Elastic Security Reviews

We use Elastic Security for basic SIEM reporting.

The most valuable feature of Elastic Security is that you can install agents, and they are not separately licensed. You can also directly install integrations onto those agents. The solution's user interface is good.

Presentation-wise, the dashboards are not that pretty from an aesthetic point of view. Regarding usability, you should be familiar with the Elastic syntaxes and how to use them, or else it can be pretty hard. The solution's query building is not that intuitive compared to other solutions.

I have been using Elastic Security for one year.

Elastic Security needs a lot of configuration from the architecture point of view, but other than that, it's pretty stable. Suppose you are doing small deployments and reaching the limit of the deployments. At some point, if there is a lack of resources and you have not configured the automatic scaling, it might freeze up, and you need to restart it.

Elastic Security's initial setup is easy.

Elastic Security is free to use.

Elastic Security has a pretty easy setup for someone starting a cybersecurity career. You will have a taste of what CM solutions look like, how they work, and the workflow because it's pretty easy to set up. Many cool features exist even in an on-premises, free, open-source version. Using Elastic Security is a pretty nice way to start.

Overall, I rate Elastic Security a seven out of ten.

Elastic Security is very customizable, and the dashboards are very easy to build. It's a very, very, very fast tool. If I click on something on my other SIEM to drill down into that thing, it only drills down a little, but Elastic Security will filter everything that's on the screen.

It's a little bit of a learning curve to understand the logic of searching for things and trying to find what you're looking for in Elastic Security. You have to understand because it's not all formatted the same. My last SIEM had a whole drop-down where you literally could click on whatever data source you wanted to look at.

It's not like that in Elastic Security. Sometimes, it's a drop-down, and sometimes it's like a specific thing inside something else. You have to get in there and understand your environment to really know where your data is. Trying to find what you're looking for if you don't know the environment is extremely hard in Elastic Security.

Elastic Security's scalability is pretty easy. Since it's in the cloud, you have to watch your throughput to ensure you're staying within what you've bought. That being said, they have had to build scripts to understand that throughput because there is no easy way to see how much data you're actually pushing to the cloud. If you go over your cap, they'll bite you in the bill, and you wouldn't even know it.

Elastic Security's initial setup is not easy. We've had to hire an entire team, and it's taken over a year and a half to set up the solution.

Before choosing Elastic Security, we evaluated Microsoft Sentinel.

The learning curve for Elastic Security is heavy. It becomes easier once you get into it and start using it as a user. We had to hire a separate team to help build the back end. Elastic Security is not an easy product to set up.

Elastic Security has better user usability and intuitiveness. It's hard to build the tool, but it is quick and has easy dashboards. Elastic Security is great once you get it built, but the build is the hardest part.

Overall, I rate Elastic Security a six out of ten.

We primarily use the solution for security purposes. 

It works just fine. We haven't had any issues with it. 

It is scalable. 

Technical support has been good.

It is stable. 

The product is fast to set up and very easy to deploy.

We aren't expecting any new features in the next release, We have everything we need. 

Technical support could respond faster.

I haven't been using the solution for too long. It's been only a few years. 

The solution is stable and reliable. There are no bugs or glitches and it doesn't crash or freeze. 

The solution is quite scalable. I'd rate the ability to expand nine out of ten. 

Technical support is quite helpful and responsive. However, it could always be faster. 

Positive

We did use a different solution. We decided to switch to this product as it fit our needs. 

The initial setup is straightforward. The deployment is fast. It only takes a few seconds to get up and running. 

I was able to handle the initial setup myself. 

We have not necessarily seen any ROI. 

The pricing is pretty good. We pay for a license annually. The cost is very good. We don't find it too expensive. 

I'm using the latest version of the solution. 

I'd recommend the solution to others.

I'd rate the solution eight out of ten. 

This is a log aggregation tool and we are using it for security purposes.

There are 145 pre-built use cases, but we are still making some ourselves. One we built is an alarm for log deletion. For example, if a hacker tries to delete the log from a bank machine then it will raise an alarm immediately. A second use case is an alert for too many false login attempts, perhaps indicating a brute-force attack.

The most valuable feature is the speed, as it responds in a very short time. I think that the alerts are generated in less than a minute.

It is very easy to set up and doesn't take much time.

There are sensors called beats that have to be installed on all of the client machines, and there are seven or eight of them. As it is now, each beat needs to be configured separately, which can be quite hectic if my client has 1000+ machines. It would take a considerable period of time for us to complete the installation. They have begun working on this in the form of agents, which is a centralized management tool wherein all beats will be installed in a single stroke.

The training that is offered for Elastic is in need of improvement because there is no depth to it. It hardly takes 15 or 20 minutes to complete a training session that they say will take two hours to finish. Clearly, something is missing. If a new engineer wants to work with Elastic then it is really very hard for them to understand the technology. 

