Elastic Security Reviews

There are around 150 pre-built use cases. One of the major use cases is when somebody tries to fiddle with logs, Elastic SIEM creates an alert because logs are the most critical things from the security aspect. For example, I have more than 1,000 terminals, which can be desktops, laptops, or any sort of servers. If somebody tries to delete Windows logs, Elastic SIEM immediately generates an alert indicating that somebody is trying to fiddle with the logs. Elastic SIEM sends me a pop-up message as well as an email.

It is very quick to react. I can set it to check anomalies or suspicious behavior every 30 seconds. It is very fast.

Elastic has a lot of beats, such as Winlogbeat and Filebeat. Beats are the agents that have to be installed on the terminals to send the data. When we install beats or Elastic agents on every terminal, they don't overload the terminals. In other SIEM solutions such as Splunk or QRadar, when beats or agents are installed on endpoints, they are very heavy for the terminals. They consume a lot of power of the terminals, whereas Elastic agents hardly consume any power and don't overload the terminals. 

There should be a simulation environment to check whether my Elastic implementation is functioning perfectly fine. Other competitors provide a simulation environment so that I can simulate an IT attack and see how my solution is reacting or giving me alerts. I have not found any such feature in Elastic.

Other solutions have their own Android and iOS applications that I can install on my mobile so that I am continuously connected to the SIEM. This is something missing in Elastic. There is no mobile app.

Its documentation should be a bit better. I have to spend at least a couple of hours to find the solution for a simple thing. The documentation should be more precise and much better than what their counterparts are offering.

When we buy Elastic, training is not included for free with Elastic. We have to pay extra for the training. They should include training in the price.

It is, for sure, reliable.

It is highly scalable. We at least have two dozen people who are using it. Some people may be using only a part of it, and some may be fully involved in it.

We have plans to increase its usage. We are ready with a running full-fledged server, and we can even handle data for potential customers. We are definitely planning to widen its usage.

I have interacted with them. They are quite responsive, and they do respond within the SLA.

I was not there when the deployment was done, but based on what I have heard, it was complex because of the server deployment and cluster formation, and it took at least two months.

Its price is fine. Its licensing works on a yearly basis. We have to renew the license every year.

I also have a good experience with Darktrace. When we buy Darktrace, we get training free of cost, which is not there in Elastic. We have to pay extra for training. There is certainly room for improvement.

I was not in this company when this was chosen.

I would advise going for the latest version, but it may or may not be backward compatible. Nowadays, version 7.12 is the latest version, and I see that it is actually not compatible with the older versions. 

I would rate Elastic SIEM a seven out of ten.

I use the tool for security operations.

Elastic Security is not good for my company. I also use Splunk. Splunk is better than Elastic Security. Elastic Security is used in our main security systems, and now we also use NetFlow. SPL is better than Elastic Security. SPL is better for creating dashboards. It is very good for creating dashboards.

I want to find an automatic security system in the tool, like a SOAR solution. I am looking forward to seeing a SOAR system in the tool.

I have been using Elastic Security for three years. I use Elastic Security 8.0. I am a customer of the tool.

I am a Splunk customer, but its usage is shrinking in our company. I have hands-on experience with Splunk for five to six years. As a basic enterprise system, Splunk is very good, and it also has many applications, making it a very useful tool. I am trying to find a managed security system. Splunk helps our organization monitor multiple cloud environments. It is not so easy to monitor multiple cloud environments with Splunk Enterprise Security's dashboards. With Splunk, it is very easy to find Azure and Azure API connections, but the versions vary. If the tool's version varies, the system won't work. Once we are able to set up the system, the tool will work fine.

Some application tools should be provided by the maker as they can be very beneficial to us.

Splunk's visibility into multiple environments is to manage the tool in the cloud. I have used the tool, and it has the capability to detect threats.

