We primarily use the solution for endpoint protection.
Manager- Information Security at a tech services company with 51-200 employees
Good threat hunting and capability for AI chat-related queries with very good stability
Pros and Cons
- "The stability of the solution is good."
- "The solution could offer better reporting features."
What is our primary use case?
What is most valuable?
The best feature would be the threat hunting and its AI chat-related queries. It's simple. You can just chat with the system so it can get you the report based on a chat rather than going through a configuration. It's got a built-in artificial solution, a chatbot.
The interface of the solution is good.
What needs improvement?
The solution could offer better reporting features.
For how long have I used the solution?
I've been using the solution for three years.
Buyer's Guide
Elastic Security
April 2025

Learn what your peers think about Elastic Security. Get advice and tips from experienced pros sharing their opinions. Updated: April 2025.
848,716 professionals have used our research since 2012.
What do I think about the stability of the solution?
The stability of the solution is good.
We use a Linux box. And it's a hardened VM so you don't have to worry about any kind of batches, etc. You just deploy and start using, and it's quite stable and hasn't broken down on us at all.
What do I think about the scalability of the solution?
In terms of scalability, you just need to keep increasing your endpoint licenses. That's the only thing. It's as easy as getting a new license updated and then you can start deploying it to the new endpoints. Right now, we have around 500 end users. We have a buffer of 1,000, so we can add about 400 more endpoints, so we are ready to grow if we need to. I don't know if we'll extend beyond that.
Which solution did I use previously and why did I switch?
We didn't previously use a different solution.
How was the initial setup?
The initial setup is straightforward. Deployment can take up to four days.
What about the implementation team?
We used a reseller to assist us with the deployment. Our experience with them was positive.
What's my experience with pricing, setup cost, and licensing?
We pay a yearly licensing fee.
What other advice do I have?
I'd advise others to definitely do a POC, and have a plan for at least a couple of months, to see the benefits of it and then decide if it's the right solution for them.
You would need some kind of technical knowhow, not on the product, but on the kinds of incidents which you could face. You need some hands-on knowledge.
I'd rate the solution eight out of ten. The solution is effective. They even offer Mac versions now.
Disclosure: I am a real user, and this review is based on my own experience and opinions.

Executive Cybersecurity at a computer software company with 11-50 employees
Dashboard offers different types of reports, including a list of alerts and easy to setup
Pros and Cons
- "The scalability is good. It can be scaled easily in the production environment."
- "One limitation of Elastic Security is that it does not have built-in workflows for all tasks. For example, if you need a workflow for compliance, you will need to create a custom workflow."
What is our primary use case?
We are looking for the same tool on-premises that we can provide to our client as an MSSP. We're evaluating different types of tools in the market.
Although, we have a premium version, and I was checking the functions and features here.
We have some questions about the query language. So that also from this console and so that we can actually want to have a demonstration session where we can clarify this thing query to manage.
What is most valuable?
The interesting thing is about the dashboard. There are available widgets for the dashboards, along with specific features like different types of reports, such as a list of alerts. This helps to remind us which events are happening most often.
We are still evaluating the solution, but the dashboard is something good. And one more thing, it also has anomaly reports. I like that there is a report that is only based on anomaly-related activity.
What needs improvement?
One limitation of Elastic Security is that it does not have built-in workflows for all tasks. For example, if you need a workflow for compliance, you will need to create a custom workflow.
Sometimes, different types of clients require different workflows. And it absolutely varies from context to context. So that is often not available in [Elastic Security].
Additionally, the list of data sources that Elastic Security supports is limited. If you need to collect data from a system or application that is not on the list, you will need to develop a custom integration.
For how long have I used the solution?
We have been evaluating it for the last two months.
What do I think about the stability of the solution?
It works fine on the few devices we have deployed this solution.
What do I think about the scalability of the solution?
The scalability is good. It can be scaled easily in the production environment.
How was the initial setup?
The initial setup is easy.
What's my experience with pricing, setup cost, and licensing?
The pricing is fine. But the basic pricing should cover all the features you need. Elastic needs to add more features, which are available as subscription-based add-ons. So more features may need to be added.
What other advice do I have?
