Elastic Security Reviews

The solution is compatible with the cloud-native environment and they can adapt to it faster. 

Elastic Security's maintenance is hard and its scalability is a challenge. There are complications in scaling and upgrading. The solution needs to also provide periodic upgrade checks. 

I have been working with the solution for four years. 

The product is stable. 

The product's initial setup is straightforward but experts need to do it. 

The base product is open-source but if you need advanced security features then you need to pay for the subscription. Elastic Security's price is reasonable in some cases and in other cases it's not. 

I would rate the tool a seven out of ten. The solution has a very active community with troubleshooting cases. You need to consider the growth rate and environmental complexity when buying the product. If you need to use a multi-node or cluster version, then install it during initiation itself. So that you don't need to do the same procedure in the next three to six months. 

We really like that it integrates into the overall ELK Stack, and we're using that as our theme. We were looking for a product compatible with that. We like the detailed investigation features of the platform as you're able to get a lot of detail as to what's going on on the host when you do investigations. We like the quarantine feature.

We chose the product based on the ability to scan for malware using a malware behavioral model as opposed to just a traditional hash-based antivirus. Therefore, it's not as intensive. We have a lot of satellite communications, and it's not as intensive since we don't require updates to calm down on a regular basis for updated DAT files for hashes on a regular basis. We only have to update quarterly against the new malware model. It's also a lot less impactful from a performance perspective on a machine.

It's a pretty solid product. It's pretty easy to use as it's not a full endpoint protection suite. We're actually dependent on using Windows Defender for a firewall and traditional antivirus when it's required. It could use maybe a little more on the Linux side. Now that the product line is getting picked up by Elastic, they're going to continue to build out and make the Linux feature set more robust. However, I would say that right now the Linux feature set is a little limited.

I've been using the solution for about a year.

Stability is very good. It's a very stable product. We haven't had any issues with stability at all.

For what we use it for, scalability has been great. Our environments tend to be smaller. We're only talking about 200 to 1,000 systems. Therefore, I don't know that I could speak to a real large scale since that's not our implementation level.

We are kind of in an interesting use case as we're not actually using it on a day-to-day basis. We are a production house, and we shift suites out to customers to use. As far as what the user feedback is on a regular basis, we don't really see a ton of that unless we kind of go out and hunt for it.

We're using the Microsoft Defender product. It's just what's embedded inside of the operating system. It's not the full Defender for Endpoint. It's just Windows and antivirus.

The Endgame itself is extremely straightforward to set up and you just filled out the ISO and you follow a couple of wizards you're done. It's very easy. I would say the ELK Stack is a little more complicated, however, that's due to the way we implement PKI in our environment. The product in itself is fairly straightforward to implement. It's our choice of certificate implementation that's making it a little more complicated.

We targeted it to be able to be maintained by one person. In a lot of cases, our scenario is that we only have one person available to maintain the product. It's very easy to maintain. There's not a ton going on. In a scene, you always have to have somebody watching the log of traffic if you want it to be effective. However, outside of that, there's no extreme maintenance associated with the product.

I do not know approximately how much it costs per month or per year. I'm not the one who makes the purchases.

We are just customers. 

I'd rate the solution an eight out of ten. 

We use Logstash to retrieve data from our servers, from different sources, to our Elastic Stack. There, Elastic Search allows us to search it, and we can visualize the data with Kibana.

I use the stack every morning to check the errors and it's just so clear. I don't see any disadvantage to using Logstash.

Our system architect has noticed a slowdown of the solution, but I don't see a slowdown.

One thing they could add is a quick step to enable users who don't have a solid background to build a dashboard and quickly search, without difficulty.

We have been using Elastic Stack for about three years.

The solution is stable. We also monitor the Elastic Stack health and it's been a while since we have had an issue. The stability doesn't cause any problems. It's good. We haven't had any major issues.

For now, we haven't had any problems. I'm just a user. I'm not the one responsible for the total solution. I use Kibana for the dashboard to detect any errors in our servers.

But for the future, perhaps we will need to scale our solution because we deploy new components and we implement new servers on Azure. 

The solution is maintained by dedicated architects who provide us with a solid platform. There is no direct support from Elastic Stack. We don't have any issue or any problem which requires support.

I'm a system engineer. The architects who set up these solutions did it before I worked here.

I learned how to use it by doing searches and finding information about it.  I learned to use it very quickly. The documentation is very simple to use, as long as you have some technical background in computers.

Elastic Stack is an open-source tool. You don't have to pay anything for the components.

Think carefully about how you will build the solution so that it is a high-availability solution. That is the trick when using Elastic Stack. Examine what your needs are.

I would rate Logstash at eight out of 10. I think the solution is really complete, with the components it has. It is a good solution. 

The primary use of this solution is to gather authentication information and use it to determine which identity provider is breaking on which service provider. We store it as anonymized session information for each user.

The most valuable feature is the ability to collect authentication information from service providers.

Configuring the server is difficult and can be improved.

I would like to have a high availability set up that is easy to configure. Anything that supports high availability or ease of deployment in a highly available environment would help to improve this solution.

I had been using Logstash for about three years. I am no longer using it but the people that I used to work with are.

We did not have any issues in terms of stability or performance.

Scalability was not a problem for us.

We did not have to contact technical support.

The initial setup is pretty straightforward.

Our deployment took quite some time but it was not because of Logstash issues. It was a more complex situation because we didn't have access to all of the nodes that we wanted to forward. So, it took between 10 and 15 months to deploy, although it was for administrative reasons as opposed to technical ones.

