Elastic Security Reviews

The primary use cases are for infrastructure monitoring networks, security analytics, and SIEM.

We are evaluating it for business analytics as well.

The feature that I have found most valuable is the infrastructure monitoring part because it is quite easy. If you want to get up and running, we could create use cases in four to five days. So the initial infrastructure for simple analytics is quite easy.

ELK Logstash is easy and fast, at least for the initial setup with the out of box uses. I'm not talking about advanced use cases, but the basic ones are quite easy to configure.

In terms of what could be improved with Elastic, in some use cases, especially on the advanced level, they are not ready-made, so you'll have to write some scripts. This is the case, especially with a trade. If you are comparing it with a SIEM tool, you don't have ready-made use cases.

I would say that to have a better place in the market they should have more built-in use cases so that rather than people creating them, the prime uses had inbuilt use cases. It could even include more templates or automation.

I have been using this solution almost 10 - 11 months.

In terms of stability, as a starting point with simple use cases, it's quite easy and fast to deploy.

In terms of assessing its scalability, we have not gone with a very huge amount of data yet so it is early to comment on that. We started with three node architecture and I think slowly we'll scale up.

It is suitable for small to large businesses. We have started small but we plan to scale it up.

Currently, we are using the solution between 16 and 24 hours a day, 7 days a week for live monitoring.

We have been in touch with support and raised tickets a couple of times, especially when we get stuck with respect to some advanced level issues.

Sometimes the reply has been quite fast and sometimes it has taken maybe 24 to 48 hours. They could definitely improve a bit on their support.

We have done both setups, on-premise as well as on AWS.

The installation is quite okay. We have done three or four installations and it's fine. We have deployed on Windows as well as on Linux platforms.

I don't get involved in the installation, but I have a small team who does it and based on their experience, we have installed in one day.

The installation of full-frame solutions is quite smooth.

We implement it ourselves in-house. We have a technical team that does it. We can refer to blogs in case we get stuck, but so far it's been smooth.

If you have a basically knowledgeable person, even without a lot of experience, as we had on our team, people with only two months' experience, they have been able to do it quite well in a day or two.

Until now, we have not evaluated the Elastic cloud version, which is the fast kind of solution. But we have deployed the on-premise as well as the AWS options.

Based on my experience, it's quite easy and manageable with small scale implementations, and the time to market is quite fast. I can have good monitoring with a couple of use cases set up in less than four weeks.

In terms of other advice, it depends what I am looking for. Am I looking at this as a platform or for a specific use case? If I see it as a platform, I would definitely say it's a good platform to work on. In that case, I would rate it an eight on a scale of one to ten.

The primary use of this solution is to gather authentication information and use it to determine which identity provider is breaking on which service provider. We store it as anonymized session information for each user.

The most valuable feature is the ability to collect authentication information from service providers.

Configuring the server is difficult and can be improved.

I would like to have a high availability set up that is easy to configure. Anything that supports high availability or ease of deployment in a highly available environment would help to improve this solution.

I had been using Logstash for about three years. I am no longer using it but the people that I used to work with are.

We did not have any issues in terms of stability or performance.

Scalability was not a problem for us.

We did not have to contact technical support.

The initial setup is pretty straightforward.

Our deployment took quite some time but it was not because of Logstash issues. It was a more complex situation because we didn't have access to all of the nodes that we wanted to forward. So, it took between 10 and 15 months to deploy, although it was for administrative reasons as opposed to technical ones.

I had my own team for working with this solution but it was not for a single company. Our team was associated with a European partner and it was distributed around European cities.

My advice for anybody who is implementing this system is to set it up so that you can manage it remotely.

Overall, this product does what it is supposed to do, although there is always room for improvement.

I would rate this solution a nine out of ten.

We primarily use the solution for endpoint protection.

The best feature would be the threat hunting and its AI chat-related queries. It's simple. You can just chat with the system so it can get you the report based on a chat rather than going through a configuration. It's got a built-in artificial solution, a chatbot.

The interface of the solution is good.

The solution could offer better reporting features.

The stability of the solution is good.

We use a Linux box. And it's a hardened VM so you don't have to worry about any kind of batches, etc. You just deploy and start using, and it's quite stable and hasn't broken down on us at all.

In terms of scalability, you just need to keep increasing your endpoint licenses. That's the only thing. It's as easy as getting a new license updated and then you can start deploying it to the new endpoints. Right now, we have around 500 end users. We have a buffer of 1,000, so we can add about 400 more endpoints, so we are ready to grow if we need to. I don't know if we'll extend beyond that.

We didn't previously use a different solution.

The initial setup is straightforward. Deployment can take up to four days.

We used a reseller to assist us with the deployment. Our experience with them was positive.

We pay a yearly licensing fee.

I'd advise others to definitely do a POC, and have a plan for at least a couple of months, to see the benefits of it and then decide if it's the right solution for them.

You would need some kind of technical knowhow, not on the product, but on the kinds of incidents which you could face. You need some hands-on knowledge.

I'd rate the solution eight out of ten. The solution is effective. They even offer Mac versions now.

We are a service provider, and use this solution to work with our customers.

We use this solution for collecting firewall logs and then supplying them to the log analyzer.

We are running Fortinet FortiGate for our firewall, and these are the logs that we are analyzing. Normally, we have a problem with the visualization part.

This solution helps us because we can find all of the logs in one place. We can easily find a specific log in a specific time period.

The visualization is very good.

There are connectors to gather logs for Windows PCs and Linux PCs, but if we have to get the logs from Syslog then we have to do it manually, and this should be automated.