Overall, I would rate the solution an eight out of ten. We are still evaluating Elastic Security, but we are interested in learning more about its capabilities.
Which deployment model are you using for this solution?
On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Buyer's Guide
Elastic Security
April 2025

Learn what your peers think about Elastic Security. Get advice and tips from experienced pros sharing their opinions. Updated: April 2025.
848,716 professionals have used our research since 2012.
AVP, Site Reliability Engineer at a financial services firm with 10,001+ employees
Good monitoring and behavior prediction; troubleshooting tool could be improved
Pros and Cons
- "Enables monitoring of application performance and the ability to predict behaviors."
- "Upgrades currently released as stacks when it should be a plugin or an extension to save removal and reinstallation."
What is our primary use case?
Our primary use case of this solution is for application performance monitoring. We are customers of ELK.
What is most valuable?
This solution enables us to monitor application performance from Elasticsearch and we can predict some behaviors for applications using ELK. This product is distributed and scalable which is good for us.
What needs improvement?
The troubleshooting or diagnostic tool can be improved to provide a better understanding of internal behavior and how data is stored. It would also be helpful if they were to release the next version as a plugin or an extension, or as a JAR file, for the latest features. When releasing a new version they currently provide a new stack which means everything needs to be removed before the new version is installed.
For how long have I used the solution?
I've been using this solution for five years.
What do I think about the stability of the solution?
The solution is generally stable, although with each new upgrade there is an adjustment period. They upgrade versions very regularly and it's hard to keep up. By the time my environment is stable with the previous versions, they are already bringing out a new version.
What do I think about the scalability of the solution?
Scalability is very good with this product.
How are customer service and technical support?
I'm not satisfied with technical support because whenever you raise a case, it goes to some random support person who asks questions about the architecture. It's a waste of time. I'm a platinum customer so each time I raise a request, it should go to a dedicated customer support representative who knows my case. It's very difficult when you work in a highly secure environment to get all the logs and send the logs to them each time.
How was the initial setup?
The initial setup is easy, but as you begin using the more advanced features like security and authentication with an AM and LM, then it becomes a bit tricky.
What's my experience with pricing, setup cost, and licensing?
Licensing costs are high, they charge based on the nodes and the RAM. If I purchase a license for a 64GB RAM node and then want to have 128GB RAM, I can't because it's not in the contract so I have to pay on top of that. They removed a feature that allows me to provide multiple disks for one node so if I now want to add an extra disk to the volume, I have to buy a license for one extra node. It's very unfair.
What other advice do I have?
I would recommend this solution for an organization that doesn't require a highly secured environment, because they'll have to deal with the issues of VM upgrades and installations. If it's a highly secured environment like a bank, then I suggest ELK cloud instead of on-prem.
I rate this solution a seven out of 10.
Which deployment model are you using for this solution?
On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Technical Team Lead at Quester
Simplifies process of bug identification and tracking using application log files
Pros and Cons
- "The most valuable feature for me is Discover."
- "I would like the process of retrieving archived data and viewing it in Kibana to be simplified."
What is our primary use case?
I was using this product up until recently when I changed companies, but I have been asked to implement logging in my new role and this is one of the options that I am considering.
It was used in conjunction with Kibana to examine our logs and perform debugging. When a user complained about misbehavior in an application, we would research the logs, test, and try to find out where the bug is.
What is most valuable?
The most valuable feature for me is Discover. I have not used all of the features, so I can't say that this will be best for everyone.
What needs improvement?
I would like the process of retrieving archived data and viewing it in Kibana to be simplified.
We ran into trouble once or twice regarding problems with timestamps that came about because of issues with memory. Consequently, the correct data was not logged and it had to be done again.
For how long have I used the solution?
I used this product for about eight months, up until about two months ago.
What do I think about the stability of the solution?
We were using this solution once or twice every couple of weeks when we encountered a bug. I found that it was stable.
What do I think about the scalability of the solution?
I have not tested scalability. In my previous company, there were 20 people on the team, but only the backend developers were using ELK Logstash. This was perhaps 10 users.
How are customer service and technical support?
We hosted this solution ourselves, so there was no technical support.
Which solution did I use previously and why did I switch?
