Elastic Security Reviews

This is a log aggregation tool and we are using it for security purposes.

There are 145 pre-built use cases, but we are still making some ourselves. One we built is an alarm for log deletion. For example, if a hacker tries to delete the log from a bank machine then it will raise an alarm immediately. A second use case is an alert for too many false login attempts, perhaps indicating a brute-force attack.

The most valuable feature is the speed, as it responds in a very short time. I think that the alerts are generated in less than a minute.

It is very easy to set up and doesn't take much time.

There are sensors called beats that have to be installed on all of the client machines, and there are seven or eight of them. As it is now, each beat needs to be configured separately, which can be quite hectic if my client has 1000+ machines. It would take a considerable period of time for us to complete the installation. They have begun working on this in the form of agents, which is a centralized management tool wherein all beats will be installed in a single stroke.

The training that is offered for Elastic is in need of improvement because there is no depth to it. It hardly takes 15 or 20 minutes to complete a training session that they say will take two hours to finish. Clearly, something is missing. If a new engineer wants to work with Elastic then it is really very hard for them to understand the technology. 

I have been using Elastic SIEM for two or three months.

This is a stable system and it has never crashed.

Elastic SIEM is definitely stable. We have just started working on it, so we have no more than perhaps 100 users at this point. At the same time, we are confident that it can be scaled up to any extent.

I am satisfied with the technical support.

The initial setup is easy. The length of time for deployment on a machine depends on the configuration that is required. If it uses all 145 use cases then it will take a long time. If on the other hand there are only a small set of use cases, it will be very quick. I would say that it takes no more than 30 minutes to install one.

I have personally worked with Splunk in the past, but here at this company, they only use Elastic. I believe that one of the major differences between these two is the pricing model. With Splunk, it depends on how much data we are ingesting. For us, it is approximately 500 GB per day. Elastic has a different pricing system that is ultimately cheaper.

One of the advantages of Splunk is that they offer extensive training that is free of cost.

My advice to anybody who is considering this product is that it is a very competitive tool that is very new in the market and the vendor is doing their best to improve services. I highly recommend it and suggest that people choose it without a second thought.

I would rate this solution an eight out of ten.

Elastic Security makes data communication easier.

The solution should generate an automatic product that integrates with ELK Stack to use artificial intelligence.

The solution is not expensive and costs around ten dollars a month.

The solution allows you to generate alerts. You can automatically detect and configure mail in some addresses and automatically identify the identity that you have in your system. This is important for confidentiality in order to control the risks in identifying the users. The solution also uses artificial intelligence to identify anyone using your system.

We use the solution to monitor the activities of the people in the organization to prevent attacks in a controlled environment. We use the tool to observe the behavior of attacks and how to mitigate them. Today, security is more important than people know. You need to know who has access to your network, repository, or cell phone.

Overall, I rate the solution ten out of ten.

I've been using the Elastic solution primarily as an IAM solution. It helps in threat-hunting investigations and provides case management and security incident management.

The general process involves collecting all security events on a data platform or a data lake. These events are then processed and analyzed based on threat perception, comparing them against known attack vectors. Events identified as potential threats are tagged accordingly. During analysis, data enrichment may be necessary to enhance understanding. After tagging threats, the analysis is forwarded to a threat-hunting team. A security incident is created if there's no existing solution, and a case analysis is conducted to find a solution.

Elastic provides the capability to index quickly due to the reverse indexes it offers. This data is crucial as it contains critical information. The reverse index allows fast data indexing because of Elastic's efficient search engine.

After the initial processing, Elastic Search offers rapid access to data and indexes. Additionally, Elastic provides a feature for root cause analysis. In this process, various threats emerge. Relevant events are properly linked, suppressing unnecessary ones. The correlated event is then passed on to root cause analysis, aiding in pinpointing the specific problem area.

The solution lacks discovery. With effective discovery and asset management in place, you can identify the impact of threats. Having an asset management database allows you to determine the effects of threats on assets and their implications for business and operational aspects. 

I have been using Elastic Security for five to six years.

The product is stable in large energy utility environments, where it handles millions of transactions per second, both on-premises and in the cloud.

