Elastic Security Reviews

It is currently deployed as a single instance, but we are currently looking at clusters. We are using it for a logging solution. I'm a developer and act as a server engineer for DevOps Engineers. It's used by developers and mobile developers. It could be used by quite a few different teams.

It is quite comprehensive, and you're able to do a lot of tasks. It has dashboards and we're able to create a lot of search queries. It is not easy to use, but once you get the hang of it, then it provides good graphs and visuals such as these. The indexes allow you to get your results quickly. The filtering and log passing is the advantage of Logstash.

In terms of query resolution, error searching finding and production issues, we're able to find issues quicker. We don't need to manually obtain the logging reports. All bugs in code are quickly identified in the logs as they are in one centralized logging location.

We're using the open-source edition, for now, I think maybe they can allow their OLED plugin to be open source, as at the moment it is commercialised. We are planning to go into the production to use the enterprise edition, we just wanted to check how this one works first.  I think maybe on the last exercise part, I think the index rotation can be improved. It's something that they need to work on. It can be complex on how the index, all the logs that have been ingested, the index rotation can be challenging, so if they can work on that. In terms of ingestion, I think they should look at incorporating all operating systems. It should be easy to collect logs from different sources without a workaround to push the logs into the system. For example, in AIX, there's no direct log shipper so you do need to do a bit of tweaking there.

We have been using ELK Logstash for three years or so. We believe we are using the latest version. 

The solution is quite stable, although it does need a bit of maintenance, and because there is quite a lot of plugins that come with it. There's a lot of testing that is involved to ensure that nothing breaks.

The solution is scalable. So you're able to extend it and grow it. For example, you're able to put it in a cluster, so it is quite scalable.

I have used the technical support. Their forums are quite good in terms of response. There is quite a big community of forums, where you can get similar question or issues that others have experienced issues previously. Even then direct support is quite good. They also have regional support. 

Logging solution previously, but mainly I've been using Graylog and ELK. Graylog gives you centralized logging. It's built for a logging solution, whereas ELK is designed and built for more big data. If you want to go in deeper into analytics, ELK gives you that flexibility and out of the box models. The two solutions are widely used by a lot of bigger clients in the industry and they've been tried and tested.

With ELK, installation is not really straightforward. There are about three applications to consider. It's quite intense in terms of set up, but once you've done the setup, then it's nice and smooth. The implementation took about 3 weeks, but that is because I was doing it in between other projects. We used an implementation plan. It was deployed to the development environment, then the Point of Concept (POC) environments. It was then deployed into the production environment.

We implemented the solution in-house. There were no third parties involved. For deployment and maintenance, we just need about two to three people and the role is known as maintenance and installation.

We're using the open-source solution, So there are no-cost implications on it, but we are planning to use it throughout the organization. So, we will soon adopt the open-source model and depending on if there is a need for enterprise then we'll go down the enterprise route. If you need a lasting solution, you do need to buy the license for the OLED plugin. The free version comes fully standard and has everything that you need. It is easy to deploy, easy to use, and you get everything you need to become operational with it, and have nothing further to pay unless you want the OLED plugin. 

We also have Graylog, for Graylog we're using it in parallel for a similar solution. At the moment, we're basically just comparing the two and see which one is preferred.

Do a POC first. They should compare solutions and also look at different log formats they're trying to ingest. See how it really fits with the use case. This goes for ELK and Graylog. You can trial the enterprise version. In terms of lessons learned it does need some time and resources. It also needs adequate planning. You need to follow the documentation clearly and properly. I would give this solution 8 out of 10. 

I sell Elastic Security to my customers. Almost all my customers use the free version, but some use the enterprise version.

I like that it's a SIEM platform. I like that I can sell Elastic Security quickly. Elastic Security has a large community that can support users.

It would be better if Elastic Security had less storage for data. My customers do not like this. Other vendors have local support in different countries, but Elastic Security doesn't. I would like to have Operational Technology (OT) Security in the next release.

I have been working with this Elastic Security for about ten months.

Elastic Security is a stable solution. It's the most stable solution I have ever seen.

The initial setup is straightforward. Anyone who knows the basic features can implement this product. Elastic Security has a large community that can support users.

We implement this solution for our customers. We present and demonstrate the POC, and we support them. After the implementation, we provide the provisioning service. Deployment time depends on the business size, but it usually takes about 20 days to a month. 

