Elastic Security Reviews

Elastic SIEM is used to monitor and deal with system log files.

The best part about this solution is that it is open-source and free to use.

The performance is good and it is faster than IBM QRadar.

The interface could be more user friendly because it is sometimes hard to deal with.

The initial setup can be made easier.

I have been using Elastic SIEM for six months.

I am satisfied with the stability of Elastic SIEM.

There is no technical support for the open-source, free version.

I have used other SIEM solutions but this one is open-source, unlike some of the others.

It is also faster than IBM QRadar.

The initial setup is complex and it is not easy to deploy.

It is also possible to have a cloud-based deployment.

There is no charge for using the open-source version.

This solution is complex and cannot be used by just anybody. That said, for people who don't want to buy a product or who want to do everything themselves, I would recommend it. The real problem is that its complexity means that it takes a lot of time to set up and learn to use. There is a lot of configuration and hard work.

I would rate this solution an eight out of ten.

We use Elastic SIEM for security and analytics.

The most valuable feature is the machine learning capability.

This solution is very hard to implement. It is not a simple product but rather, it has many features and we need to understand all of them. For example, there is the analytics, the parser, and the visualizer, and setting them all up is a little bit complex.

In the next release of this product, I would like to see SOAR automation features, similar to what Splunk Phantom has.

We are conducting a PoC with Elastic SIEM and I have about two months of experience with it.

The deployment is stable, although they are evolving very fast. They frequently update everything.

We are using Elastic SIEM on a daily basis, even during holidays.

I would say that it is scalable.

The technical support is good.

The initial setup is quite complex. Starting from the point where we were collecting the data, the deployment probably took about a month. However, simply installing the applications only takes a few days.

We have an engineer in the company who handled the deployment. So far, things have been good.

My advice to anybody who is implementing Elastic SIEM is to understand how the data works first. It is really different from other types of products.

Overall, the product is very stable and it is well-liked. I think that everybody should consider using it.

I would rate this solution an eight out of ten.

The intelligence of the system has been very impressive. It's not quite AI, but the technical bit where it correlates information, based on the attacks within an organization is good. The intelligence bit that it gathers from within itself is really good. It's pretty accurate and gives you good details to create an intelligence report and present that to your C-level management. 

I think user interface could be improved. They should introduce a hybrid model, because for now, Endgame is purely on premises. They do not have a full-blown model. They don't market themselves that way, which is why customers lose out on a lot of information. They don't know if the product is worth the trial or not because it's an organization that is going completely in the direction of digital transformation on the cloud and then Endgame's automatically removed as an option for them. They wouldn't even know Endgame goes on the cloud, because the company does not market it. 

The solution could also use better dashboards. They need to be more graphical, more matrix-like.

The solution is pretty stable.

I don't think I can comment on the scalability, because it wasn't in my use case. I was the only primary user; I was testing it because I was testing it against a competitor.

I haven't had to reach out to technical support.

The initial setup was a little complex.

We used a deployment consultant, but I installed it on my own.

It works well offline. It works on the cloud as well, but I doubt that it has 100% capability as it does on-premise. There's a difference. Endgame works very well when it's not connected to the internet as well. For example, if it's installed on a computer and the person's out on the road, it's still going to protect. Go through a good assessment of the Endpoint from an Endpoint security assessment methodology perspective.

I would rate this solution 7.5 out of 10 because I know of a solution that does better.

The primary use cases are for infrastructure monitoring networks, security analytics, and SIEM.

We are evaluating it for business analytics as well.

The feature that I have found most valuable is the infrastructure monitoring part because it is quite easy. If you want to get up and running, we could create use cases in four to five days. So the initial infrastructure for simple analytics is quite easy.

ELK Logstash is easy and fast, at least for the initial setup with the out of box uses. I'm not talking about advanced use cases, but the basic ones are quite easy to configure.

In terms of what could be improved with Elastic, in some use cases, especially on the advanced level, they are not ready-made, so you'll have to write some scripts. This is the case, especially with a trade. If you are comparing it with a SIEM tool, you don't have ready-made use cases.

I would say that to have a better place in the market they should have more built-in use cases so that rather than people creating them, the prime uses had inbuilt use cases. It could even include more templates or automation.

I have been using this solution almost 10 - 11 months.

In terms of stability, as a starting point with simple use cases, it's quite easy and fast to deploy.

In terms of assessing its scalability, we have not gone with a very huge amount of data yet so it is early to comment on that. We started with three node architecture and I think slowly we'll scale up.

It is suitable for small to large businesses. We have started small but we plan to scale it up.

