I sell Elastic Security to my customers. Almost all my customers use the free version, but some use the enterprise version.
Technical Sales Manager at Spire Solutions
A unified SIEM platform that is supported by a large community of users
Pros and Cons
- "I like that it's a SIEM platform. I like that I can sell Elastic Security quickly. Elastic Security has a large community that can support users."
- "It would be better if Elastic Security had less storage for data. My customers do not like this. Other vendors have local support in different countries, but Elastic Security doesn't. I would like to have Operational Technology (OT) security in the next release."
What is our primary use case?
What is most valuable?
I like that it's a SIEM platform. I like that I can sell Elastic Security quickly. Elastic Security has a large community that can support users.
What needs improvement?
It would be better if Elastic Security had less storage for data. My customers do not like this. Other vendors have local support in different countries, but Elastic Security doesn't. I would like to have Operational Technology (OT) Security in the next release.
For how long have I used the solution?
I have been working with this Elastic Security for about ten months.
Buyer's Guide
Elastic Security
March 2025

Learn what your peers think about Elastic Security. Get advice and tips from experienced pros sharing their opinions. Updated: March 2025.
842,672 professionals have used our research since 2012.
What do I think about the stability of the solution?
Elastic Security is a stable solution. It's the most stable solution I have ever seen.
How was the initial setup?
The initial setup is straightforward. Anyone who knows the basic features can implement this product. Elastic Security has a large community that can support users.
What about the implementation team?
We implement this solution for our customers. We present and demonstrate the POC, and we support them. After the implementation, we provide the provisioning service. Deployment time depends on the business size, but it usually takes about 20 days to a month.
What's my experience with pricing, setup cost, and licensing?
The price is reasonable. It probably costs the same as ArcSight and LogRhythm SIEM. FortiSIEM might cost less than Elastic Security. There are no hidden or additional costs.
What other advice do I have?
This product is better suited for large enterprises. It's one of the best options in the marketplace. I would tell potential users to use all the features because they are already collecting all the logs and data in one place.
On a scale from one to ten, I would give Elastic Security an eight.
Disclosure: My company has a business relationship with this vendor other than being a customer: Distributor

Straightforward to set up and deploy with good reliability
Pros and Cons
- "It is scalable."
- "Technical support could respond faster."
What is our primary use case?
We primarily use the solution for security purposes.
What is most valuable?
It works just fine. We haven't had any issues with it.
It is scalable.
Technical support has been good.
It is stable.
The product is fast to set up and very easy to deploy.
What needs improvement?
We aren't expecting any new features in the next release, We have everything we need.
Technical support could respond faster.
For how long have I used the solution?
I haven't been using the solution for too long. It's been only a few years.
What do I think about the stability of the solution?
The solution is stable and reliable. There are no bugs or glitches and it doesn't crash or freeze.
What do I think about the scalability of the solution?
The solution is quite scalable. I'd rate the ability to expand nine out of ten.
How are customer service and support?
Technical support is quite helpful and responsive. However, it could always be faster.
How would you rate customer service and support?
Positive
Which solution did I use previously and why did I switch?
We did use a different solution. We decided to switch to this product as it fit our needs.
How was the initial setup?
The initial setup is straightforward. The deployment is fast. It only takes a few seconds to get up and running.
What about the implementation team?
I was able to handle the initial setup myself.
What was our ROI?
We have not necessarily seen any ROI.
What's my experience with pricing, setup cost, and licensing?
The pricing is pretty good. We pay for a license annually. The cost is very good. We don't find it too expensive.
What other advice do I have?
I'm using the latest version of the solution.
I'd recommend the solution to others.
I'd rate the solution eight out of ten.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Buyer's Guide
Elastic Security
March 2025

Learn what your peers think about Elastic Security. Get advice and tips from experienced pros sharing their opinions. Updated: March 2025.
842,672 professionals have used our research since 2012.
Project Delivery Manager at Spindox
A good SIEM solution but doesn't have as many features as its competitors
Pros and Cons
- "It's not very complicated to install Elastic."
- "With Elastic, you have to build the use cases for the specific requirement. Other products have a simple integration and more use cases to integrate out-of-the-box solutions for SIEM."
What is our primary use case?
I worked for a telco client for the security model of Elastic, but my role was unit manager. I don't have a lot of technical expertise, but I decided on the solution for a client, and I was responsible for the delivery.
I worked with the security of the mobile app. I see all the logs in Elastic for SIEM. I monitored the logging and some logs from the machine for a UNIX system with some use cases like the machine's file system.
