Elastic Security combines the features of a security information and event management (SIEM) system with endpoint protection, allowing organizations to detect, investigate, and respond to threats in real time. This unified approach helps reduce complexity and improve the efficiency of security operations.
Elastic Security is highly flexible and can handle large loads, with customizable dashboards and machine learning capabilities. It is open-source and free to use, with good technical support and a helpful community. The search function is particularly helpful due to its speed and ability to search through terabytes of log data. It integrates well with other solutions, such as the ELK Stack. The solution is also praised for its prevention methods and incident alerts, as well as its flexibility and ability to monitor application performance.
Improvements needed for Elastic Security include better pagination for the logs list, improved permissions management, simplification of the setup process, more automation in responding to detections, and a simpler user interface. Others noted the need for better premium support, improved documentation, better integration and graphical interfaces, more features for Linux, more clarity on space utilization, and more out-of-the-box use cases for SIEM. Additional features that would help are more advanced modules in Logstash, and improved troubleshooting and diagnostic tools.
Users mention that the product efficiently identifies bugs and provides a return on investment. It is also noted that a good return on investment typically becomes apparent within one and a half to two years after deploying Elastic Security.
Elastic Security offers a transparent pricing structure typically without setup costs, ensuring a seamless integration process for users. Pricing methods commonly revolve around a subscription model, allowing businesses to customize their investment based on usage and features required. Costs vary depending on deployment size and specific needs, catering to diverse organizational budgets.
Elastic Security is used for logging application logs in a microservice architecture, managing logs and time series data, collecting logs from Active Directory servers, log management, and analyzing logs for security teams. Other use cases include threat hunting and identification, and as a SIEM for monitoring client environments, and application performance monitoring.
Some users have positive experiences and find the support staff knowledgeable and helpful, offering support throughout all project stages. Others have had negative experiences with premium support, finding the staff unresponsive and unhelpful. Some users rely on community support and documentation, which can be helpful but may take longer to resolve issues.
The initial setup for Elastic Security depends on the user's technical knowledge and requirements. Some find it straightforward and easy to implement, while others find it highly complex and challenging. The documentation is sometimes lacking, but the product has a large support community. Maintenance requirements vary depending on the project.
Elastic Security is highly scalable. It is easy to expand according to need, but doing so my require a certain level of skill, and integration with other products may be a bit difficult.
The stability of Elastic Security varies depending on factors such as proper configuration and upgrades. Many users find it to be stable and reliable, with few bugs or glitches.
Additional offerings and benefits:
Finally, Elastic Security benefits from a global community of users who contribute to its threat intelligence, helping to enhance its detection capabilities. This collaborative approach ensures that the solution remains on the cutting edge of cybersecurity, with up-to-date information on the latest threats and vulnerabilities.
Elastic Security was previously known as Elastic SIEM, ELK Logstash.
Texas A&M, U.S. Air Force, NuScale Power, Martin's Point Health Care