I have been using Elastic SIEM for two or three months.

This is a stable system and it has never crashed.

Elastic SIEM is definitely stable. We have just started working on it, so we have no more than perhaps 100 users at this point. At the same time, we are confident that it can be scaled up to any extent.

I am satisfied with the technical support.

The initial setup is easy. The length of time for deployment on a machine depends on the configuration that is required. If it uses all 145 use cases then it will take a long time. If on the other hand there are only a small set of use cases, it will be very quick. I would say that it takes no more than 30 minutes to install one.

I have personally worked with Splunk in the past, but here at this company, they only use Elastic. I believe that one of the major differences between these two is the pricing model. With Splunk, it depends on how much data we are ingesting. For us, it is approximately 500 GB per day. Elastic has a different pricing system that is ultimately cheaper.

One of the advantages of Splunk is that they offer extensive training that is free of cost.

My advice to anybody who is considering this product is that it is a very competitive tool that is very new in the market and the vendor is doing their best to improve services. I highly recommend it and suggest that people choose it without a second thought.

I would rate this solution an eight out of ten.

Elastic Security makes data communication easier.

The solution should generate an automatic product that integrates with ELK Stack to use artificial intelligence.

The solution is not expensive and costs around ten dollars a month.

The solution allows you to generate alerts. You can automatically detect and configure mail in some addresses and automatically identify the identity that you have in your system. This is important for confidentiality in order to control the risks in identifying the users. The solution also uses artificial intelligence to identify anyone using your system.

We use the solution to monitor the activities of the people in the organization to prevent attacks in a controlled environment. We use the tool to observe the behavior of attacks and how to mitigate them. Today, security is more important than people know. You need to know who has access to your network, repository, or cell phone.

Overall, I rate the solution ten out of ten.

I've been using the Elastic solution primarily as an IAM solution. It helps in threat-hunting investigations and provides case management and security incident management.

The general process involves collecting all security events on a data platform or a data lake. These events are then processed and analyzed based on threat perception, comparing them against known attack vectors. Events identified as potential threats are tagged accordingly. During analysis, data enrichment may be necessary to enhance understanding. After tagging threats, the analysis is forwarded to a threat-hunting team. A security incident is created if there's no existing solution, and a case analysis is conducted to find a solution.

Elastic provides the capability to index quickly due to the reverse indexes it offers. This data is crucial as it contains critical information. The reverse index allows fast data indexing because of Elastic's efficient search engine.

After the initial processing, Elastic Search offers rapid access to data and indexes. Additionally, Elastic provides a feature for root cause analysis. In this process, various threats emerge. Relevant events are properly linked, suppressing unnecessary ones. The correlated event is then passed on to root cause analysis, aiding in pinpointing the specific problem area.

The solution lacks discovery. With effective discovery and asset management in place, you can identify the impact of threats. Having an asset management database allows you to determine the effects of threats on assets and their implications for business and operational aspects. 

I have been using Elastic Security for five to six years.

The product is stable in large energy utility environments, where it handles millions of transactions per second, both on-premises and in the cloud.

Scalability occurs on the elastic cluster side because the basic ingestion happens on the cluster side. With increased volumes, your cluster should also be able to handle more, or you must provision additional clusters to handle the workload. The solution is entirely scalable. Elastic operates on an in-memory computing basis. A perfect ratio must be maintained during the data retention period. The Elastic infrastructure is set up in a way that provides input and handles the data lake comprehensively. It's more of an infrastructure-level scalability rather than a solution scalability.

The basic support always comes with a very basic level of SLAs, whereas the premium support comes with advanced or very high SLAs.

Elastic is replacing solutions like Splunk and IBM QRadar.

The initial setup is straightforward but has complex data feeds ingested into the system. Millions of data points are arriving per second, presenting a significant data transfer rate. Consequently, the system must be appropriately sized and scaled to meet this demand. Furthermore, all data is accessed in real-time, complicating the sizing process.

Elastic Security is open-source. Unlike many older solutions where you must pay for data ingestion, Elastic allows you to ingest data freely. Being open source, you can set up a Kafka front door layer to ingest data and forward it to the Elastic cluster in various formats. Once ingested, the Elastic cluster, essentially Elastic search, manages cluster management automatically. Additionally, being open source, Elastic can seamlessly integrate with any data feeds.

Anomaly detection comes into play when conducting a threat investigation using threat intelligence or querying threats. Typically, security events stem from various sources, such as operating system logs, event logs, application logs, and security logs, all collected from different systems and traffic data. This data streams at an enormous rate, measured in events per second, often reaching millions. Therefore, the task involves running anomaly detection across these events to pinpoint those requiring analysis and further threat-hunting efforts.