This solution is deployed on-premise.
We provide this solution to our customers, which are telcos, in the finance industry, and in retail.
What is most valuable?
I think that it's a good solution for a SIEM.
What needs improvement?
Elastic doesn't have the features like other competitors in SIEM. For example, Dynatrace as a solution for SIEM has features that Elastic actually don't have.
With Elastic, you have to build the use cases for the specific requirement. Other products have a simple integration and more use cases to integrate out-of-the-box solutions for SIEM. That's the improvement I would like to see.
What do I think about the stability of the solution?
The product is stable.
Which solution did I use previously and why did I switch?
Other products like Splunk are better than Elastic for a SIEM because there are some use cases already available for a client. Elastic doesn't have this, so the user must build the SIEM solution. I think that Elastic has to increase the features for the SIEM.
How was the initial setup?
It's not very complicated to install Elastic, but I didn't deploy it.
What other advice do I have?
I would rate this solution 7 out of 10.
It's a good solution and I would recommend it, but there are other products that have more features that Elastic doesn't have.
Which deployment model are you using for this solution?
On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
Chief Operating Officer / SR. Project Manager at SCS
A flexible, cost-effective, and reliable solution
Pros and Cons
- "One of the most valuable features of this solution is that it is more flexible than AlienVault."
- "It is difficult to anticipate and understand the space utilization, so more clarity there would be great."
What is our primary use case?
We use it as a SIEM for monitoring a client's environment.
What is most valuable?
One of the most valuable features of this solution is that it is more flexible than AlienVault.
What needs improvement?
It is difficult to anticipate and understand the space utilization, so more clarity there would be great.
For how long have I used the solution?
My company has been using this solution for two years.
What do I think about the stability of the solution?
It is a very stable solution.
What do I think about the scalability of the solution?
The solution is very scalable.
How are customer service and support?
The technical support is adequate.
How would you rate customer service and support?
Neutral
Which solution did I use previously and why did I switch?
We currently use AlienVault for some clients and Elastic Security for others. We chose Elastic Security because we felt it was the most flexible, cost-effective solution to provide the results needed.
How was the initial setup?
In certain respects, the setup of this solution is more straightforward than other solutions, but in other respects, it's more complex because it needs more fine-tuning than Splunk or AlienVault.
What about the implementation team?
We implemented through an in-house team and it took about two months.
What's my experience with pricing, setup cost, and licensing?
The licensing cost depends on the size of the environment it's monitoring. Everything is based on volume, as with all SIEMs. When compared to other products, the price is average or on the low side.
Which other solutions did I evaluate?
We evaluated several options, including Monster SIEM, Splunk, and Wazuh.
What other advice do I have?
There's a lot of fine-tuning involved with this solution. When you go to a diner, and the menu has everything on it, and you can't figure out which part to look at first, it's a double-edged sword. You can do everything with this solution, which means you have to figure out which part of "everything" makes sense for your company to do.
I would rate this solution as an eight out of ten. It's a good value for money and a reliable solution, but it's heavily reliant on appropriate configuration.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
IT at a tech vendor with 10,001+ employees
Easy to set up with a helpful community and a good dashboard tutor
Pros and Cons
- "The solution has a good community surrounding it for lots of helpful documentation for troubleshooting purposes."
- "The solution needs to be more reactive to investigations. We need to be able to detect and prevent any attacks before it can damage our infrastructure. Currently, this solution doesn't offer that."
What is our primary use case?
We primarily use the solution to have a correlation on all the Windows event logs. We use it more for forensic purposes now. We are looking for something which will be a more proactive product for us and be able to detect any threats and take automatic action.
What is most valuable?
All of the features on the solution are useful due to the fact that I have the full Stack, therefore I can collect and then visualize. We have the dashboard tutor as well.
The solution has a good community surrounding it for lots of helpful documentation for troubleshooting purposes.
What needs improvement?
The solution is lacking some features of AI and machine learning. There may be a feature out there we are not using or maybe it's on a different solution, however, having more AI would be so helpful for us.
The solution needs to be more reactive to investigations. We need to be able to detect and prevent any attacks before it can damage our infrastructure. Currently, this solution doesn't offer that.
I know there are some features which are coming, and which is already available. To be honest, I haven't had any time to play around and check what could be the advantages of them. Compared to other products, already the features available - and there are lots of things which are provided - are quite useful. We are not managing it. We're only using it. For us, if we had the technical skills to manage the solution, we might be able to see and understand a few features that we're not already taking advantage of.
For how long have I used the solution?
I've been using the solution for three years.
