winning endpoint security offering gives customers unparalleled insight into their data for maximum protection," Endgame CTO Jamie Butler said in a statement.

Elastic has been working to expand its products to have more and more SIEM features, according to Banon. Endgame customers, meanwhile, will be able to deploy the Elastic Stack next to Endgame's endpoint product to extend their threat hunting and SIEM capabilities, Banon said.

The Endgame deal comes just eight months after Elastic completed a $252 million initial public offering. The company has made six acquisitions since being founded seven years ago, according to CrunchBase.

The acquisition by Elastic positions Endgame to be the fourth next-generation endpoint security vendor to exit the venture phase since the start of 2018. Competitor Carbon Black hauled in $152 million in a Nasdaq public offering in May 2018, while rival CrowdStrike has proposed going public in a Nasdaq offering that could be worth up to $476 million.

Endpoint security competitor Cylance, meanwhile, was scooped up by BlackBerry in February for $1.4 billion. One endpoint peer remaining on the VC track, though, is SentinelOne, which on Wednesday closed a $120 million Series D round led by Insight Partners.