Try our new research platform with insights from 80,000+ expert users
Mustafa Husny - PeerSpot reviewer
Senior System Engineer at Techline-eg
Real User
Top 5Leaderboard
High level security, open-source, but lacking documentation
Pros and Cons
  • "The most valuable features of Elastic Security are it is open-source and provides a high level of security."
  • "Elastic Security could improve the documentation. It would help if they were more simple and clean."

What is our primary use case?

We are using Elastic Security as part of the Elastic Search component. The solution provides us with security, such as threat protection.

What is most valuable?

The most valuable features of Elastic Security are it is open-source and provides a high level of security.

What needs improvement?

Elastic Security could improve the documentation. It would help if they were more simple and clean.

For how long have I used the solution?

I have used Elastic Security for approximately two years.

Buyer's Guide
Elastic Security
April 2025
Learn what your peers think about Elastic Security. Get advice and tips from experienced pros sharing their opinions. Updated: April 2025.
848,716 professionals have used our research since 2012.

What do I think about the scalability of the solution?

We have one person using this solution.

How are customer service and support?

I have used the community support for Elastic Security. Sometimes the support is helpful and sometimes it is not.

Which solution did I use previously and why did I switch?

I have used other similar solutions in the past.

How was the initial setup?

The initial setup of Elastic Security is straightforward. However, the documentation could improve. The deployment can be done in approximately 15 minutes.

What was our ROI?

I have seen a return on investment using this solution.

What other advice do I have?

The solution can take up to 20 minutes to maintain when needed.

I rate Elastic Security a seven out of ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Principal Cyber Security Manager at Ask4key
Real User
Valuable prevention methods and asset alerts, but room for improvement in the Kibana dashboard and asset management
Pros and Cons
  • "The most valuable features of the solution are the prevention methods and the incident alerts."
  • "There is room for improvement in the Kibana dashboard and in the asset management for the program."

What is our primary use case?

My clients use this solution for security purposes and SIEM and log management.

What is most valuable?

The most valuable features of the solution are the prevention methods and the incident alerts. 

What needs improvement?

There is room for improvement in the Kibana dashboard and in the asset management for the program.

For how long have I used the solution?

I've been working with Elastic Security for almost two years now.

What do I think about the stability of the solution?

The solution is stable if you don't touch it too much. Meaning, it's technically stable, but if there is a period of downtime, you will face quite a big hiccup in getting it running again and stabilized.

What do I think about the scalability of the solution?

The scalability of Elastic is amazing. 

How are customer service and support?

I would say the technical support isn't really good or bad. On a scale of one to ten, I would give it a five. 

How would you rate customer service and support?

Neutral

How was the initial setup?

The setup can sometimes be quite complex for the backend team. It all depends on the client's environment, so we have to be flexible.

What about the implementation team?

My company provides a team for deployment, which usually consists of at least three or four engineers. Deployment generally takes six months to one year.

What was our ROI?

I would say that, on average, a good ROI can be seen within one and a half to two years after deploying Elastic Security. 

What's my experience with pricing, setup cost, and licensing?

Licensing for the solution is available as a one-year or three-year plan, and all of the features are included.

What other advice do I have?

I would rate this solution as a seven out of ten.

Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
PeerSpot user
Buyer's Guide
Elastic Security
April 2025
Learn what your peers think about Elastic Security. Get advice and tips from experienced pros sharing their opinions. Updated: April 2025.
848,716 professionals have used our research since 2012.
reviewer1269303 - PeerSpot reviewer
Senior Manager Analytics at a financial services firm with 501-1,000 employees
Real User
A simple and easy-to-use solution for IT monitoring and anomaly detection
Pros and Cons
  • "It's simple and easy to use."
  • "This solution cannot do predictive maintenance, so we have to build our own modules for doing it."

What is our primary use case?

The primary use case of this solution is for IT monitoring, predictive maintenance, and anomaly detection.

What is most valuable?

It's simple and easy to use.

What needs improvement?

This solution cannot do predictive maintenance, so we have to build our own modules for doing it.

It doesn't do advanced analytics. They should have some advance analytics in this solution.

With Kibana, we wanted it to be easier to use. The data visualization is there but it should be easier to use.

Also, they should start proving APIs for doing ML and AI.

For how long have I used the solution?

I have been using this solution for two months.

What do I think about the stability of the solution?

This solution is stable and so far, we have had no issues.

What do I think about the scalability of the solution?

The scalability is very good. We are running it on an eight-node machine so far, and with eight nodes we have had no issues.

How are customer service and technical support?

We haven't contacted support. They do have the support and we have spoken with them over email. We might need their assistance next month.

What other advice do I have?