What do I think about the scalability of the solution?
The solution is scalable for us now, although it didn't start that way.
We have about 50 users between SecOps and the Microsoft team. The network team of between 50 and 100 people are using it on a regular basis.
How are customer service and technical support?
I never had to be in contact with technical support. I mainly rely on the communities around the solution and that is where I find almost all of the information I need. They're great. There's lots of information available that helps you troubleshoot issues.
Which solution did I use previously and why did I switch?
We previously used a product from Quest Software called Change Auditor. We actually didn't switch off this solution. We use both Quest and ELK in our organization.
The main difference is that one you have to pay for, while the other one is much cheaper and if you don't need all the features, you can use it for free.
ELK has much more information, as well. You can grab much more information with ELK than you can with Change Auditor, without adding any additional modules.
How was the initial setup?
The initial setup as I recall was pretty easy. However, I moved to an infrastructure that had a connection to a second ELK instance that I am not managing.
The settings on that instance are more complex than my initial setup.
I am not a specialist in big data infrastructure. I am a process engineer. You need some dedicated and well-trained people as soon as you have a large infrastructure and you are sending a lot of events to the elastic instance so that it is performed correctly. That's always the challenge you have with on-premise infrastructure.
What's my experience with pricing, setup cost, and licensing?
I'm not sure how much the company pays to use ELK. It's not part of the job that I handle.
What other advice do I have?
We're ELK customers. Mostly I'm a specialist on the infrastructure of the solution.
The solution is perfect as long as you are using it for forensics. In terms of threat detection, it could be better. There could be another product that is more appropriate for that aspect.
I'd rate the solution eight out of ten.
Which deployment model are you using for this solution?
On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
DevOps Engineer at a tech services company with 51-200 employees
Efficiently handle millions of loads simultaneously
Pros and Cons
- "It can handle millions of loads at a time, and you can always use the filters to find exactly what you are looking for and detect errors in every log message you are searching for, basically."
- "There is an area of improvement in the Logs list. The load list may need to be paginated as there are limits."
What is our primary use case?
We are using Elastic Security for logging the application logs, as we use a microservice architecture. So all application logs are saved to this LogSpot.
How has it helped my organization?
It helps us detect errors and keep an eye on the application in both the development and production environments.
What is most valuable?
It can handle millions of loads at a time, and you can always use the filters to find exactly what you are looking for and detect errors in every log message you are searching for, basically.
What needs improvement?
There is an area of improvement in the Logs list. The load list may need to be paginated as there are limits. So if you are looking for logs for a specific application, you may get 50 lines of logs, but then you are lost. You need to add more features to specify your request so you can get the final result. It would be better to have additional features to specify your request and get the complete result.
For how long have I used the solution?
I have been using this solution for nine months. Although, I am not using the latest version.
What do I think about the stability of the solution?
I would rate the stability a nine out of ten.
What do I think about the scalability of the solution?
I would rate the scalability an eight out of ten.
What was our ROI?
We definitely saw an ROI. It quickly finds the bugs.
What other advice do I have?
I would recommend using it, especially if you have a microservice architecture. I also have a friend who has been using it for some big data projects, so I would recommend it for that as well.
Overall, I would rate the solution a nine out of ten.
Which deployment model are you using for this solution?
Private Cloud
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Intern Cybersecurity at a computer software company with 10,001+ employees
It's a highly flexible platform you can implement anywhere, but the setup is complex and difficult
Pros and Cons
- "Elastic Security is a highly flexible platform that can be implemented anywhere."
- "The setup process is complex. You need a solid working knowledge of networking, operating systems, and a little programming."
What is our primary use case?
I use Elastic Search to collect logs from an Active Directory server and forward the incidents to the SOAR solution.
What is most valuable?
Elastic Security is a highly flexible platform that can be implemented anywhere.
What needs improvement?
The setup process is complex. You need a solid working knowledge of networking, operating systems, and a little programming.
For how long have I used the solution?
I have used Elastic Security for three or four months.
What do I think about the stability of the solution?
I rate Elastic Security seven out of 10 for stability. It isn't very stable.
How was the initial setup?
The setup process is highly complex because you need to configure every agent separately and then connect them to each other and the system architecture. It would be difficult for the average user. I had a cybersecurity consultant to help me set up some of the agents. It took about three days to deploy. Maintaining Elastic Search is also challenging.
What other advice do I have?
I rate Elastic Search seven out of 10. I would recommend it for people who are using it to learn about solutions, but I don't think it's capable of doing the work on an enterprise level.
