Elastic Security Reviews

We are using Elastic Security as part of the Elastic Search component. The solution provides us with security, such as threat protection.

The most valuable features of Elastic Security are it is open-source and provides a high level of security.

Elastic Security could improve the documentation. It would help if they were more simple and clean.

I have used Elastic Security for approximately two years.

We have one person using this solution.

I have used the community support for Elastic Security. Sometimes the support is helpful and sometimes it is not.

I have used other similar solutions in the past.

The initial setup of Elastic Security is straightforward. However, the documentation could improve. The deployment can be done in approximately 15 minutes.

I have seen a return on investment using this solution.

The solution can take up to 20 minutes to maintain when needed.

I rate Elastic Security a seven out of ten.

My clients use this solution for security purposes and SIEM and log management.

The most valuable features of the solution are the prevention methods and the incident alerts. 

There is room for improvement in the Kibana dashboard and in the asset management for the program.

I've been working with Elastic Security for almost two years now.

The solution is stable if you don't touch it too much. Meaning, it's technically stable, but if there is a period of downtime, you will face quite a big hiccup in getting it running again and stabilized.

The scalability of Elastic is amazing. 

I would say the technical support isn't really good or bad. On a scale of one to ten, I would give it a five. 

Neutral

The setup can sometimes be quite complex for the backend team. It all depends on the client's environment, so we have to be flexible.

My company provides a team for deployment, which usually consists of at least three or four engineers. Deployment generally takes six months to one year.

I would say that, on average, a good ROI can be seen within one and a half to two years after deploying Elastic Security. 

Licensing for the solution is available as a one-year or three-year plan, and all of the features are included.

I would rate this solution as a seven out of ten.

The primary use case of this solution is for IT monitoring, predictive maintenance, and anomaly detection.

It's simple and easy to use.

This solution cannot do predictive maintenance, so we have to build our own modules for doing it.

It doesn't do advanced analytics. They should have some advance analytics in this solution.

With Kibana, we wanted it to be easier to use. The data visualization is there but it should be easier to use.

Also, they should start proving APIs for doing ML and AI.

I have been using this solution for two months.

This solution is stable and so far, we have had no issues.

The scalability is very good. We are running it on an eight-node machine so far, and with eight nodes we have had no issues.

We haven't contacted support. They do have the support and we have spoken with them over email. We might need their assistance next month.

Anyone who wants to do IT log monitoring, realtime and who wants to do the anomaly detection, should go with this solution.

So far from what we have seen, I would rate this solution a nine out of ten.

We are a service provider, and use this solution to work with our customers.

We use this solution for collecting firewall logs and then supplying them to the log analyzer.

We are running Fortinet FortiGate for our firewall, and these are the logs that we are analyzing. Normally, we have a problem with the visualization part.

This solution helps us because we can find all of the logs in one place. We can easily find a specific log in a specific time period.

The visualization is very good.

There are connectors to gather logs for Windows PCs and Linux PCs, but if we have to get the logs from Syslog then we have to do it manually, and this should be automated.

It would be good if I could get technical support for specific devices. I think that Windows should have some specific connectors. When we implemented a new product, we had to create it manually.

The stability of this solution is fine.

This solution is scalable.

We have approximately two hundred users and we do not plan to increase usage at this time.

We had not contacted technical support for this solution.

We have used other SIEM solutions in our company.

On week is enough for the deployment.

We performed the integration ourselves.

We are using the free, open-source version of this solution.

We did not evaluate other options before choosing this solution.

We are interested in learning more about plugins for specific firewalls or other products.

The only problem with this solution is the development part, where we have to do it manually.

I would rate this solution a six out of ten.

In general, the solution is working together with Open Shift's deployment for the continuous delivery of many projects. This product takes the metrics and checks the log for components that Open Shift deploys. We work with the observation team that monitors the entire company to understand what can be observed and analyzed. 

The solution is able to handle searches quickly and efficiently. It's much faster than other solutions we've tried. It spends far less time on searches related to capacity and indexing information.

The possibility to stack, locate, and search with your indexing feature at a high rate of speed is its best feature. 

It helps that the solution can work together with the infrastructure agents to get the metrics we need. 

The integration is quite good.