Scalability occurs on the elastic cluster side because the basic ingestion happens on the cluster side. With increased volumes, your cluster should also be able to handle more, or you must provision additional clusters to handle the workload. The solution is entirely scalable. Elastic operates on an in-memory computing basis. A perfect ratio must be maintained during the data retention period. The Elastic infrastructure is set up in a way that provides input and handles the data lake comprehensively. It's more of an infrastructure-level scalability rather than a solution scalability.

The basic support always comes with a very basic level of SLAs, whereas the premium support comes with advanced or very high SLAs.

Elastic is replacing solutions like Splunk and IBM QRadar.

The initial setup is straightforward but has complex data feeds ingested into the system. Millions of data points are arriving per second, presenting a significant data transfer rate. Consequently, the system must be appropriately sized and scaled to meet this demand. Furthermore, all data is accessed in real-time, complicating the sizing process.

Elastic Security is open-source. Unlike many older solutions where you must pay for data ingestion, Elastic allows you to ingest data freely. Being open source, you can set up a Kafka front door layer to ingest data and forward it to the Elastic cluster in various formats. Once ingested, the Elastic cluster, essentially Elastic search, manages cluster management automatically. Additionally, being open source, Elastic can seamlessly integrate with any data feeds.

Anomaly detection comes into play when conducting a threat investigation using threat intelligence or querying threats. Typically, security events stem from various sources, such as operating system logs, event logs, application logs, and security logs, all collected from different systems and traffic data. This data streams at an enormous rate, measured in events per second, often reaching millions. Therefore, the task involves running anomaly detection across these events to pinpoint those requiring analysis and further threat-hunting efforts.

If you're using Kaspersky for event management or passing through data stream pipelines, Elastic can convert the data into a usable format for ingestion into the cluster. Integration with existing solutions is straightforward since Elastic is an open-source platform.

Overall, I rate the solution an eight out of ten.

We primarily use Elastic Security as a log aggregator, so we use it like a SIEM. It ingests all our logs and reports on them in aggregate.

We've used Elastic Security to solve some challenges involving various data sources. Things were being logged, but they were scattered around the organization. Elastic has sped up problem-solving. I can also imagine other use cases where we might use it for things that weren't system related. I use it for IT troubleshooting, but you could probably use it for sales forecasting or anything that I could make a data source out of.

Elastic Security gives us the ability to look at more than one source of data. For example, if a Windows client is doing something weird, I can grab all the Windows clients, then pivot to the firewall logs. 

I can look at events from more than one source across multiple different locations and find patterns or anomalies. The machine learning capabilities are helpful, and I can create rules for notifications to be more proactive rather than responding after something has gone wrong.

Elastic Security has a steep learning curve, so it takes some time to tune it and set it up for your environment. There are some costs associated with logging things that don't have value. So you need to be cautious to only log things that make sense and keep them around for as long as you need. You shouldn't hold onto things just because you think you might need them.

I have used Elastic Security for about a year.

Elastic Security support is pretty good. Their support staff seems to know the product well. They provide answers but don't offer much training. They have lots of videos and documentation, but there's not a live person that tells you how to do things. They mostly refer you to the documentation. 

Setting up Elastic Security is complex in some ways. Getting the solution to ingest your logs is the most difficult part. If the logs are of little value or you're holding on to those events for too long, they're not really worth as much. They're not as actionable if they're a month or a year old.

I rate Elastic Security nine out of 10. I can't speak to any of the other security features, but it works for logging and SIEM. 

I use the tool for security operations.

Elastic Security is not good for my company. I also use Splunk. Splunk is better than Elastic Security. Elastic Security is used in our main security systems, and now we also use NetFlow. SPL is better than Elastic Security. SPL is better for creating dashboards. It is very good for creating dashboards.

I want to find an automatic security system in the tool, like a SOAR solution. I am looking forward to seeing a SOAR system in the tool.

I have been using Elastic Security for three years. I use Elastic Security 8.0. I am a customer of the tool.

I am a Splunk customer, but its usage is shrinking in our company. I have hands-on experience with Splunk for five to six years. As a basic enterprise system, Splunk is very good, and it also has many applications, making it a very useful tool. I am trying to find a managed security system. Splunk helps our organization monitor multiple cloud environments. It is not so easy to monitor multiple cloud environments with Splunk Enterprise Security's dashboards. With Splunk, it is very easy to find Azure and Azure API connections, but the versions vary. If the tool's version varies, the system won't work. Once we are able to set up the system, the tool will work fine.