The product's initial setup phase was done two years ago, and the whole process was not so good, even though it was created with the support team from the project team. My company has a number of servers in the system, but it is not good enough or easy to implement the tool.

I just had one requirement with the product and had to send it across to the tool vendors.

The solution is deployed with the help of Azure.

The product's implementation phase was managed by IIJ, which is a system integrator. The help for Elasticsearch 7.0, but not so good for Elasticsearch 8.0.

The price of Elastic Security is not so bad compared to Splunk. I can say that the product is cheaply priced.

In cyber security operations, I use the tool only for troubleshooting or checking the network traffic. I really didn't really use it for security operations.

I am facing trouble creating a security system using Elastic Search. I am also considering other solutions, like Splunk, but I know that small and medium firms don't contact IBM.

The tool's functionality is good for overall security and incident response times.

I have heard from people that the tool generates results.

I would not recommend the product to others. I would recommend Splunk to others.

I rate the tool a six to seven out of ten.

Elastic Security makes data communication easier.

The solution should generate an automatic product that integrates with ELK Stack to use artificial intelligence.

The solution is not expensive and costs around ten dollars a month.

The solution allows you to generate alerts. You can automatically detect and configure mail in some addresses and automatically identify the identity that you have in your system. This is important for confidentiality in order to control the risks in identifying the users. The solution also uses artificial intelligence to identify anyone using your system.

We use the solution to monitor the activities of the people in the organization to prevent attacks in a controlled environment. We use the tool to observe the behavior of attacks and how to mitigate them. Today, security is more important than people know. You need to know who has access to your network, repository, or cell phone.

Overall, I rate the solution ten out of ten.

We use Elastic Security for basic SIEM reporting.

The most valuable feature of Elastic Security is that you can install agents, and they are not separately licensed. You can also directly install integrations onto those agents. The solution's user interface is good.

Presentation-wise, the dashboards are not that pretty from an aesthetic point of view. Regarding usability, you should be familiar with the Elastic syntaxes and how to use them, or else it can be pretty hard. The solution's query building is not that intuitive compared to other solutions.

I have been using Elastic Security for one year.

Elastic Security needs a lot of configuration from the architecture point of view, but other than that, it's pretty stable. Suppose you are doing small deployments and reaching the limit of the deployments. At some point, if there is a lack of resources and you have not configured the automatic scaling, it might freeze up, and you need to restart it.

Elastic Security's initial setup is easy.

Elastic Security is free to use.

Elastic Security has a pretty easy setup for someone starting a cybersecurity career. You will have a taste of what CM solutions look like, how they work, and the workflow because it's pretty easy to set up. Many cool features exist even in an on-premises, free, open-source version. Using Elastic Security is a pretty nice way to start.

Overall, I rate Elastic Security a seven out of ten.

Overall, the solution is good.

The machine learning aspect of the solution has been great.

The deployment is not that complicated.

ELK is open-source, and it will give you the framework you need to build everything from scratch.

The SIEM modules in Logstash, need more improvement. In the future, the modules could be more advanced as right now there are only very basic modules.

We are facing an issue with the engineers. In the region, there are not many available. Only a few people might be available in our particular region, which is a problem. 

There isn't really a very good user experience. You need a lot of training. There is an interface with limited options. You need to work with the coding and you need to work with the scripts. It's not simple. If you want to configure something, for example, you need to be a proper programmer.

It would ideal if they had a dashboard. Right now, the only way to see what you need to see is to go through all of the logs. 

I've used the solution for one and a half years.

The stability of the solution is good. However, it depends on the configurations. If the solution is configured properly from the beginning, it will be stable. However, if the solution is not configured from beginning properly, it will not be. This is due to the fact that ELK Elasticsearch gives you the framework only, and the customizations depend on the guys who will be coming to configure everything for the company.

The scalability is good, however, there is a certain level of skill that is needed. Due to the lack of trained engineers in the area, this could be a challenge.

