Elastic Security Reviews

My use case for the product revolved around conducting demonstrations and testing. It also helped me with tracing ransomware and managing threat scenarios.

The integration with Siemens Endpoint Security in Elastic Security has been beneficial for security. The provided rules are good, making it easy to create and understand rules. Patterns and detections are made through index patterns, requiring some follow-up steps.

In real-time, the impact of Elastic Security on ransomware is significant. For known and repeated ransomware, it can detect and prevent effectively using established signatures and behavioral patterns. However, for new types of ransomware with less complex behaviors or those that modify files minimally, conventional detection methods may struggle. Elastic Security proves to be effective even in challenging cases.

On the cloud, it allows testing of SaaS-based applications, performance evaluations using CDMs and APIs, incident detection within company network infrastructures, and comprehensive management of security services.

Improvements in Elastic Security could include refining and normalizing queries to make them more user-friendly, enhancing the user experience with better documentation, and addressing any latency issues.

I have utilized Elastic Security for approximately three to four months.

I rate the product’s stability an eight out of ten.

Scaling Elastic Security is relatively easy, with a rating of seven out of ten.

The tool's deployment is straightforward. 

I rate the overall product an eight out of ten.

We primarily use the solution for security purposes. 

It works just fine. We haven't had any issues with it. 

It is scalable. 

Technical support has been good.

It is stable. 

The product is fast to set up and very easy to deploy.

We aren't expecting any new features in the next release, We have everything we need. 

Technical support could respond faster.

I haven't been using the solution for too long. It's been only a few years. 

The solution is stable and reliable. There are no bugs or glitches and it doesn't crash or freeze. 

The solution is quite scalable. I'd rate the ability to expand nine out of ten. 

Technical support is quite helpful and responsive. However, it could always be faster. 

Positive

We did use a different solution. We decided to switch to this product as it fit our needs. 

The initial setup is straightforward. The deployment is fast. It only takes a few seconds to get up and running. 

I was able to handle the initial setup myself. 

We have not necessarily seen any ROI. 

The pricing is pretty good. We pay for a license annually. The cost is very good. We don't find it too expensive. 

I'm using the latest version of the solution. 

I'd recommend the solution to others.

I'd rate the solution eight out of ten. 

I worked for a telco client for the security model of Elastic, but my role was unit manager. I don't have a lot of technical expertise, but I decided on the solution for a client, and I was responsible for the delivery.

I worked with the security of the mobile app. I see all the logs in Elastic for SIEM. I monitored the logging and some logs from the machine for a UNIX system with some use cases like the machine's file system.

This solution is deployed on-premise.

We provide this solution to our customers, which are telcos, in the finance industry, and in retail.

I think that it's a good solution for a SIEM.

Elastic doesn't have the features like other competitors in SIEM. For example, Dynatrace as a solution for SIEM has features that Elastic actually don't have.

With Elastic, you have to build the use cases for the specific requirement. Other products have a simple integration and more use cases to integrate out-of-the-box solutions for SIEM. That's the improvement I would like to see.

The product is stable.

Other products like Splunk are better than Elastic for a SIEM because there are some use cases already available for a client. Elastic doesn't have this, so the user must build the SIEM solution. I think that Elastic has to increase the features for the SIEM.

It's not very complicated to install Elastic, but I didn't deploy it.

I would rate this solution 7 out of 10.

It's a good solution and I would recommend it, but there are other products that have more features that Elastic doesn't have.

We use it as a SIEM for monitoring a client's environment.

One of the most valuable features of this solution is that it is more flexible than AlienVault. 

It is difficult to anticipate and understand the space utilization, so more clarity there would be great.

My company has been using this solution for two years.

It is a very stable solution.

The solution is very scalable.

The technical support is adequate.

Neutral

We currently use AlienVault for some clients and Elastic Security for others. We chose Elastic Security because we felt it was the most flexible, cost-effective solution to provide the results needed.

In certain respects, the setup of this solution is more straightforward than other solutions, but in other respects, it's more complex because it needs more fine-tuning than Splunk or AlienVault.

We implemented through an in-house team and it took about two months.

The licensing cost depends on the size of the environment it's monitoring. Everything is based on volume, as with all SIEMs. When compared to other products, the price is average or on the low side.

We evaluated several options, including Monster SIEM, Splunk, and Wazuh.

There's a lot of fine-tuning involved with this solution. When you go to a diner, and the menu has everything on it, and you can't figure out which part to look at first, it's a double-edged sword. You can do everything with this solution, which means you have to figure out which part of "everything" makes sense for your company to do.

I would rate this solution as an eight out of ten. It's a good value for money and a  reliable solution, but it's heavily reliant on appropriate configuration.

We primarily use the solution to have a correlation on all the Windows event logs. We use it more for forensic purposes now. We are looking for something which will be a more proactive product for us and be able to detect any threats and take automatic action.

All of the features on the solution are useful due to the fact that I have the full Stack, therefore I can collect and then visualize. We have the dashboard tutor as well.

The solution has a good community surrounding it for lots of helpful documentation for troubleshooting purposes.

The solution is lacking some features of AI and machine learning. There may be a feature out there we are not using or maybe it's on a different solution, however, having more AI would be so helpful for us.

The solution needs to be more reactive to investigations. We need to be able to detect and prevent any attacks before it can damage our infrastructure. Currently, this solution doesn't offer that.

I know there are some features which are coming, and which is already available. To be honest, I haven't had any time to play around and check what could be the advantages of them. Compared to other products, already the features available - and there are lots of things which are provided - are quite useful. We are not managing it. We're only using it. For us, if we had the technical skills to manage the solution, we might be able to see and understand a few features that we're not already taking advantage of.