The price is reasonable. It probably costs the same as ArcSight and LogRhythm SIEM. FortiSIEM might cost less than Elastic Security. There are no hidden or additional costs.

This product is better suited for large enterprises. It's one of the best options in the marketplace. I would tell potential users to use all the features because they are already collecting all the logs and data in one place.

On a scale from one to ten, I would give Elastic Security an eight.

It is for our own infrastructure. We are trying to do ELK Stack for everything. We are trying to build our own monitoring solution. For now, we are using it as an alerting solution, and SIEM is going to be our destination.

Its flexibility is most valuable. We can have a number of scenarios, and we can get logs from anything. If we know how to use Logstash, we can tweak it in many ways. This makes the logging search on Elastic very easy.

With Kibana, we can make very beautiful dashboards the way we wanted. It makes sense for the business.

We are paying dearly for the guy who is working on the ELK Stack. That knowledge is quite rare and hard to come by. For difficulty and availability of resources, I would rate it a five out of 10.

We don't have any scalability problems as of now. We have less than 2,000 devices.

We have a contractor who is trying to develop and deploy the ELK Stack for us. He has requested a couple of servers, and we have given those to him. He asked for more RAM and storage for the service, and he will take time developing the custom Logstash scripts that we have asked for.

I find it better than Splunk in terms of cost-effectiveness. For cost-effectiveness, I would rate it a nine out of 10.

It is complex, but you just need to have patience and personnel to develop it. Unless you explore a technology, you won't know what are the pros and cons. I have not seen any cons as of now, but it has miles to go in terms of being equal to Splunk. It is a community-driven technology. So, it will get there.

I would rate this solution a seven out of 10.

We use it as a SIEM for monitoring a client's environment.

One of the most valuable features of this solution is that it is more flexible than AlienVault. 

It is difficult to anticipate and understand the space utilization, so more clarity there would be great.

My company has been using this solution for two years.

It is a very stable solution.

The solution is very scalable.

The technical support is adequate.

Neutral

We currently use AlienVault for some clients and Elastic Security for others. We chose Elastic Security because we felt it was the most flexible, cost-effective solution to provide the results needed.

In certain respects, the setup of this solution is more straightforward than other solutions, but in other respects, it's more complex because it needs more fine-tuning than Splunk or AlienVault.

We implemented through an in-house team and it took about two months.

The licensing cost depends on the size of the environment it's monitoring. Everything is based on volume, as with all SIEMs. When compared to other products, the price is average or on the low side.

We evaluated several options, including Monster SIEM, Splunk, and Wazuh.

There's a lot of fine-tuning involved with this solution. When you go to a diner, and the menu has everything on it, and you can't figure out which part to look at first, it's a double-edged sword. You can do everything with this solution, which means you have to figure out which part of "everything" makes sense for your company to do.

I would rate this solution as an eight out of ten. It's a good value for money and a  reliable solution, but it's heavily reliant on appropriate configuration.

I worked for a telco client for the security model of Elastic, but my role was unit manager. I don't have a lot of technical expertise, but I decided on the solution for a client, and I was responsible for the delivery.

I worked with the security of the mobile app. I see all the logs in Elastic for SIEM. I monitored the logging and some logs from the machine for a UNIX system with some use cases like the machine's file system.

This solution is deployed on-premise.

We provide this solution to our customers, which are telcos, in the finance industry, and in retail.

I think that it's a good solution for a SIEM.

Elastic doesn't have the features like other competitors in SIEM. For example, Dynatrace as a solution for SIEM has features that Elastic actually don't have.

With Elastic, you have to build the use cases for the specific requirement. Other products have a simple integration and more use cases to integrate out-of-the-box solutions for SIEM. That's the improvement I would like to see.

The product is stable.

Other products like Splunk are better than Elastic for a SIEM because there are some use cases already available for a client. Elastic doesn't have this, so the user must build the SIEM solution. I think that Elastic has to increase the features for the SIEM.

It's not very complicated to install Elastic, but I didn't deploy it.

I would rate this solution 7 out of 10.

It's a good solution and I would recommend it, but there are other products that have more features that Elastic doesn't have.

This is a log aggregation tool and we are using it for security purposes.

There are 145 pre-built use cases, but we are still making some ourselves. One we built is an alarm for log deletion. For example, if a hacker tries to delete the log from a bank machine then it will raise an alarm immediately. A second use case is an alert for too many false login attempts, perhaps indicating a brute-force attack.