We have used Graylog in the past, but it was self-hosted and the experience wasn't great.
How was the initial setup?
I did not do the initial setup myself.
What about the implementation team?
My colleague deployed this solution for me.
What's my experience with pricing, setup cost, and licensing?
This is an open-source product, so there are no costs.
What other advice do I have?
When my colleague set up this application, it was configured such that every seven days, the data is archived into long-term storage. When I needed something from the archived logs, it was easy to retrieve and I could look through them again. This is something that I would suggest doing.
My suggestion for anybody who is implementing ELK Logstash is to make sure that the entire team knows how to use it. If only one person knows it and takes care of it, then it is not a very productive experience. On the other hand, if everybody is familiar with it, the experience will be much better.
This is definitely a product that I recommend using.
I would rate this solution an eight out of ten.
Which deployment model are you using for this solution?
Public Cloud
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Amazon Web Services (AWS)
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Head of Business Development at Qavi Technologies
Enables users to know about the downtime and the errors in the code
Pros and Cons
- "It's a good platform and the very best in the current market. We looked at the Forester report from December 2022 where it was said to be a leader."
- "Elastic has one problem. In the past, Elastic Security was free. Now, they currently only offer the basic license or a certain period of time."
What is our primary use case?
We have different use cases. We implement it for the banking and healthcare sectors. It's the most useful for the e-commerce platforms that we deploy it for. The most important feature is Elasticsearch.
They also use it for security. Elastic Security has been deployed in the National Bank of Dubai. They are currently using Elastic Stack and they're also using the security version.
It's a good platform and the very best in the current market. We looked at the Forester report from December 2022 where it was said to be a leader.
How has it helped my organization?
There are many benefits. It provides log monitoring, synthetic monitoring, real user monitoring, and application performance monitoring.
These are the four main use cases that most organizations use it for. They want to know the downtime and the errors in the code. They acquire it through my company. It's mainly used by SMB-sized companies but not enterprise.
What needs improvement?
Elastic has one problem. In the past, Elastic Security was free. Now, they currently only offer the basic license or a certain period of time.
The platinum and enterprise level features aren't offered in the free version and most organizations use the free version. They don't pay for the paid features. That's a problem in the market from the Elastic side. They should have a way for everybody to be able to benefit from the premium features.
For how long have I used the solution?
I have been using Elastic Security for one year.
What other advice do I have?
I would rate Elastic Security a nine out of ten.
Disclosure: My company has a business relationship with this vendor other than being a customer: Reseller
Head of Platform Development at Patrianna
An easy-to-adapt solution that needs to improve scalability
Pros and Cons
- "Elastic Security is very easy to adapt."
- "The tool should improve its scalability."
What is most valuable?
Elastic Security is very easy to adapt.
What needs improvement?
The tool should improve its scalability.
For how long have I used the solution?
I have been working with the product for seven years.
What do I think about the stability of the solution?
The solution is stable.
What do I think about the scalability of the solution?
Our DevOps uses the product regularly.
What other advice do I have?
I would rate the solution a seven out of ten.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Lead Enterprise Architect at DigyCorp
A flexible and open solution that supports varieties of integrations
Pros and Cons
- "The product has huge integration varieties available."
- "The tool needs to integrate with legacy servers. Big companies can have legacy servers that may not always be updated."
What is most valuable?
The product has huge integration varieties available.
What needs improvement?
The tool needs to integrate with legacy servers. Big companies can have legacy servers that may not always be updated.
For how long have I used the solution?
I have been working with the solution for the last eight months.
What do I think about the scalability of the solution?
The solution is scalable and flexible. My company has 20 users for the product.
How are customer service and support?
We had relied on in-house support initially. However, we understand now that there are a few areas where we need to have vendor support. So we have contacted a few different companies and contractors for it. In the beginning, it may be possible to do support in-house. However, if you have a lot of commercial production environment services, then it is very hard to do without vendor support.
Which solution did I use previously and why did I switch?
We decided to use the solution because it was a very promising tool and other alternatives had limitations. The tool has availability, data infrastructure, data uptime, etc. The solution is quite flexible in terms of cost. You don't need to buy a license for each and everything. Whenever you require a license, you can just buy it. I think these are the two main drivers. The product is quite open in terms of integration with machine learning which helps us with proactive monitoring.