We've reached out to technical support in the past. We found that sometimes communication with them was difficult as there was a lack of understanding. This means that it takes a longer time to reach a resolution. However, in the end, when we have had issues, we were able to resolve them, even if it was a bit delayed. 

I've also worked with LogRhythm and there is no comparison. LogRhythm is the best solution for me. The use cases are better and are readily available. In contrast, with ELK, we need to deploy a lot of things. We need to program people and we need skills and training. We need a lot of things. Even the LogRhythm training is easier than ELK. With ELK, you need to build the customization, rules, everything, from scratch. WithLogRhythm, you just have to enable features.

If a company wants some more specific detailed use cases, then ELK would be better than LogRhythm, however, for a generic use case, LogRhythm is better.

The initial setup is pretty simple and straightforward. It's not overly complex. 

That said, it does require trained specialists, and there just aren't that many in our area. 

Overall, I would rate the setup process at a two out of five. 

The configuration must be done correctly, and that depends on who is configuring it. If the person configuring it, for example, only has an administrator background, he will configure the administrator stuff. If he has a security background, he will configure for security.

We are a partner. 

I'd advise others considering the solution that ELK is a good solution, however, it requires skills and capability. You need to be properly trained with it to get the most out of it. 

I would rate the solution at a five out of ten.

Our primary use case of this solution is for application performance monitoring. We are customers of ELK.

This solution enables us to monitor application performance from Elasticsearch and we can predict some behaviors for applications using ELK. This product is distributed and scalable which is good for us.

The troubleshooting or diagnostic tool can be improved to provide a better understanding of internal behavior and how data is stored. It would also be helpful if they were to release the next version as a plugin or an extension, or as a JAR file, for the latest features. When releasing a new version they currently provide a new stack which means everything needs to be removed before the new version is installed. 

I've been using this solution for five years. 

The solution is generally stable, although with each new upgrade there is an adjustment period. They upgrade versions very regularly and it's hard to keep up. By the time my environment is stable with the previous versions, they are already bringing out a new version. 

Scalability is very good with this product. 

I'm not satisfied with technical support because whenever you raise a case, it goes to some random support person who asks questions about the architecture. It's a waste of time. I'm a platinum customer so each time I raise a request, it should go to a dedicated customer support representative who knows my case. It's very difficult when you work in a highly secure environment to get all the logs and send the logs to them each time. 

The initial setup is easy, but as you begin using the more advanced features like security and authentication with an AM and LM, then it becomes a bit tricky.

Licensing costs are high, they charge based on the nodes and the RAM. If I purchase a license for a 64GB RAM node and then want to have 128GB RAM, I can't because it's not in the contract so I have to pay on top of that. They removed a feature that allows me to provide multiple disks for one node so if I now want to add an extra disk to the volume, I have to buy a license for one extra node. It's very unfair. 

I would recommend this solution for an organization that doesn't require a highly secured environment, because they'll have to deal with the issues of VM upgrades and installations. If it's a highly secured environment like a bank, then I suggest ELK cloud instead of on-prem.

I rate this solution a seven out of 10. 

My use case for the product revolved around conducting demonstrations and testing. It also helped me with tracing ransomware and managing threat scenarios.

The integration with Siemens Endpoint Security in Elastic Security has been beneficial for security. The provided rules are good, making it easy to create and understand rules. Patterns and detections are made through index patterns, requiring some follow-up steps.

In real-time, the impact of Elastic Security on ransomware is significant. For known and repeated ransomware, it can detect and prevent effectively using established signatures and behavioral patterns. However, for new types of ransomware with less complex behaviors or those that modify files minimally, conventional detection methods may struggle. Elastic Security proves to be effective even in challenging cases.

On the cloud, it allows testing of SaaS-based applications, performance evaluations using CDMs and APIs, incident detection within company network infrastructures, and comprehensive management of security services.