I had my own team for working with this solution but it was not for a single company. Our team was associated with a European partner and it was distributed around European cities.

My advice for anybody who is implementing this system is to set it up so that you can manage it remotely.

Overall, this product does what it is supposed to do, although there is always room for improvement.

I would rate this solution a nine out of ten.

The product has huge integration varieties available. 

The tool needs to integrate with legacy servers. Big companies can have legacy servers that may not always be updated. 

I have been working with the solution for the last eight months. 

The solution is scalable and flexible. My company has 20 users for the product. 

We had relied on in-house support initially. However, we understand now that there are a few areas where we need to have vendor support. So we have contacted a few different companies and contractors for it. In the beginning, it may be possible to do support in-house. However, if you have a lot of commercial production environment services, then it is very hard to do without vendor support. 

We decided to use the solution because it was a very promising tool and other alternatives had limitations. The tool has availability, data infrastructure, data uptime, etc. The solution is quite flexible in terms of cost. You don't need to buy a license for each and everything. Whenever you require a license, you can just buy it. I think these are the two main drivers. The product is quite open in terms of integration with machine learning which helps us with proactive monitoring. 

The product's initial setup is very easy. I think the most important point is how you design your infrastructure because the solution is quite open. So you have to design it based on the nature of the data. You also need to get a life cycle so that there is no load on the storage. The solution's flexibility depends on how you design it. 

The tool's pricing is flexible and comes at unit cost. You don't have to pay for everything. 

I would rate the product an eight out of ten. You should use the solution if you want to have a very detailed machine-learning artificial intelligence. However, for certain production licenses, you need to prepare. It is open to different configurations and can just fit according to your requirements. This is one of the solution's good parts. 

We use Elastic Security to manage logs and time series data. More recently, we have used it for NetFlow data. 

We like Elastic Security because it's a REST API-based solution. That's the primary reason we use it. 

I would like more ways to manage permissions and restrict access to certain users. 

We started using Elastic Security four years ago. 

The setup is comparable to similar products. It isn't too easy or hard. We deployed it in-house. 

We tried Graylog and a few other things, but I found Elastic Security is easier to understand. There's a lot of documentation available, and their forums are great. Another advantage is greater scalability. 

I rate Elastic Security nine out of 10. 

We are using the solution for log management. We use it for monitoring and observing. 

Its search engine is great, and it is really quick. In the beginning, we wanted to search through terabytes of log data, and after that, we decided to search using the solution.

The initial setup is very easy.

It can scale well. 

It's very stable and reliable. 

We use it as an open-source product and do not have to pay for licensing. 

There is a lot of good documentation online if you need to troubleshoot. Everything is clear and easy to follow. 

The solution wasn't designed for monitoring at first. It was for search and stack logs and for working with solutions like Kibana. Therefore, they are a bit weak when compared to traditional monitoring tools. 

They should work to improve their integration and graphical interfaces. Their visuals and graphs need to be better. They need better charts. These already exist in Kibana and should be in this solution as well. 

I've been using the solution for two years. 

The solution is very stable. There are no bugs or glitches, and it doesn't crash or freeze. it is reliable, and the performance is good. It'd rate the general stability ten out of ten. 

We can easily scale up, according to our needs. It's easy to expand. 

I'd rate the overall ability to scale up eight out of ten. 

They do not have technical support. They have community support and documentation to help with troubleshooting. We've been happy with the amount of detail we can find online if we need assistance. 

I have not used any other products that are the same. I only use Micro Focus Ops Bridge and SiteScope, which are traditional monitoring tools, so I can't categorize them. They are slow yet they can handle big networks. 

The solution is straightforward to set up. They have documentation on their site that shows how to do everything step by step. Everything is very clear and easy to understand. I'd rate the overall ease of implementation nine out of ten. 

The deployment is fast and only takes hours, not days. 

One person helped me deploy the solution. However, we did not need outside assistance. We did it ourselves. 

The solution is open-source and, therefore, free to use. 

I'm a partner. 

I'd advise others to take advantage of the documentation of the solution in order to get the most out of the product.

In general, I'd rate the solution eight out of ten. 

We plan to use it to analyze the data that we're pumping into it from Active Directory and from firewalls, then we'll pass that information onto our own external SOC.

We really haven't had any significant SIEM solutions, so it's all new to us, other than a simple up-down solution. Just the ability to do a lot more than just up-down is nice, which a lot of people take for granted.

The biggest challenge has been related to the implementation. It's a very complex product which, without a lot of knowledge or a lot of training, it's very difficult to get into and make use of. They try and make a lot of the general features very simple to access; a lot of the dashboards are very simple to use and so forth, but a lot of the refined capabilities take serious skills. They're not necessarily the easiest to implement.

We've been trying to implement it and get it up and going for a good three to four months now.

Elastic SIEM is pretty stable. I did have a problem during one of the upgrades, but customer support was able to resolve it for me quickly. Other than that, it's been very reliable and stable.

The customer service is great; not a whole lot of back-and-forth going on.

The initial setup was pretty straightforward.

It's a monthly cost with Elastic SIEM, but I am not sure of the exact cost.

In our case, being a medium-sized business, it takes a lot of resources to learn how to properly use and implement it — you need to have a good understanding. They give you a very good framework and a very good solution to work with, but there's a lot of intuition that's required to actually make it work well. It requires a lot more effort than they would lead you to believe or that you would even expect.

On a scale from one to ten, I would give this solution a rating of eight. This is based on my experiences from the past as we're still implementing it.