How was the initial setup?
The product's initial setup is very easy. I think the most important point is how you design your infrastructure because the solution is quite open. So you have to design it based on the nature of the data. You also need to get a life cycle so that there is no load on the storage. The solution's flexibility depends on how you design it.
What's my experience with pricing, setup cost, and licensing?
The tool's pricing is flexible and comes at unit cost. You don't have to pay for everything.
What other advice do I have?
I would rate the product an eight out of ten. You should use the solution if you want to have a very detailed machine-learning artificial intelligence. However, for certain production licenses, you need to prepare. It is open to different configurations and can just fit according to your requirements. This is one of the solution's good parts.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Technical Sales Manager at Spire Solutions
A unified SIEM platform that is supported by a large community of users
Pros and Cons
- "I like that it's a SIEM platform. I like that I can sell Elastic Security quickly. Elastic Security has a large community that can support users."
- "It would be better if Elastic Security had less storage for data. My customers do not like this. Other vendors have local support in different countries, but Elastic Security doesn't. I would like to have Operational Technology (OT) security in the next release."
What is our primary use case?
I sell Elastic Security to my customers. Almost all my customers use the free version, but some use the enterprise version.
What is most valuable?
I like that it's a SIEM platform. I like that I can sell Elastic Security quickly. Elastic Security has a large community that can support users.
What needs improvement?
It would be better if Elastic Security had less storage for data. My customers do not like this. Other vendors have local support in different countries, but Elastic Security doesn't. I would like to have Operational Technology (OT) Security in the next release.
For how long have I used the solution?
I have been working with this Elastic Security for about ten months.
What do I think about the stability of the solution?
Elastic Security is a stable solution. It's the most stable solution I have ever seen.
How was the initial setup?
The initial setup is straightforward. Anyone who knows the basic features can implement this product. Elastic Security has a large community that can support users.
What about the implementation team?
We implement this solution for our customers. We present and demonstrate the POC, and we support them. After the implementation, we provide the provisioning service. Deployment time depends on the business size, but it usually takes about 20 days to a month.
What's my experience with pricing, setup cost, and licensing?
The price is reasonable. It probably costs the same as ArcSight and LogRhythm SIEM. FortiSIEM might cost less than Elastic Security. There are no hidden or additional costs.
What other advice do I have?
This product is better suited for large enterprises. It's one of the best options in the marketplace. I would tell potential users to use all the features because they are already collecting all the logs and data in one place.
On a scale from one to ten, I would give Elastic Security an eight.
Disclosure: My company has a business relationship with this vendor other than being a customer: Distributor

Buyer's Guide
Download our free Elastic Security Report and get advice and tips from experienced pros
sharing their opinions.
Updated: April 2025
Product Categories
Log Management Security Information and Event Management (SIEM) Endpoint Detection and Response (EDR) Security Orchestration Automation and Response (SOAR) Extended Detection and Response (XDR)Popular Comparisons
Datadog
Splunk Enterprise Security
IBM Security QRadar
Elastic Observability
Graylog
Security Onion
LogRhythm SIEM
Elastic Stack
syslog-ng
Fortinet FortiAnalyzer
Sumo Logic Security
Google Cloud's operations suite (formerly Stackdriver)
SolarWinds Kiwi Syslog Server
ManageEngine Log360
Buyer's Guide
Download our free Elastic Security Report and get advice and tips from experienced pros
sharing their opinions.
Quick Links
Learn More: Questions:
- Datadog vs ELK: which one is good in terms of performance, cost and efficiency?
- What are the advantages of ELK over Splunk?
- What would you choose for observability: Grafana observability platform or ELK stack?
- When evaluating Log Management tools and software, what aspect do you think is the most important to look for?
- Datadog vs ELK: which one is good in terms of performance, cost and efficiency?
- Which Windows event log monitoring tool do you recommend?
- What is the difference between log management and SIEM?
- Splunk vs. Elastic Stack
- How can Cloudtrail logs be used effectively to improve log monitoring?
- Why hot data and cold data differences in SIEM solutions are not discussed sufficiently?