Anyone who wants to do IT log monitoring, realtime and who wants to do the anomaly detection, should go with this solution.

So far from what we have seen, I would rate this solution a nine out of ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
it_user771693 - PeerSpot reviewer
Works at a comms service provider with 51-200 employees
Real User
Good visualization, but more automation is needed
Pros and Cons
  • "The visualization is very good."
  • "There are connectors to gather logs for Windows PCs and Linux PCs, but if we have to get the logs from Syslog then we have to do it manually, and this should be automated."

What is our primary use case?

We are a service provider, and use this solution to work with our customers.

We use this solution for collecting firewall logs and then supplying them to the log analyzer.

We are running Fortinet FortiGate for our firewall, and these are the logs that we are analyzing. Normally, we have a problem with the visualization part.

How has it helped my organization?

This solution helps us because we can find all of the logs in one place. We can easily find a specific log in a specific time period.

What is most valuable?

The visualization is very good.

What needs improvement?

There are connectors to gather logs for Windows PCs and Linux PCs, but if we have to get the logs from Syslog then we have to do it manually, and this should be automated.

It would be good if I could get technical support for specific devices. I think that Windows should have some specific connectors. When we implemented a new product, we had to create it manually.

What do I think about the stability of the solution?

The stability of this solution is fine.

What do I think about the scalability of the solution?

This solution is scalable.

We have approximately two hundred users and we do not plan to increase usage at this time.

How are customer service and technical support?

We had not contacted technical support for this solution.

Which solution did I use previously and why did I switch?

We have used other SIEM solutions in our company.

How was the initial setup?

On week is enough for the deployment.

What about the implementation team?

We performed the integration ourselves.

What's my experience with pricing, setup cost, and licensing?

We are using the free, open-source version of this solution.

Which other solutions did I evaluate?

We did not evaluate other options before choosing this solution.

What other advice do I have?

We are interested in learning more about plugins for specific firewalls or other products.

The only problem with this solution is the development part, where we have to do it manually.

I would rate this solution a six out of ten.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
reviewer1187142 - PeerSpot reviewer
Senior Tech Engineer at a tech services company with 1,001-5,000 employees
Real User
Easy to set up, reasonably priced, and offers good integration
Pros and Cons
  • "The cost is reasonable. It's not overly pricey."
  • "This type of monitoring is not very mature just yet. We need more real-time information in a way that's easier to manage."

What is our primary use case?

In general, the solution is working together with Open Shift's deployment for the continuous delivery of many projects. This product takes the metrics and checks the log for components that Open Shift deploys. We work with the observation team that monitors the entire company to understand what can be observed and analyzed. 

What is most valuable?

The solution is able to handle searches quickly and efficiently. It's much faster than other solutions we've tried. It spends far less time on searches related to capacity and indexing information.

The possibility to stack, locate, and search with your indexing feature at a high rate of speed is its best feature. 

It helps that the solution can work together with the infrastructure agents to get the metrics we need. 

The integration is quite good.

The initial setup is not difficult. It's easy to set up and customize. It's a strong selling point for the solution. 

It's easy to collect the data.

The documentation is big. It's very well documented.

It's working and easy to work with.

The cost is reasonable. It's not overly pricey.

What needs improvement?

This type of monitoring is not very mature just yet. We need more real-time information in a way that's easier to manage.

We need to be able to monitor from any location in the world and any location in the company. We find that solutions such as Dynatrace and Datadog offer much more functionality, perhaps due to the fact that they are more mature.

The solution needs to integrate more AI capabilities, specifically to assist in anomaly detection.

The instrumentation of APM can be enhanced; can be better. It's not automated. It's a very manual process. This ends up being more costly for us. Dynatrace and Datadog are better in this area.

The support on offer could be much better.

For how long have I used the solution?

I've been using the solution for the last six months at this point. It hasn't been an extremely long amount of time just yet.

What do I think about the stability of the solution?

The stability has been pretty good. It's reliable. There aren't bugs or glitches. it doesn't crash or freeze. I'd describe it as 95% stable overall.

What do I think about the scalability of the solution?

We haven't really done any scaling. We only have had an environment with a small cluster on-premises and we can't really test it for scalability. We have no more than four servers for the platform and never really needed to expand anything.

The solution may be used by around 1,000 people in our organization.

How are customer service and technical support?

Technical support could be a lot better. They should offer online chat functionality so that we can get answers to questions right away. It would make troubleshooting a lot faster and less cumbersome.

We've had some troubles, and when we do, we need to open a ticket to get it resolved, which takes some time.

That said, it does offer very good documentation and their knowledge is very good when you do interact with them.

How was the initial setup?

The initial setup is easy. It's not complex or difficult. It's pretty straightforward.

