Elastic Security Reviews

We use this solution for the Microsoft deployment of auto-management.

I like the indexing of the logs.

I have been using ELK Logstash for one year.

This product is quite stable and I've not seen any type of issue with it so far.

With respect to scalability, you have to properly plan. Generally, I don't see any issues with scalability.

We have not used technical support because we always had talent within the company for end-user support.

This was a solution that our client chose, and they were not using a different one prior to this.

I do not think that we had any issues with the deployment. Overall, I would say that the process is of medium complexity.

The support team assisted us with the deployment. I don't think that we had any issues with the team.

Compared to other products such as Dynatrace, this is one of the cheaper options.

Our client provided us with this option after they had already been through a selection process.

My advice is that this is a good product to use if you are financially contained, and you want to start with something small. Later, if you need to scale then you can look at other options.

I would rate this solution an eight out of ten.

Our use case for Elastic Security is for log management and security information for the management team.

The most valuable feature is the scalability. We are in Indonesia, more engineers understand Elastic Security here. So it is easier to scale and also develop. In features, the discovery to query all the logs is very important to us. It is very easy, especially with the query function and the feature to generate alerts and create tools. Sometimes we use the alert security dashboard to monitor our clients.

I think because we are a cybersecurity company, the thing that can be improved is the prebuilt tools, especially quality. Compared to its competitor, they still have fewer prebuilt security rules. Elastic Security, in terms of generating alerts, cannot group the same products into one another. Even though the alerts are the same, they still generate them one by one. So, it is very noisy in our dashboard. I would like the Elastic Security admin to group all the same alarms into one alarm so that our dashboard is not noisy.

I have been working with Elastic Security for around one or two years in my current company.

I would rate the stability of the solution a seven out of ten and there are a lot of glitches. 

Elastic Security has very good scalability.

I have had no direct communication with the support team but my technical team says that they are not helpful. 

Neutral

The setup process is very complex if you are new to it. But if you already understand how Elastic Security works and how the architect works, I think it is quite simple.

The pricing is in the middle. I think it is not an expensive experience if we compare it with big names, for example, QRadar, and also Oxide. I think Elastic Security is quite cheap. I would rate the pricing of this solution a five out of ten. 

I think they are doing a pretty good job in terms of the user interface and also the user experience. I think in terms of the basic features and also the user experience, it is enough for us to support our daily operations.

Overall, I would rate the solution a seven out of ten.

We are a service provider, and use this solution to work with our customers.

We use this solution for collecting firewall logs and then supplying them to the log analyzer.

We are running Fortinet FortiGate for our firewall, and these are the logs that we are analyzing. Normally, we have a problem with the visualization part.

This solution helps us because we can find all of the logs in one place. We can easily find a specific log in a specific time period.

The visualization is very good.

There are connectors to gather logs for Windows PCs and Linux PCs, but if we have to get the logs from Syslog then we have to do it manually, and this should be automated.

It would be good if I could get technical support for specific devices. I think that Windows should have some specific connectors. When we implemented a new product, we had to create it manually.

The stability of this solution is fine.

This solution is scalable.

We have approximately two hundred users and we do not plan to increase usage at this time.

We had not contacted technical support for this solution.

We have used other SIEM solutions in our company.

On week is enough for the deployment.

We performed the integration ourselves.

We are using the free, open-source version of this solution.

We did not evaluate other options before choosing this solution.

We are interested in learning more about plugins for specific firewalls or other products.

The only problem with this solution is the development part, where we have to do it manually.

I would rate this solution a six out of ten.

The primary use case of this solution is for IT monitoring, predictive maintenance, and anomaly detection.

It's simple and easy to use.

This solution cannot do predictive maintenance, so we have to build our own modules for doing it.

It doesn't do advanced analytics. They should have some advance analytics in this solution.

With Kibana, we wanted it to be easier to use. The data visualization is there but it should be easier to use.

Also, they should start proving APIs for doing ML and AI.

I have been using this solution for two months.

This solution is stable and so far, we have had no issues.

The scalability is very good. We are running it on an eight-node machine so far, and with eight nodes we have had no issues.

We haven't contacted support. They do have the support and we have spoken with them over email. We might need their assistance next month.

Anyone who wants to do IT log monitoring, realtime and who wants to do the anomaly detection, should go with this solution.

So far from what we have seen, I would rate this solution a nine out of ten.

Elastic is straightforward, easy to integrate, and highly customizable.  

The Integration module could be improved. It is a pain to build integration with any product. We have to do parking and so on. It's not like other commercial solutions that use profile integration. I would also see more detection features on the SIEM side.

Elastic is easily scalable.

Elastic support is good.

Elastic's initial setup is quite straightforward. 

Elastic is still priced far less than other commercial products. 