Some application tools should be provided by the maker as they can be very beneficial to us.

Splunk's visibility into multiple environments is to manage the tool in the cloud. I have used the tool, and it has the capability to detect threats.

The product's initial setup phase was done two years ago, and the whole process was not so good, even though it was created with the support team from the project team. My company has a number of servers in the system, but it is not good enough or easy to implement the tool.

I just had one requirement with the product and had to send it across to the tool vendors.

The solution is deployed with the help of Azure.

The product's implementation phase was managed by IIJ, which is a system integrator. The help for Elasticsearch 7.0, but not so good for Elasticsearch 8.0.

The price of Elastic Security is not so bad compared to Splunk. I can say that the product is cheaply priced.

In cyber security operations, I use the tool only for troubleshooting or checking the network traffic. I really didn't really use it for security operations.

I am facing trouble creating a security system using Elastic Search. I am also considering other solutions, like Splunk, but I know that small and medium firms don't contact IBM.

The tool's functionality is good for overall security and incident response times.

I have heard from people that the tool generates results.

I would not recommend the product to others. I would recommend Splunk to others.

I rate the tool a six to seven out of ten.

It is for our own infrastructure. We are trying to do ELK Stack for everything. We are trying to build our own monitoring solution. For now, we are using it as an alerting solution, and SIEM is going to be our destination.

Its flexibility is most valuable. We can have a number of scenarios, and we can get logs from anything. If we know how to use Logstash, we can tweak it in many ways. This makes the logging search on Elastic very easy.

With Kibana, we can make very beautiful dashboards the way we wanted. It makes sense for the business.

We are paying dearly for the guy who is working on the ELK Stack. That knowledge is quite rare and hard to come by. For difficulty and availability of resources, I would rate it a five out of 10.

We don't have any scalability problems as of now. We have less than 2,000 devices.

We have a contractor who is trying to develop and deploy the ELK Stack for us. He has requested a couple of servers, and we have given those to him. He asked for more RAM and storage for the service, and he will take time developing the custom Logstash scripts that we have asked for.

I find it better than Splunk in terms of cost-effectiveness. For cost-effectiveness, I would rate it a nine out of 10.

It is complex, but you just need to have patience and personnel to develop it. Unless you explore a technology, you won't know what are the pros and cons. I have not seen any cons as of now, but it has miles to go in terms of being equal to Splunk. It is a community-driven technology. So, it will get there.

I would rate this solution a seven out of 10.

The product is for use cases involving observability, visualization, dashboards, analytics, and security.

There is a constant evolution in the product. I think that the solution has a strong roadmap in place. I believe that the tool is going to be a leader in a lot of spaces, considering that it is evolving at a fast rate.

From an improvement perspective, the product should be easier to use for those who don't know query language and have experience with only some basic products in the market.

I have been using Elastic Security for more than three years. My company has a partnership with Elastic Security. My company operates as the solution's reseller, and we also manage the tool's implementation.

It is an extremely stable solution. Stability-wise, I rate the solution a ten out of ten.

It is an extremely scalable solution. Scalability-wise, I rate the solution a ten out of ten.

Whether the product suits small, medium, or enterprise-sized businesses is something that would depend on how you quantify your risks. Elastic Security is an ideal solution for anybody and everybody because it offers a free version of the solution. Small or medium businesses can use the free version of the tool. The solution has very comprehensive capabilities in the free version itself. Enterprises, large corporations, and government organizations can use the tool's paid version because it supports a lot of features from an analytical perspective. The free version doesn't have many analytical features in it. People who want to have a cybersecurity solution in their environment, which may not be specifically Elastic Security, should know the roadmap and the vision, along with a plan on what they want and how they want to go about with the product they want in their company to see where they want to end up in their cybersecurity journey. Your investments will make a lot of sense if you have a clear vision in mind.

Elastic Security is not an ideal product if you are trying to do something very simple or basic with some check mark activities or an audit to show someone that there is some technology used in the company.

I haven't had any single customer of my company telling me that the support of the product is not good. I believe that the product offers great support. I rate the technical support a nine out of ten.

Positive

I have experience with Elastic Security, Rapid7, and IBM.

I rate the initial setup phase a six or seven on a scale of one to ten, where one is difficult and ten is easy.