It's very easy to set everything up and configure it on-premises.

The deployment only took an hour or two. We only deployed to one environment. It was pretty fast.

What's my experience with pricing, setup cost, and licensing?

The cost is pretty low. It is not open-source, however.

What other advice do I have?

We are just customers and end-users.

I would advise others to use this solution. It's relatively low cost and the implementation is quick, giving you results faster. 

I would rate the solution at an eight out of ten overall.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Desarrollador Java Senior Full Stack at Optimissa Capital Markets Consulting
Real User
Strong search function improved our speed
Pros and Cons
  • "The most valuable feature is the search function, which allows me to go directly to the target to see the specific line a customer is searching for."
  • "The price of this product could be improved, especially the additional costs. I would also like to see better-quality graphics."

What is our primary use case?

My primary use case is to check market prices.

How has it helped my organization?

The main benefit of using this solution is that it improves your speed as you don't have to waste time searching for answers.

What is most valuable?

The most valuable feature is the search function, which allows me to go directly to the target to see the specific line a customer is searching for.

What needs improvement?

The price of this product could be improved, especially the additional costs. I would also like to see better-quality graphics.

What do I think about the stability of the solution?

I have found some bugs, but overall the stability is fine.

What do I think about the scalability of the solution?

The scalability is fine.

How are customer service and support?

Technical support is good, they're able to answer all of our questions.

How was the initial setup?

The initial setup wasn't difficult, but that varies depending on the number of servers you have.

What's my experience with pricing, setup cost, and licensing?

This tool is affordable, and its price is ok.

What other advice do I have?

I would rate this solution eight out of ten.

Which deployment model are you using for this solution?

Public Cloud
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
reviewer1174176 - PeerSpot reviewer
Associate Delivery Lead at a tech services company with 1,001-5,000 employees
Real User
Fast, easy and offers easy infrastructure monitoring abilities
Pros and Cons
  • "ELK Logstash is easy and fast, at least for the initial setup with the out of box uses."
  • "In terms of what could be improved with Elastic, in some use cases, especially on the advanced level, they are not ready made, so you'll have to write some scripts."

What is our primary use case?

The primary use cases are for infrastructure monitoring networks, security analytics, and SIEM.

We are evaluating it for business analytics as well.

What is most valuable?

The feature that I have found most valuable is the infrastructure monitoring part because it is quite easy. If you want to get up and running, we could create use cases in four to five days. So the initial infrastructure for simple analytics is quite easy.

ELK Logstash is easy and fast, at least for the initial setup with the out of box uses. I'm not talking about advanced use cases, but the basic ones are quite easy to configure.

What needs improvement?

In terms of what could be improved with Elastic, in some use cases, especially on the advanced level, they are not ready-made, so you'll have to write some scripts. This is the case, especially with a trade. If you are comparing it with a SIEM tool, you don't have ready-made use cases.

I would say that to have a better place in the market they should have more built-in use cases so that rather than people creating them, the prime uses had inbuilt use cases. It could even include more templates or automation.

For how long have I used the solution?

I have been using this solution almost 10 - 11 months.

What do I think about the stability of the solution?

In terms of stability, as a starting point with simple use cases, it's quite easy and fast to deploy.

What do I think about the scalability of the solution?

In terms of assessing its scalability, we have not gone with a very huge amount of data yet so it is early to comment on that. We started with three node architecture and I think slowly we'll scale up.

It is suitable for small to large businesses. We have started small but we plan to scale it up.

Currently, we are using the solution between 16 and 24 hours a day, 7 days a week for live monitoring.

How are customer service and technical support?

We have been in touch with support and raised tickets a couple of times, especially when we get stuck with respect to some advanced level issues.

Sometimes the reply has been quite fast and sometimes it has taken maybe 24 to 48 hours. They could definitely improve a bit on their support.

How was the initial setup?

We have done both setups, on-premise as well as on AWS.

The installation is quite okay. We have done three or four installations and it's fine. We have deployed on Windows as well as on Linux platforms.

I don't get involved in the installation, but I have a small team who does it and based on their experience, we have installed in one day.

The installation of full-frame solutions is quite smooth.

What about the implementation team?

We implement it ourselves in-house. We have a technical team that does it. We can refer to blogs in case we get stuck, but so far it's been smooth.

If you have a basically knowledgeable person, even without a lot of experience, as we had on our team, people with only two months' experience, they have been able to do it quite well in a day or two.

Which other solutions did I evaluate?

Until now, we have not evaluated the Elastic cloud version, which is the fast kind of solution. But we have deployed the on-premise as well as the AWS options.

What other advice do I have?

Based on my experience, it's quite easy and manageable with small scale implementations, and the time to market is quite fast. I can have good monitoring with a couple of use cases set up in less than four weeks.