The initial setup is not difficult. It's easy to set up and customize. It's a strong selling point for the solution. 

It's easy to collect the data.

The documentation is big. It's very well documented.

It's working and easy to work with.

The cost is reasonable. It's not overly pricey.

This type of monitoring is not very mature just yet. We need more real-time information in a way that's easier to manage.

We need to be able to monitor from any location in the world and any location in the company. We find that solutions such as Dynatrace and Datadog offer much more functionality, perhaps due to the fact that they are more mature.

The solution needs to integrate more AI capabilities, specifically to assist in anomaly detection.

The instrumentation of APM can be enhanced; can be better. It's not automated. It's a very manual process. This ends up being more costly for us. Dynatrace and Datadog are better in this area.

The support on offer could be much better.

I've been using the solution for the last six months at this point. It hasn't been an extremely long amount of time just yet.

The stability has been pretty good. It's reliable. There aren't bugs or glitches. it doesn't crash or freeze. I'd describe it as 95% stable overall.

We haven't really done any scaling. We only have had an environment with a small cluster on-premises and we can't really test it for scalability. We have no more than four servers for the platform and never really needed to expand anything.

The solution may be used by around 1,000 people in our organization.

Technical support could be a lot better. They should offer online chat functionality so that we can get answers to questions right away. It would make troubleshooting a lot faster and less cumbersome.

We've had some troubles, and when we do, we need to open a ticket to get it resolved, which takes some time.

That said, it does offer very good documentation and their knowledge is very good when you do interact with them.

The initial setup is easy. It's not complex or difficult. It's pretty straightforward.

It's very easy to set everything up and configure it on-premises.

The deployment only took an hour or two. We only deployed to one environment. It was pretty fast.

The cost is pretty low. It is not open-source, however.

We are just customers and end-users.

I would advise others to use this solution. It's relatively low cost and the implementation is quick, giving you results faster. 

I would rate the solution at an eight out of ten overall.

My primary use case is to check market prices.

The main benefit of using this solution is that it improves your speed as you don't have to waste time searching for answers.

The most valuable feature is the search function, which allows me to go directly to the target to see the specific line a customer is searching for.

The price of this product could be improved, especially the additional costs. I would also like to see better-quality graphics.

I have found some bugs, but overall the stability is fine.

The scalability is fine.

Technical support is good, they're able to answer all of our questions.

The initial setup wasn't difficult, but that varies depending on the number of servers you have.

This tool is affordable, and its price is ok.

I would rate this solution eight out of ten.

The primary use cases are for infrastructure monitoring networks, security analytics, and SIEM.

We are evaluating it for business analytics as well.

The feature that I have found most valuable is the infrastructure monitoring part because it is quite easy. If you want to get up and running, we could create use cases in four to five days. So the initial infrastructure for simple analytics is quite easy.

ELK Logstash is easy and fast, at least for the initial setup with the out of box uses. I'm not talking about advanced use cases, but the basic ones are quite easy to configure.

In terms of what could be improved with Elastic, in some use cases, especially on the advanced level, they are not ready-made, so you'll have to write some scripts. This is the case, especially with a trade. If you are comparing it with a SIEM tool, you don't have ready-made use cases.

I would say that to have a better place in the market they should have more built-in use cases so that rather than people creating them, the prime uses had inbuilt use cases. It could even include more templates or automation.

I have been using this solution almost 10 - 11 months.

In terms of stability, as a starting point with simple use cases, it's quite easy and fast to deploy.

In terms of assessing its scalability, we have not gone with a very huge amount of data yet so it is early to comment on that. We started with three node architecture and I think slowly we'll scale up.

It is suitable for small to large businesses. We have started small but we plan to scale it up.

Currently, we are using the solution between 16 and 24 hours a day, 7 days a week for live monitoring.

We have been in touch with support and raised tickets a couple of times, especially when we get stuck with respect to some advanced level issues.

Sometimes the reply has been quite fast and sometimes it has taken maybe 24 to 48 hours. They could definitely improve a bit on their support.

We have done both setups, on-premise as well as on AWS.

The installation is quite okay. We have done three or four installations and it's fine. We have deployed on Windows as well as on Linux platforms.