I've been using the solution for three years.

The solution is scalable for us now, although it didn't start that way.

We have about 50 users between SecOps and the Microsoft team. The network team of between 50 and 100 people are using it on a regular basis.

I never had to be in contact with technical support. I mainly rely on the communities around the solution and that is where I find almost all of the information I need. They're great. There's lots of information available that helps you troubleshoot issues.

We previously used a product from Quest Software called Change Auditor. We actually didn't switch off this solution. We use both Quest and ELK in our organization.

The main difference is that one you have to pay for, while the other one is much cheaper and if you don't need all the features, you can use it for free.

ELK has much more information, as well. You can grab much more information with ELK than you can with Change Auditor, without adding any additional modules.

The initial setup as I recall was pretty easy. However, I moved to an infrastructure that had a connection to a second ELK instance that I am not managing.

The settings on that instance are more complex than my initial setup. 

I am not a specialist in big data infrastructure. I am a process engineer. You need some dedicated and well-trained people as soon as you have a large infrastructure and you are sending a lot of events to the elastic instance so that it is performed correctly. That's always the challenge you have with on-premise infrastructure.

I'm not sure how much the company pays to use ELK. It's not part of the job that I handle.

We're ELK customers. Mostly I'm a specialist on the infrastructure of the solution.

The solution is perfect as long as you are using it for forensics. In terms of threat detection, it could be better. There could be another product that is more appropriate for that aspect.

I'd rate the solution eight out of ten.

We are using Elastic Security for logging the application logs, as we use a microservice architecture. So all application logs are saved to this LogSpot.

It helps us detect errors and keep an eye on the application in both the development and production environments.

It can handle millions of loads at a time, and you can always use the filters to find exactly what you are looking for and detect errors in every log message you are searching for, basically.

There is an area of improvement in the Logs list. The load list may need to be paginated as there are limits. So if you are looking for logs for a specific application, you may get 50 lines of logs, but then you are lost. You need to add more features to specify your request so you can get the final result. It would be better to have additional features to specify your request and get the complete result.

I have been using this solution for nine months. Although, I am not using the latest version. 

I would rate the stability a nine out of ten. 

I would rate the scalability an eight out of ten. 

We definitely saw an ROI. It quickly finds the bugs.

I would recommend using it, especially if you have a microservice architecture. I also have a friend who has been using it for some big data projects, so I would recommend it for that as well. 

Overall, I would rate the solution a nine out of ten. 

I use Elastic Search to collect logs from an Active Directory server and forward the incidents to the SOAR solution.

Elastic Security is a highly flexible platform that can be implemented anywhere. 

The setup process is complex. You need a solid working knowledge of networking, operating systems, and a little programming. 

I have used Elastic Security for three or four months.

I rate Elastic Security seven out of 10 for stability. It isn't very stable. 

The setup process is highly complex because you need to configure every agent separately and then connect them to each other and the system architecture. It would be difficult for the average user. I had a cybersecurity consultant to help me set up some of the agents. It took about three days to deploy. Maintaining Elastic Search is also challenging.

I rate Elastic Search seven out of 10. I would recommend it for people who are using it to learn about solutions, but I don't think it's capable of doing the work on an enterprise level. 

Overall, the solution is good.

The machine learning aspect of the solution has been great.

The deployment is not that complicated.

ELK is open-source, and it will give you the framework you need to build everything from scratch.

The SIEM modules in Logstash, need more improvement. In the future, the modules could be more advanced as right now there are only very basic modules.

We are facing an issue with the engineers. In the region, there are not many available. Only a few people might be available in our particular region, which is a problem. 

There isn't really a very good user experience. You need a lot of training. There is an interface with limited options. You need to work with the coding and you need to work with the scripts. It's not simple. If you want to configure something, for example, you need to be a proper programmer.

It would ideal if they had a dashboard. Right now, the only way to see what you need to see is to go through all of the logs. 

I've used the solution for one and a half years.

The stability of the solution is good. However, it depends on the configurations. If the solution is configured properly from the beginning, it will be stable. However, if the solution is not configured from beginning properly, it will not be. This is due to the fact that ELK Elasticsearch gives you the framework only, and the customizations depend on the guys who will be coming to configure everything for the company.

The scalability is good, however, there is a certain level of skill that is needed. Due to the lack of trained engineers in the area, this could be a challenge.

We've reached out to technical support in the past. We found that sometimes communication with them was difficult as there was a lack of understanding. This means that it takes a longer time to reach a resolution. However, in the end, when we have had issues, we were able to resolve them, even if it was a bit delayed. 

I've also worked with LogRhythm and there is no comparison. LogRhythm is the best solution for me. The use cases are better and are readily available. In contrast, with ELK, we need to deploy a lot of things. We need to program people and we need skills and training. We need a lot of things. Even the LogRhythm training is easier than ELK. With ELK, you need to build the customization, rules, everything, from scratch. WithLogRhythm, you just have to enable features.

If a company wants some more specific detailed use cases, then ELK would be better than LogRhythm, however, for a generic use case, LogRhythm is better.

The initial setup is pretty simple and straightforward. It's not overly complex. 

That said, it does require trained specialists, and there just aren't that many in our area. 

Overall, I would rate the setup process at a two out of five. 

The configuration must be done correctly, and that depends on who is configuring it. If the person configuring it, for example, only has an administrator background, he will configure the administrator stuff. If he has a security background, he will configure for security.

We are a partner. 

I'd advise others considering the solution that ELK is a good solution, however, it requires skills and capability. You need to be properly trained with it to get the most out of it. 

I would rate the solution at a five out of ten.