The most valuable feature is the speed, as it responds in a very short time. I think that the alerts are generated in less than a minute.

It is very easy to set up and doesn't take much time.

There are sensors called beats that have to be installed on all of the client machines, and there are seven or eight of them. As it is now, each beat needs to be configured separately, which can be quite hectic if my client has 1000+ machines. It would take a considerable period of time for us to complete the installation. They have begun working on this in the form of agents, which is a centralized management tool wherein all beats will be installed in a single stroke.

The training that is offered for Elastic is in need of improvement because there is no depth to it. It hardly takes 15 or 20 minutes to complete a training session that they say will take two hours to finish. Clearly, something is missing. If a new engineer wants to work with Elastic then it is really very hard for them to understand the technology. 

I have been using Elastic SIEM for two or three months.

This is a stable system and it has never crashed.

Elastic SIEM is definitely stable. We have just started working on it, so we have no more than perhaps 100 users at this point. At the same time, we are confident that it can be scaled up to any extent.

I am satisfied with the technical support.

The initial setup is easy. The length of time for deployment on a machine depends on the configuration that is required. If it uses all 145 use cases then it will take a long time. If on the other hand there are only a small set of use cases, it will be very quick. I would say that it takes no more than 30 minutes to install one.

I have personally worked with Splunk in the past, but here at this company, they only use Elastic. I believe that one of the major differences between these two is the pricing model. With Splunk, it depends on how much data we are ingesting. For us, it is approximately 500 GB per day. Elastic has a different pricing system that is ultimately cheaper.

One of the advantages of Splunk is that they offer extensive training that is free of cost.

My advice to anybody who is considering this product is that it is a very competitive tool that is very new in the market and the vendor is doing their best to improve services. I highly recommend it and suggest that people choose it without a second thought.

I would rate this solution an eight out of ten.

We are using Elastic Security for logging the application logs, as we use a microservice architecture. So all application logs are saved to this LogSpot.

It helps us detect errors and keep an eye on the application in both the development and production environments.

It can handle millions of loads at a time, and you can always use the filters to find exactly what you are looking for and detect errors in every log message you are searching for, basically.

There is an area of improvement in the Logs list. The load list may need to be paginated as there are limits. So if you are looking for logs for a specific application, you may get 50 lines of logs, but then you are lost. You need to add more features to specify your request so you can get the final result. It would be better to have additional features to specify your request and get the complete result.

I have been using this solution for nine months. Although, I am not using the latest version. 

I would rate the stability a nine out of ten. 

I would rate the scalability an eight out of ten. 

We definitely saw an ROI. It quickly finds the bugs.

I would recommend using it, especially if you have a microservice architecture. I also have a friend who has been using it for some big data projects, so I would recommend it for that as well. 

Overall, I would rate the solution a nine out of ten. 

Basically, we are using this product for monitoring and for developing the processes for our company.

I like that there is a knowledge base. There's the possibility for technical people to develop this product and to know much more. However, they do not need additional certifications from the vendor side or to pay a lot of money for their courses and certifications. We don't need to rely on vendors. We can handle the product ourselves. 

It's open-source and free to use.

The solution isn't really recognized in the market. They need to do a better job when they are marketing the solution. We'd like customers to have more visibility of it, and we'd like them to see how secure and highly effective it is. There needs to be more brand awareness. 

We have faced some obstacles when handling the implementation process. 

There are no templates available when integrating with other products. We sometimes need to find some workarounds. 

We'd like to see some more artificial intelligence capabilities.

I've been using the solution for four and a half years. 

The solution is stable and reliable. We found the product to be very usable. There are no bugs or glitches, and it doesn't crash or freeze. 

The solution can scale. Integration with other products may be a bit difficult, yet it is doable. 

If we need assistance, we tend to use the community. There is always somebody in the world who can help us if we have a question. There are many people that can provide good tips and useful advice. Typically, many people have faced the same problems and they can help us solve things. 

I'm also aware of Curator. 

Compared to Curator, customer awareness isn't as strong. From the price perspective, this product is better, however, many customers don't want to change their own CM and their products if they already have something in place.

The initial setup wasn't overly complex or difficult. That said, it wasn't simple either. It's somewhat moderate in terms of implementation.

I'd rate the solution three out of five in terms of ease of setup. 

This is an open-source solution. It is free to use. 

For new customers, this is a perfect choice. For older customers, it's very difficult to change solutions.

I'd rate the solution eight out of ten.