In terms of other advice, it depends what I am looking for. Am I looking at this as a platform or for a specific use case? If I see it as a platform, I would definitely say it's a good platform to work on. In that case, I would rate it an eight on a scale of one to ten.

Which deployment model are you using for this solution?

Hybrid Cloud
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
PeerSpot user
reviewer1411278 - PeerSpot reviewer
Big Data Team Leader at a tech services company with 51-200 employees
Real User
Easy to use across different use cases but stability depends on your design of implementation
Pros and Cons
  • "The most valuable thing is that this solution is widely used for work management and research. It's easy to jump into the security use case with the same technology."
  • "In terms of improvement, there could be more automation in responding to and evaluating detections."

What is our primary use case?

Elastic Security is usually used to deliver and analyze logs for security teams. Some common use cases include search and analytics of log data from the system and sending it to other components. We are using features like point security and detection of gathering data.

How has it helped my organization?

The most valuable thing is that this solution is widely used for work management and research. It's easy to jump into the security use case with the same technology. Also, it's valuable from an operational point of view as you have the same knowledge of how to operate it, how to work management, search, and security instance.

What is most valuable?

The important part is that it's free of charge usage. For our use case, it's enough, and it's for a good cost because the basic level of the solution is free.

What needs improvement?

In terms of improvement, there could be more automation in responding to and evaluating detections. Additionally, there could be some sort of intelligent database checking for better effects. Overall, I think there could be more automation.

For how long have I used the solution?

I have been using Elastic Security for four years now. When it started because we were working with Endgame before it merged with Elastic.

What do I think about the stability of the solution?

I rate the stability an eight out of ten because it depends on the design and how well you monitor it.

What do I think about the scalability of the solution?

I would rate the scalability a ten out of ten; it is a very scalable solution. We work with enterprise-level companies.

How are customer service and support?

The customer support is good. You have support from all project stages, beginning with the architecture. And after you roll out the solution, you have dedicated technical staff for the project.

How would you rate customer service and support?

Positive

How was the initial setup?

The initial setup depends on what you were expecting, but since we have experience with it and know what it's good for, it's an eight out of ten. The initial deployment typically takes about a day. Then there's an initial stage of the project to integrate some of the client's specific requirements, which can take additional time depending on the complexity of their environment.

When it comes to maintenance, it depends on the project, and sometimes one person can support all roles.

Usually, it's enough to have one engineer with deep technical knowledge of the operating system and the deployment and configuration of the system. The other role is an analytical role with project management and coordination skills to communicate with customers and drive delivery.

What about the implementation team?

We implement Elastic Security in our customer's environment. We are like a consulting company. Depending on their preference, the initial deployment could be on their internal cloud, on-premises, or on hardware visualization. The advantage of this solution is that it can be deployed anywhere, including public clouds, private clouds, on-premises, bare metal, and even on Kubernetes.

The deployment takes a few days, and in the initial stage of projects, it could take two months with some integrations to the system, setting some rules, and so on. But it also depends on our customers and how familiar they are with it and what they want.

Usually, we start with a small installation with a bit fewer sources, install the initial setup, and gather information from selected systems such as legacy systems, infrastructure systems, custom applications, and so on running in the customer environment. Then we show how our solution behaves, how it grows, and what is the expected volume of data. We plan the next iterations to extend the hardware deployment. As users start using the platform and become familiar with it, they can set their requirements for implementing iterations. Then we shape the infrastructure and implement some rules, detections, machine learning, and other features.

We prefer to move forward very fast with no big analytics because customers usually don't know what is happening in their systems, and with this approach, we are showing them what they need to focus on.

What other advice do I have?

I would say you don't spend too much time evaluating and comparing it with other products. Just start with it because you can begin for free and gain knowledge. It's the best approach.

It's also a good idea to run it next to other solutions, like Splunk or QRadar, or something else, and compare how you can use this platform. We have also done some migration projects from these platforms to Elastic Security. Initially, some expectations were that it could not be as good for the price because it's free or cheaper, but surprisingly, we found it valuable and easy to use.

Overall, I rate it a seven out of ten because some features are still missing. However, it's a developing platform and technology that is a good investment for the future. Every release adds new features, and the platform fits future requests and changing IT landscapes, like cloud environments. There are no limits, and it's an open platform that can serve all needs.

Disclosure: My company has a business relationship with this vendor other than being a customer:
PeerSpot user
Buyer's Guide
Download our free Elastic Security Report and get advice and tips from experienced pros sharing their opinions.
Updated: April 2025
Buyer's Guide
Download our free Elastic Security Report and get advice and tips from experienced pros sharing their opinions.