I don't get involved in the installation, but I have a small team who does it and based on their experience, we have installed in one day.

The installation of full-frame solutions is quite smooth.

We implement it ourselves in-house. We have a technical team that does it. We can refer to blogs in case we get stuck, but so far it's been smooth.

If you have a basically knowledgeable person, even without a lot of experience, as we had on our team, people with only two months' experience, they have been able to do it quite well in a day or two.

Until now, we have not evaluated the Elastic cloud version, which is the fast kind of solution. But we have deployed the on-premise as well as the AWS options.

Based on my experience, it's quite easy and manageable with small scale implementations, and the time to market is quite fast. I can have good monitoring with a couple of use cases set up in less than four weeks.

In terms of other advice, it depends what I am looking for. Am I looking at this as a platform or for a specific use case? If I see it as a platform, I would definitely say it's a good platform to work on. In that case, I would rate it an eight on a scale of one to ten.

Elastic Security is usually used to deliver and analyze logs for security teams. Some common use cases include search and analytics of log data from the system and sending it to other components. We are using features like point security and detection of gathering data.

The most valuable thing is that this solution is widely used for work management and research. It's easy to jump into the security use case with the same technology. Also, it's valuable from an operational point of view as you have the same knowledge of how to operate it, how to work management, search, and security instance.

The important part is that it's free of charge usage. For our use case, it's enough, and it's for a good cost because the basic level of the solution is free.

In terms of improvement, there could be more automation in responding to and evaluating detections. Additionally, there could be some sort of intelligent database checking for better effects. Overall, I think there could be more automation.

I have been using Elastic Security for four years now. When it started because we were working with Endgame before it merged with Elastic.

I rate the stability an eight out of ten because it depends on the design and how well you monitor it.

I would rate the scalability a ten out of ten; it is a very scalable solution. We work with enterprise-level companies.

The customer support is good. You have support from all project stages, beginning with the architecture. And after you roll out the solution, you have dedicated technical staff for the project.

Positive

The initial setup depends on what you were expecting, but since we have experience with it and know what it's good for, it's an eight out of ten. The initial deployment typically takes about a day. Then there's an initial stage of the project to integrate some of the client's specific requirements, which can take additional time depending on the complexity of their environment.

When it comes to maintenance, it depends on the project, and sometimes one person can support all roles.

Usually, it's enough to have one engineer with deep technical knowledge of the operating system and the deployment and configuration of the system. The other role is an analytical role with project management and coordination skills to communicate with customers and drive delivery.

We implement Elastic Security in our customer's environment. We are like a consulting company. Depending on their preference, the initial deployment could be on their internal cloud, on-premises, or on hardware visualization. The advantage of this solution is that it can be deployed anywhere, including public clouds, private clouds, on-premises, bare metal, and even on Kubernetes.

The deployment takes a few days, and in the initial stage of projects, it could take two months with some integrations to the system, setting some rules, and so on. But it also depends on our customers and how familiar they are with it and what they want.

Usually, we start with a small installation with a bit fewer sources, install the initial setup, and gather information from selected systems such as legacy systems, infrastructure systems, custom applications, and so on running in the customer environment. Then we show how our solution behaves, how it grows, and what is the expected volume of data. We plan the next iterations to extend the hardware deployment. As users start using the platform and become familiar with it, they can set their requirements for implementing iterations. Then we shape the infrastructure and implement some rules, detections, machine learning, and other features.

We prefer to move forward very fast with no big analytics because customers usually don't know what is happening in their systems, and with this approach, we are showing them what they need to focus on.

I would say you don't spend too much time evaluating and comparing it with other products. Just start with it because you can begin for free and gain knowledge. It's the best approach.

It's also a good idea to run it next to other solutions, like Splunk or QRadar, or something else, and compare how you can use this platform. We have also done some migration projects from these platforms to Elastic Security. Initially, some expectations were that it could not be as good for the price because it's free or cheaper, but surprisingly, we found it valuable and easy to use.

Overall, I rate it a seven out of ten because some features are still missing. However, it's a developing platform and technology that is a good investment for the future. Every release adds new features, and the platform fits future requests and changing IT landscapes, like cloud environments. There are no limits, and it's an open platform that can serve all needs.