Elastic Security Reviews

In my previous organization, I used this for central log management, increasing developer productivity.

Elasticsearch Indexing and the Visualize tools of Kibana.

Authentication is not a default in Kibana. We need to have another tool to have authentication and authorization. These two should be part of Kibana.

No issues with stability.

We had issues with scalability. Logstash was not scaling and aggregation was getting delayed. We moved to Fluentd making our stack from ELK to EFK.

We were using the open source version. Community support is good.

Complex. We needed to analyze multiple factors, like benchmarking, performance of Logstash.

I rate it at eight out of 10. It is scalable (if used properly), durable, and performance tested.

If you are good to spend money, Splunk is way better for log management. There might be other use cases where you may need ELK.

Elastic SIEM is used to monitor and deal with system log files.

The best part about this solution is that it is open-source and free to use.

The performance is good and it is faster than IBM QRadar.

The interface could be more user friendly because it is sometimes hard to deal with.

The initial setup can be made easier.

I have been using Elastic SIEM for six months.

I am satisfied with the stability of Elastic SIEM.

There is no technical support for the open-source, free version.

I have used other SIEM solutions but this one is open-source, unlike some of the others.

It is also faster than IBM QRadar.

The initial setup is complex and it is not easy to deploy.

It is also possible to have a cloud-based deployment.

There is no charge for using the open-source version.

This solution is complex and cannot be used by just anybody. That said, for people who don't want to buy a product or who want to do everything themselves, I would recommend it. The real problem is that its complexity means that it takes a lot of time to set up and learn to use. There is a lot of configuration and hard work.

I would rate this solution an eight out of ten.

We are using ELK Logstash for application log management and fault detection.

The feature that we have found the most valuable is scalability. 

The process of designing dashboards is a little cumbersome in Kibana. Unless you are an expert, you will not be able to use it. The process should be pretty straightforward. 

The authentication feature is what we are looking for. We would love to have a central authentication system in the open-source edition without the need for a license or an enterprise license. If they can give at least a simple authentication system within a company. In a large organization, authentication is very essential for security because logs can contain a lot of confidential data. Therefore, an authentication feature for who accesses it should be there.

We have been using ELK Logstash for nearly three years.

It's quite stable. We have not seen it going down at all for the last three years. It's working well consistently.

Scalability is very good. 

We have not taken the technical support at all, so we have been supporting ourselves. We are using the open-source edition, and we are supporting ourselves.

The initial setup was very straightforward for us because we are a software development company. We understand how to compile the source code. We can compile the source code, and we can deploy it. It was pretty straightforward for us.

You should know this solution pretty well. You need to be clear beforehand for what you are going to use this product. This is not something that you can use generally for anything and everything. You should be really clear in terms of your requirements.

I would rate ELK Logstash a nine out of ten. 

We use Elastic SIEM for security and analytics.

The most valuable feature is the machine learning capability.

This solution is very hard to implement. It is not a simple product but rather, it has many features and we need to understand all of them. For example, there is the analytics, the parser, and the visualizer, and setting them all up is a little bit complex.

In the next release of this product, I would like to see SOAR automation features, similar to what Splunk Phantom has.

We are conducting a PoC with Elastic SIEM and I have about two months of experience with it.

The deployment is stable, although they are evolving very fast. They frequently update everything.

We are using Elastic SIEM on a daily basis, even during holidays.

I would say that it is scalable.

The technical support is good.

The initial setup is quite complex. Starting from the point where we were collecting the data, the deployment probably took about a month. However, simply installing the applications only takes a few days.

We have an engineer in the company who handled the deployment. So far, things have been good.

My advice to anybody who is implementing Elastic SIEM is to understand how the data works first. It is really different from other types of products.

Overall, the product is very stable and it is well-liked. I think that everybody should consider using it.

I would rate this solution an eight out of ten.

Elastic is straightforward, easy to integrate, and highly customizable.  

The Integration module could be improved. It is a pain to build integration with any product. We have to do parking and so on. It's not like other commercial solutions that use profile integration. I would also see more detection features on the SIEM side.

Elastic is easily scalable.

Elastic support is good.

Elastic's initial setup is quite straightforward. 

Elastic is still priced far less than other commercial products. 

I rate Elastic SIEM eight out of 10. Elastic is easy, lightweight, and highly scalable, but you need to be skilled at scripting to use it. If you're going to use the product, you need to ensure your engineers have the scripting ability. 

We want to track and to respond to our security incidents. That's the main reason we use it, to analyze and see like what all the incidents that are happening. We also deploy it for some of our clients.

The most valuable features are the speed, detail, and visualization. It has the latest standards.

In the case of DNS traffic or identification logs, you can actually use it on nondiscrimination laws. It has a good speed in which we can analyze the logs and the net flow.

The signature security needs improvement. 

If you compare this with CrowdStrike or Carbon Black, they can improve. 

I have been using Elastic SIEM for one year. 

It is stable.

Scaling is not a problem. Most of these products are cloud-native so we were able to scale it easily.

We are to implement it for smaller, medium, and bigger clients. I have done a few implementations with small and medium businesses and I've done a couple on the bigger side with bigger clients and we don't see much of a difference, but one of them can move down the fabric. With smaller and medium-sized businesses there is only one point of contact whereas with larger businesses there is a whole team that gets involved. 

There were a couple of instances where we were in touch with the Elastic support team. The DevOps team was primarily in touch with them. We were able to close all of the issues. There We didn't need to continuously have calls with support. We were able to close it on all forums.

Because I come from a technical background, I find the setup to be easy. It would also be easy for admins, like a manager or somebody who is on DevOps. But somebody without a background could find it complex. Overall, if you asked me to describe it is easy.

If we have to customizations, we can close it in a week's time, max, okay. So as he said to whatever that is, they're magnificent customizations that they want to do and internally what they want. But if we want to add certain rules or connection with the rules. 

I have expertise with Dell and I moved from it to Elastic because I had different projects and this was a natural extension. 

You have to decide to what level you're trying to go. Is it an SMB or larger enterprise? Because if it is a bigger enterprise there might be a lot of other cybersecurity products that are already installed on their premises. You need to check the compatibility and how it's going to integrate. 

Make sure it is easy to use and check to see what level you want to track. If there are incidents like unknown IPs and if you look at the logs and find there is no harm in the IPs there will be scrutiny on the endpoints. 

Consider what kind of team you're going to have and what their ability is to customize things, to connect to different logs. They should look at the operation and see how to customize it and connect it.  

Finally, consider your budget and how much you want to spend. 

I would rate it an eight out of ten. It is evolving every day on the security front but there are still certain areas that can be improved more.

In the next release, I'd like to see more improvements so that we can do more automation and have more automatic responses. That would be more helpful so that we don't have to delay the manual sources.

The solution does not have a UI and this is one of the reasons we are looking for another solution.

When setting up some of the pipelines we are receiving different types of log messages with different patterns. When I try to force a certain pattern I need to restart the solution causing a huge inconvenience for us.

I have been using the solution for one year.

The solution is not stable.

We have approximately 15 users using the solution in my organization.

When doing the installation, the ELK is working well but sometimes when we search for specific words there is no longer any inception throughout. This issue has been difficult to debug or fix.

The index is very important when using this solution. We encountered a couple of issues when we set up the wrong index, it causes everything to go down. That means if we set up something incorrectly with the index, the solution will be down and we do not know why.

The solution is free.

We are currently evaluating other solutions to replace this one, such as Datadogs and New Relic. Datadog has a UI that this solution is lacking.

I would not recommend this solution.

I rate ELK Logstash a five out of ten.