Currently, we are using the solution between 16 and 24 hours a day, 7 days a week for live monitoring.

We have been in touch with support and raised tickets a couple of times, especially when we get stuck with respect to some advanced level issues.

Sometimes the reply has been quite fast and sometimes it has taken maybe 24 to 48 hours. They could definitely improve a bit on their support.

We have done both setups, on-premise as well as on AWS.

The installation is quite okay. We have done three or four installations and it's fine. We have deployed on Windows as well as on Linux platforms.

I don't get involved in the installation, but I have a small team who does it and based on their experience, we have installed in one day.

The installation of full-frame solutions is quite smooth.

We implement it ourselves in-house. We have a technical team that does it. We can refer to blogs in case we get stuck, but so far it's been smooth.

If you have a basically knowledgeable person, even without a lot of experience, as we had on our team, people with only two months' experience, they have been able to do it quite well in a day or two.

Until now, we have not evaluated the Elastic cloud version, which is the fast kind of solution. But we have deployed the on-premise as well as the AWS options.

Based on my experience, it's quite easy and manageable with small scale implementations, and the time to market is quite fast. I can have good monitoring with a couple of use cases set up in less than four weeks.

In terms of other advice, it depends what I am looking for. Am I looking at this as a platform or for a specific use case? If I see it as a platform, I would definitely say it's a good platform to work on. In that case, I would rate it an eight on a scale of one to ten.

We want to track and to respond to our security incidents. That's the main reason we use it, to analyze and see like what all the incidents that are happening. We also deploy it for some of our clients.

The most valuable features are the speed, detail, and visualization. It has the latest standards.

In the case of DNS traffic or identification logs, you can actually use it on nondiscrimination laws. It has a good speed in which we can analyze the logs and the net flow.

The signature security needs improvement. 

If you compare this with CrowdStrike or Carbon Black, they can improve. 

I have been using Elastic SIEM for one year. 

It is stable.

Scaling is not a problem. Most of these products are cloud-native so we were able to scale it easily.

We are to implement it for smaller, medium, and bigger clients. I have done a few implementations with small and medium businesses and I've done a couple on the bigger side with bigger clients and we don't see much of a difference, but one of them can move down the fabric. With smaller and medium-sized businesses there is only one point of contact whereas with larger businesses there is a whole team that gets involved. 

There were a couple of instances where we were in touch with the Elastic support team. The DevOps team was primarily in touch with them. We were able to close all of the issues. There We didn't need to continuously have calls with support. We were able to close it on all forums.

Because I come from a technical background, I find the setup to be easy. It would also be easy for admins, like a manager or somebody who is on DevOps. But somebody without a background could find it complex. Overall, if you asked me to describe it is easy.

If we have to customizations, we can close it in a week's time, max, okay. So as he said to whatever that is, they're magnificent customizations that they want to do and internally what they want. But if we want to add certain rules or connection with the rules. 

I have expertise with Dell and I moved from it to Elastic because I had different projects and this was a natural extension. 

You have to decide to what level you're trying to go. Is it an SMB or larger enterprise? Because if it is a bigger enterprise there might be a lot of other cybersecurity products that are already installed on their premises. You need to check the compatibility and how it's going to integrate. 

Make sure it is easy to use and check to see what level you want to track. If there are incidents like unknown IPs and if you look at the logs and find there is no harm in the IPs there will be scrutiny on the endpoints. 

Consider what kind of team you're going to have and what their ability is to customize things, to connect to different logs. They should look at the operation and see how to customize it and connect it.  

Finally, consider your budget and how much you want to spend. 

I would rate it an eight out of ten. It is evolving every day on the security front but there are still certain areas that can be improved more.

In the next release, I'd like to see more improvements so that we can do more automation and have more automatic responses. That would be more helpful so that we don't have to delay the manual sources.

The solution does not have a UI and this is one of the reasons we are looking for another solution.

When setting up some of the pipelines we are receiving different types of log messages with different patterns. When I try to force a certain pattern I need to restart the solution causing a huge inconvenience for us.

I have been using the solution for one year.

The solution is not stable.

We have approximately 15 users using the solution in my organization.

When doing the installation, the ELK is working well but sometimes when we search for specific words there is no longer any inception throughout. This issue has been difficult to debug or fix.

The index is very important when using this solution. We encountered a couple of issues when we set up the wrong index, it causes everything to go down. That means if we set up something incorrectly with the index, the solution will be down and we do not know why.

The solution is free.

We are currently evaluating other solutions to replace this one, such as Datadogs and New Relic. Datadog has a UI that this solution is lacking.

I would not recommend this solution.

I rate ELK Logstash a five out of ten.