I rate Elastic SIEM eight out of 10. Elastic is easy, lightweight, and highly scalable, but you need to be skilled at scripting to use it. If you're going to use the product, you need to ensure your engineers have the scripting ability. 

In general, the solution is working together with Open Shift's deployment for the continuous delivery of many projects. This product takes the metrics and checks the log for components that Open Shift deploys. We work with the observation team that monitors the entire company to understand what can be observed and analyzed. 

The solution is able to handle searches quickly and efficiently. It's much faster than other solutions we've tried. It spends far less time on searches related to capacity and indexing information.

The possibility to stack, locate, and search with your indexing feature at a high rate of speed is its best feature. 

It helps that the solution can work together with the infrastructure agents to get the metrics we need. 

The integration is quite good.

The initial setup is not difficult. It's easy to set up and customize. It's a strong selling point for the solution. 

It's easy to collect the data.

The documentation is big. It's very well documented.

It's working and easy to work with.

The cost is reasonable. It's not overly pricey.

This type of monitoring is not very mature just yet. We need more real-time information in a way that's easier to manage.

We need to be able to monitor from any location in the world and any location in the company. We find that solutions such as Dynatrace and Datadog offer much more functionality, perhaps due to the fact that they are more mature.

The solution needs to integrate more AI capabilities, specifically to assist in anomaly detection.

The instrumentation of APM can be enhanced; can be better. It's not automated. It's a very manual process. This ends up being more costly for us. Dynatrace and Datadog are better in this area.

The support on offer could be much better.

I've been using the solution for the last six months at this point. It hasn't been an extremely long amount of time just yet.

The stability has been pretty good. It's reliable. There aren't bugs or glitches. it doesn't crash or freeze. I'd describe it as 95% stable overall.

We haven't really done any scaling. We only have had an environment with a small cluster on-premises and we can't really test it for scalability. We have no more than four servers for the platform and never really needed to expand anything.

The solution may be used by around 1,000 people in our organization.

Technical support could be a lot better. They should offer online chat functionality so that we can get answers to questions right away. It would make troubleshooting a lot faster and less cumbersome.

We've had some troubles, and when we do, we need to open a ticket to get it resolved, which takes some time.

That said, it does offer very good documentation and their knowledge is very good when you do interact with them.

The initial setup is easy. It's not complex or difficult. It's pretty straightforward.

It's very easy to set everything up and configure it on-premises.

The deployment only took an hour or two. We only deployed to one environment. It was pretty fast.

The cost is pretty low. It is not open-source, however.

We are just customers and end-users.

I would advise others to use this solution. It's relatively low cost and the implementation is quick, giving you results faster. 

I would rate the solution at an eight out of ten overall.

We are using ELK Logstash for application log management and fault detection.

The feature that we have found the most valuable is scalability. 

The process of designing dashboards is a little cumbersome in Kibana. Unless you are an expert, you will not be able to use it. The process should be pretty straightforward. 

The authentication feature is what we are looking for. We would love to have a central authentication system in the open-source edition without the need for a license or an enterprise license. If they can give at least a simple authentication system within a company. In a large organization, authentication is very essential for security because logs can contain a lot of confidential data. Therefore, an authentication feature for who accesses it should be there.

We have been using ELK Logstash for nearly three years.

It's quite stable. We have not seen it going down at all for the last three years. It's working well consistently.

Scalability is very good. 

We have not taken the technical support at all, so we have been supporting ourselves. We are using the open-source edition, and we are supporting ourselves.

The initial setup was very straightforward for us because we are a software development company. We understand how to compile the source code. We can compile the source code, and we can deploy it. It was pretty straightforward for us.

You should know this solution pretty well. You need to be clear beforehand for what you are going to use this product. This is not something that you can use generally for anything and everything. You should be really clear in terms of your requirements.

I would rate ELK Logstash a nine out of ten. 

Elastic SIEM is used to monitor and deal with system log files.

The best part about this solution is that it is open-source and free to use.

The performance is good and it is faster than IBM QRadar.

The interface could be more user friendly because it is sometimes hard to deal with.

The initial setup can be made easier.

I have been using Elastic SIEM for six months.

I am satisfied with the stability of Elastic SIEM.

There is no technical support for the open-source, free version.

I have used other SIEM solutions but this one is open-source, unlike some of the others.

It is also faster than IBM QRadar.

The initial setup is complex and it is not easy to deploy.

It is also possible to have a cloud-based deployment.

There is no charge for using the open-source version.

This solution is complex and cannot be used by just anybody. That said, for people who don't want to buy a product or who want to do everything themselves, I would recommend it. The real problem is that its complexity means that it takes a lot of time to set up and learn to use. There is a lot of configuration and hard work.

I would rate this solution an eight out of ten.