The product's initial setup phase is neither easy nor difficult. It is easy to manage the setup phase if you know how to do it correctly. Complexity comes along as a part of the tool, especially if it is powerful and has a lot of capabilities. If it is very easy to manage the setup phase of a tool, then it is bound to have some limitations.

The solution is deployed on the cloud, on-premises model, or a hybrid cloud.

It can take a few days to get the product up and running. The time required to deploy the tool depends on the use cases of the user.

The product offers an amazing pricing structure. Price-wise, the product is very competitive.

The product has made amazing developments and has gone miles ahead in a short span of time when it comes to its enhanced threat detection and threat response capabilities.

The product has helped manage endpoint security since it serves as a single tool that provides all the functionalities together. After you deploy Elastic Security, you can do everything with it, and there is no need to buy separate products or licenses. Through the setup of Elastic ELK Stack, you can get all the functionalities like SIEM, SOC, threat detection, endpoint detection, user behavior analytics, data analytics, data lake analytics, virtualization, dashboarding, cross-referencing, and threat response.

Elastic Security's most beneficial for security needs steps from the tool's openness. The tool is a highly customizable product, allowing you to play with it as much as you want.

Speaking about real-time data analytics features in Elastic Security improve security posture, the real-time is not real-time natively. You need real-time streaming capabilities, for which you need something like Apache Kafka to stream data. The analytical power of Elastic Security is extremely high. If you can get me data in real-time, I can analyze data in real time with Elastic Security.

The product has introduced generative AI in the tool.

The product has covered all technological advancements a person can think of, and it also has a lot of roadmap for the future development of the solution. The tool is strong and capable.

Elastic Security offers one of the highest integration capabilities I have seen in any kit in the market. The tool offers a lot of out-of-the-box connectors and a lot of certification from a lot of providers across different areas. From a workflow perspective, if you are a customer using a proprietary tool with proprietary mechanisms to manage how work is done, then the integration offered by Elastic Security wouldn't be great. If you have an enterprise-grade product involving firewall solutions, SOC tools, endpoint tools, privilege access management solutions, or any other cybersecurity tools, Elastic Security's integration capabilities would work and help manage your workflows seamlessly.

One of my company's customers told me that the incident response time after the implementation of the product was reduced by half within the first few weeks of the rolling out of the solution in the company.

The product is very user-friendly since it offers generative AI in the dashboard. If you don't know how to do something on the dashboard, you can ask a question, and the solution will guide you. From a user perspective, I would say that the person using the product should be knowledgeable and should know what he wants. The product is not for someone who is a novice. The cybersecurity analyst working on the tool should have a fair understanding of what he wants to achieve with the product. It is okay if a cybersecurity analyst does not know how to write a query in the tool since the product offers help through generative AI. You can ask generative AI how to write a query, and it helps you. Elastic Security can be a bit difficult to use if a person only has experience in SMBs with tools like Zoho. The product can also be difficult for those who have never dealt with query language. It would be easy to move to Elastic Security for those who use Splunk, IBM QRadar, or other enterprise-grade tools.

I rate the overall tool a ten out of ten.

My use case for the product revolved around conducting demonstrations and testing. It also helped me with tracing ransomware and managing threat scenarios.

The integration with Siemens Endpoint Security in Elastic Security has been beneficial for security. The provided rules are good, making it easy to create and understand rules. Patterns and detections are made through index patterns, requiring some follow-up steps.

In real-time, the impact of Elastic Security on ransomware is significant. For known and repeated ransomware, it can detect and prevent effectively using established signatures and behavioral patterns. However, for new types of ransomware with less complex behaviors or those that modify files minimally, conventional detection methods may struggle. Elastic Security proves to be effective even in challenging cases.

On the cloud, it allows testing of SaaS-based applications, performance evaluations using CDMs and APIs, incident detection within company network infrastructures, and comprehensive management of security services.

Improvements in Elastic Security could include refining and normalizing queries to make them more user-friendly, enhancing the user experience with better documentation, and addressing any latency issues.

I have utilized Elastic Security for approximately three to four months.

I rate the product’s stability an eight out of ten.

Scaling Elastic Security is relatively easy, with a rating of seven out of ten.

The tool's deployment is straightforward. 

I rate the overall product an eight out of ten.