Which deployment model are you using for this solution?
On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Information Security Analyst at a financial services firm with 1,001-5,000 employees
Open-source with good machine learning but users need to be specialized
Pros and Cons
- "ELK is open-source, and it will give you the framework you need to build everything from scratch."
- "There isn't really a very good user experience. You need a lot of training."
What is most valuable?
Overall, the solution is good.
The machine learning aspect of the solution has been great.
The deployment is not that complicated.
ELK is open-source, and it will give you the framework you need to build everything from scratch.
What needs improvement?
The SIEM modules in Logstash, need more improvement. In the future, the modules could be more advanced as right now there are only very basic modules.
We are facing an issue with the engineers. In the region, there are not many available. Only a few people might be available in our particular region, which is a problem.
There isn't really a very good user experience. You need a lot of training. There is an interface with limited options. You need to work with the coding and you need to work with the scripts. It's not simple. If you want to configure something, for example, you need to be a proper programmer.
It would ideal if they had a dashboard. Right now, the only way to see what you need to see is to go through all of the logs.
For how long have I used the solution?
I've used the solution for one and a half years.
What do I think about the stability of the solution?
The stability of the solution is good. However, it depends on the configurations. If the solution is configured properly from the beginning, it will be stable. However, if the solution is not configured from beginning properly, it will not be. This is due to the fact that ELK Elasticsearch gives you the framework only, and the customizations depend on the guys who will be coming to configure everything for the company.
What do I think about the scalability of the solution?
The scalability is good, however, there is a certain level of skill that is needed. Due to the lack of trained engineers in the area, this could be a challenge.
How are customer service and support?
We've reached out to technical support in the past. We found that sometimes communication with them was difficult as there was a lack of understanding. This means that it takes a longer time to reach a resolution. However, in the end, when we have had issues, we were able to resolve them, even if it was a bit delayed.
Which solution did I use previously and why did I switch?
I've also worked with LogRhythm and there is no comparison. LogRhythm is the best solution for me. The use cases are better and are readily available. In contrast, with ELK, we need to deploy a lot of things. We need to program people and we need skills and training. We need a lot of things. Even the LogRhythm training is easier than ELK. With ELK, you need to build the customization, rules, everything, from scratch. WithLogRhythm, you just have to enable features.
If a company wants some more specific detailed use cases, then ELK would be better than LogRhythm, however, for a generic use case, LogRhythm is better.
How was the initial setup?
The initial setup is pretty simple and straightforward. It's not overly complex.
That said, it does require trained specialists, and there just aren't that many in our area.
Overall, I would rate the setup process at a two out of five.
The configuration must be done correctly, and that depends on who is configuring it. If the person configuring it, for example, only has an administrator background, he will configure the administrator stuff. If he has a security background, he will configure for security.
What other advice do I have?
We are a partner.
I'd advise others considering the solution that ELK is a good solution, however, it requires skills and capability. You need to be properly trained with it to get the most out of it.
I would rate the solution at a five out of ten.
Disclosure: I am a real user, and this review is based on my own experience and opinions.

Buyer's Guide
Download our free Elastic Security Report and get advice and tips from experienced pros
sharing their opinions.
Updated: March 2025
Product Categories
Log Management Security Information and Event Management (SIEM) Endpoint Detection and Response (EDR) Security Orchestration Automation and Response (SOAR) Extended Detection and Response (XDR)Popular Comparisons
Datadog
Splunk Enterprise Security
IBM Security QRadar
Elastic Observability
Graylog
Security Onion
LogRhythm SIEM
Sumo Logic Security
Fortinet FortiAnalyzer
syslog-ng
Elastic Stack
Google Cloud's operations suite (formerly Stackdriver)
SolarWinds Kiwi Syslog Server
ManageEngine Log360
Buyer's Guide
Download our free Elastic Security Report and get advice and tips from experienced pros
sharing their opinions.
Quick Links
Learn More: Questions:
- Datadog vs ELK: which one is good in terms of performance, cost and efficiency?
- What are the advantages of ELK over Splunk?
- What would you choose for observability: Grafana observability platform or ELK stack?
- When evaluating Log Management tools and software, what aspect do you think is the most important to look for?
- Datadog vs ELK: which one is good in terms of performance, cost and efficiency?
- Which Windows event log monitoring tool do you recommend?
- What is the difference between log management and SIEM?
- Splunk vs. Elastic Stack
- How can Cloudtrail logs be used effectively to improve log monitoring?
- Why hot data and cold data differences in SIEM solutions are not discussed sufficiently?