If you're using Kaspersky for event management or passing through data stream pipelines, Elastic can convert the data into a usable format for ingestion into the cluster. Integration with existing solutions is straightforward since Elastic is an open-source platform.

Overall, I rate the solution an eight out of ten.

I use the tool for security operations.

Elastic Security is not good for my company. I also use Splunk. Splunk is better than Elastic Security. Elastic Security is used in our main security systems, and now we also use NetFlow. SPL is better than Elastic Security. SPL is better for creating dashboards. It is very good for creating dashboards.

I want to find an automatic security system in the tool, like a SOAR solution. I am looking forward to seeing a SOAR system in the tool.

I have been using Elastic Security for three years. I use Elastic Security 8.0. I am a customer of the tool.

I am a Splunk customer, but its usage is shrinking in our company. I have hands-on experience with Splunk for five to six years. As a basic enterprise system, Splunk is very good, and it also has many applications, making it a very useful tool. I am trying to find a managed security system. Splunk helps our organization monitor multiple cloud environments. It is not so easy to monitor multiple cloud environments with Splunk Enterprise Security's dashboards. With Splunk, it is very easy to find Azure and Azure API connections, but the versions vary. If the tool's version varies, the system won't work. Once we are able to set up the system, the tool will work fine.

Some application tools should be provided by the maker as they can be very beneficial to us.

Splunk's visibility into multiple environments is to manage the tool in the cloud. I have used the tool, and it has the capability to detect threats.

The product's initial setup phase was done two years ago, and the whole process was not so good, even though it was created with the support team from the project team. My company has a number of servers in the system, but it is not good enough or easy to implement the tool.

I just had one requirement with the product and had to send it across to the tool vendors.

The solution is deployed with the help of Azure.

The product's implementation phase was managed by IIJ, which is a system integrator. The help for Elasticsearch 7.0, but not so good for Elasticsearch 8.0.

The price of Elastic Security is not so bad compared to Splunk. I can say that the product is cheaply priced.

In cyber security operations, I use the tool only for troubleshooting or checking the network traffic. I really didn't really use it for security operations.

I am facing trouble creating a security system using Elastic Search. I am also considering other solutions, like Splunk, but I know that small and medium firms don't contact IBM.

The tool's functionality is good for overall security and incident response times.

I have heard from people that the tool generates results.

I would not recommend the product to others. I would recommend Splunk to others.

I rate the tool a six to seven out of ten.

Overall, the solution is good.

The machine learning aspect of the solution has been great.

The deployment is not that complicated.

ELK is open-source, and it will give you the framework you need to build everything from scratch.

The SIEM modules in Logstash, need more improvement. In the future, the modules could be more advanced as right now there are only very basic modules.

We are facing an issue with the engineers. In the region, there are not many available. Only a few people might be available in our particular region, which is a problem. 

There isn't really a very good user experience. You need a lot of training. There is an interface with limited options. You need to work with the coding and you need to work with the scripts. It's not simple. If you want to configure something, for example, you need to be a proper programmer.

It would ideal if they had a dashboard. Right now, the only way to see what you need to see is to go through all of the logs. 

I've used the solution for one and a half years.

The stability of the solution is good. However, it depends on the configurations. If the solution is configured properly from the beginning, it will be stable. However, if the solution is not configured from beginning properly, it will not be. This is due to the fact that ELK Elasticsearch gives you the framework only, and the customizations depend on the guys who will be coming to configure everything for the company.

The scalability is good, however, there is a certain level of skill that is needed. Due to the lack of trained engineers in the area, this could be a challenge.

We've reached out to technical support in the past. We found that sometimes communication with them was difficult as there was a lack of understanding. This means that it takes a longer time to reach a resolution. However, in the end, when we have had issues, we were able to resolve them, even if it was a bit delayed. 

I've also worked with LogRhythm and there is no comparison. LogRhythm is the best solution for me. The use cases are better and are readily available. In contrast, with ELK, we need to deploy a lot of things. We need to program people and we need skills and training. We need a lot of things. Even the LogRhythm training is easier than ELK. With ELK, you need to build the customization, rules, everything, from scratch. WithLogRhythm, you just have to enable features.

If a company wants some more specific detailed use cases, then ELK would be better than LogRhythm, however, for a generic use case, LogRhythm is better.

The initial setup is pretty simple and straightforward. It's not overly complex. 

That said, it does require trained specialists, and there just aren't that many in our area. 

Overall, I would rate the setup process at a two out of five. 

The configuration must be done correctly, and that depends on who is configuring it. If the person configuring it, for example, only has an administrator background, he will configure the administrator stuff. If he has a security background, he will configure for security.

We are a partner. 

I'd advise others considering the solution that ELK is a good solution, however, it requires skills and capability. You need to be properly trained with it to get the most out of it. 

I would rate the solution at a five out of ten.