Improvements in Elastic Security could include refining and normalizing queries to make them more user-friendly, enhancing the user experience with better documentation, and addressing any latency issues.

I have utilized Elastic Security for approximately three to four months.

I rate the product’s stability an eight out of ten.

Scaling Elastic Security is relatively easy, with a rating of seven out of ten.

The tool's deployment is straightforward. 

I rate the overall product an eight out of ten.

It is currently deployed as a single instance, but we are currently looking at clusters. We are using it for a logging solution. I'm a developer and act as a server engineer for DevOps Engineers. It's used by developers and mobile developers. It could be used by quite a few different teams.

It is quite comprehensive, and you're able to do a lot of tasks. It has dashboards and we're able to create a lot of search queries. It is not easy to use, but once you get the hang of it, then it provides good graphs and visuals such as these. The indexes allow you to get your results quickly. The filtering and log passing is the advantage of Logstash.

In terms of query resolution, error searching finding and production issues, we're able to find issues quicker. We don't need to manually obtain the logging reports. All bugs in code are quickly identified in the logs as they are in one centralized logging location.

We're using the open-source edition, for now, I think maybe they can allow their OLED plugin to be open source, as at the moment it is commercialised. We are planning to go into the production to use the enterprise edition, we just wanted to check how this one works first.  I think maybe on the last exercise part, I think the index rotation can be improved. It's something that they need to work on. It can be complex on how the index, all the logs that have been ingested, the index rotation can be challenging, so if they can work on that. In terms of ingestion, I think they should look at incorporating all operating systems. It should be easy to collect logs from different sources without a workaround to push the logs into the system. For example, in AIX, there's no direct log shipper so you do need to do a bit of tweaking there.

We have been using ELK Logstash for three years or so. We believe we are using the latest version. 

The solution is quite stable, although it does need a bit of maintenance, and because there is quite a lot of plugins that come with it. There's a lot of testing that is involved to ensure that nothing breaks.

The solution is scalable. So you're able to extend it and grow it. For example, you're able to put it in a cluster, so it is quite scalable.

I have used the technical support. Their forums are quite good in terms of response. There is quite a big community of forums, where you can get similar question or issues that others have experienced issues previously. Even then direct support is quite good. They also have regional support. 

Logging solution previously, but mainly I've been using Graylog and ELK. Graylog gives you centralized logging. It's built for a logging solution, whereas ELK is designed and built for more big data. If you want to go in deeper into analytics, ELK gives you that flexibility and out of the box models. The two solutions are widely used by a lot of bigger clients in the industry and they've been tried and tested.

With ELK, installation is not really straightforward. There are about three applications to consider. It's quite intense in terms of set up, but once you've done the setup, then it's nice and smooth. The implementation took about 3 weeks, but that is because I was doing it in between other projects. We used an implementation plan. It was deployed to the development environment, then the Point of Concept (POC) environments. It was then deployed into the production environment.

We implemented the solution in-house. There were no third parties involved. For deployment and maintenance, we just need about two to three people and the role is known as maintenance and installation.

We're using the open-source solution, So there are no-cost implications on it, but we are planning to use it throughout the organization. So, we will soon adopt the open-source model and depending on if there is a need for enterprise then we'll go down the enterprise route. If you need a lasting solution, you do need to buy the license for the OLED plugin. The free version comes fully standard and has everything that you need. It is easy to deploy, easy to use, and you get everything you need to become operational with it, and have nothing further to pay unless you want the OLED plugin. 

We also have Graylog, for Graylog we're using it in parallel for a similar solution. At the moment, we're basically just comparing the two and see which one is preferred.

Do a POC first. They should compare solutions and also look at different log formats they're trying to ingest. See how it really fits with the use case. This goes for ELK and Graylog. You can trial the enterprise version. In terms of lessons learned it does need some time and resources. It also needs adequate planning. You need to follow the documentation clearly and properly. I would give this solution 8 out of 10.