It would be good if I could get technical support for specific devices. I think that Windows should have some specific connectors. When we implemented a new product, we had to create it manually.

The stability of this solution is fine.

This solution is scalable.

We have approximately two hundred users and we do not plan to increase usage at this time.

We had not contacted technical support for this solution.

We have used other SIEM solutions in our company.

On week is enough for the deployment.

We performed the integration ourselves.

We are using the free, open-source version of this solution.

We did not evaluate other options before choosing this solution.

We are interested in learning more about plugins for specific firewalls or other products.

The only problem with this solution is the development part, where we have to do it manually.

I would rate this solution a six out of ten.

We used this solution for gathering our application logs and analyzing application behavior.

This solution assists in tuning our applications.

This is one of the best open-source log management and log analyzer tools in the world.

The documentation for this solution is very important, and more needs to be developed. It was not as good as we expected, and because of that, we prefer to work on commercial solutions such as Splunk or ArcSight. If the documentation were improved and made more clear for beginners, or even professionals, then we would be more attracted to this solution.

As you gather more and more data, and the data continues to grow, I think it is difficult to handle, administer, and perform declustering.

I would like to see support for machine learning, where it can make predictions based on the data that it has learned from our environment.

In terms of stability, we have had many problems when dealing with big data.

There are six people who use this solution in our company.

I do not use the commercial version so I cannot comment on technical support. The open-source community is very important for this solution.

We used Splunk in parallel with this solution.

In my role as a Security Operations Center Analyst, I think that Splunk is more useful for me. This is because I do not work on analyzing application behavior. However, I help my colleagues with this task, using ELK Logstash, based on my experience with Splunk.

The initial setup of this solution was complex.

We have an enterprise structure and we cannot just install this solution, Logstash, and Kibana (the data visualization plugin for this solution), to have a good experience. For example, we had to set up the SQL database.

We now have nine Elasticsearch nodes in the company that all work together in a cluster. It is not simple, but rather, an enterprise structure.

We use the open-source version, so there is no charge for this solution.

The solution does not work as well as Splunk.

Our company uses Logstash for gathering the data, and Kibana for searching. The two are used together.

This is a solution that I recommend. It is the best open-source product for people working in SO, managing and analyzing logs.

I would rate this solution an eight out of ten.

The intelligence of the system has been very impressive. It's not quite AI, but the technical bit where it correlates information, based on the attacks within an organization is good. The intelligence bit that it gathers from within itself is really good. It's pretty accurate and gives you good details to create an intelligence report and present that to your C-level management. 

I think user interface could be improved. They should introduce a hybrid model, because for now, Endgame is purely on premises. They do not have a full-blown model. They don't market themselves that way, which is why customers lose out on a lot of information. They don't know if the product is worth the trial or not because it's an organization that is going completely in the direction of digital transformation on the cloud and then Endgame's automatically removed as an option for them. They wouldn't even know Endgame goes on the cloud, because the company does not market it. 

The solution could also use better dashboards. They need to be more graphical, more matrix-like.

The solution is pretty stable.

I don't think I can comment on the scalability, because it wasn't in my use case. I was the only primary user; I was testing it because I was testing it against a competitor.

I haven't had to reach out to technical support.

The initial setup was a little complex.

We used a deployment consultant, but I installed it on my own.

It works well offline. It works on the cloud as well, but I doubt that it has 100% capability as it does on-premise. There's a difference. Endgame works very well when it's not connected to the internet as well. For example, if it's installed on a computer and the person's out on the road, it's still going to protect. Go through a good assessment of the Endpoint from an Endpoint security assessment methodology perspective.

I would rate this solution 7.5 out of 10 because I know of a solution that does better.

Documentation is very good, so implementation is fine.

Email notification should be done the same way as Logentries does it. Because of the notification issue we moved to Logentries, as it provides a simple way to get notification whenever a server encounters an error or something unexpected happens (which we have defined using Regex).

We set up a cron job to delete old logs so that we wouldn't hit a disk space issue. Such a feature should be available in the UI, where old logs can be deleted automatically. (Don’t know if this feature is already there).

No issues with stability.

Not really, but we did set up a cron job to delete old logs so that we wouldn't hit a disk space issue.

ELK documentation is very good, so never needed to contact technical support.

We used Logentries, but because it is open-source we moved to ELK as a part of cost-cutting strategy and evaluation of ELK. But the lack of a notification feature caused us to go back to Logentries.

Slightly complex, especially when you are configuring machines which are on a separate IP rather than on a single machine. In my case Elasticsearch, Kibana, and Logstash were on different machines. Along with that, we added a proxy server (nginx) ahead of the Kibana server. We used the proxy server for user authentication so that only known users should be able to access the Kibana dashboard. ELK didn’t have a free version for user authentication and that made us go for the alternative. We have, in total, four machines.

I give it a seven out of 10. They don't provide user authentication and authorisation features (Shield) as a part of their open-source version.

In my previous organization, I used this for central log management, increasing developer productivity.

Elasticsearch Indexing and the Visualize tools of Kibana.

Authentication is not a default in Kibana. We need to have another tool to have authentication and authorization. These two should be part of Kibana.

No issues with stability.

We had issues with scalability. Logstash was not scaling and aggregation was getting delayed. We moved to Fluentd making our stack from ELK to EFK.

We were using the open source version. Community support is good.

Complex. We needed to analyze multiple factors, like benchmarking, performance of Logstash.

I rate it at eight out of 10. It is scalable (if used properly), durable, and performance tested.

If you are good to spend money, Splunk is way better for log management. There might be other use cases where you may need ELK.