Elastic Security uses AI capabilities to detect anomalies and discover unknown traffic patterns. It also has an AI assistant that you can use to ask questions, which is a really powerful tool. Overall, I rate the solution an eight out of ten.
The solution allows you to generate alerts. You can automatically detect and configure mail in some addresses and automatically identify the identity that you have in your system. This is important for confidentiality in order to control the risks in identifying the users. The solution also uses artificial intelligence to identify anyone using your system. We use the solution to monitor the activities of the people in the organization to prevent attacks in a controlled environment. We use the tool to observe the behavior of attacks and how to mitigate them. Today, security is more important than people know. You need to know who has access to your network, repository, or cell phone. Overall, I rate the solution ten out of ten.
Chief ARCHITECT at a manufacturing company with 11-50 employees
Real User
Top 20
2024-04-12T13:08:00Z
Apr 12, 2024
Anomaly detection comes into play when conducting a threat investigation using threat intelligence or querying threats. Typically, security events stem from various sources, such as operating system logs, event logs, application logs, and security logs, all collected from different systems and traffic data. This data streams at an enormous rate, measured in events per second, often reaching millions. Therefore, the task involves running anomaly detection across these events to pinpoint those requiring analysis and further threat-hunting efforts. If you're using Kaspersky for event management or passing through data stream pipelines, Elastic can convert the data into a usable format for ingestion into the cluster. Integration with existing solutions is straightforward since Elastic is an open-source platform. Overall, I rate the solution an eight out of ten.
Director of Technology at a tech vendor with 11-50 employees
Real User
Top 5
2024-02-15T12:07:00Z
Feb 15, 2024
The product has made amazing developments and has gone miles ahead in a short span of time when it comes to its enhanced threat detection and threat response capabilities. The product has helped manage endpoint security since it serves as a single tool that provides all the functionalities together. After you deploy Elastic Security, you can do everything with it, and there is no need to buy separate products or licenses. Through the setup of Elastic ELK Stack, you can get all the functionalities like SIEM, SOC, threat detection, endpoint detection, user behavior analytics, data analytics, data lake analytics, virtualization, dashboarding, cross-referencing, and threat response. Elastic Security's most beneficial for security needs steps from the tool's openness. The tool is a highly customizable product, allowing you to play with it as much as you want. Speaking about real-time data analytics features in Elastic Security improve security posture, the real-time is not real-time natively. You need real-time streaming capabilities, for which you need something like Apache Kafka to stream data. The analytical power of Elastic Security is extremely high. If you can get me data in real-time, I can analyze data in real time with Elastic Security. The product has introduced generative AI in the tool. The product has covered all technological advancements a person can think of, and it also has a lot of roadmap for the future development of the solution. The tool is strong and capable. Elastic Security offers one of the highest integration capabilities I have seen in any kit in the market. The tool offers a lot of out-of-the-box connectors and a lot of certification from a lot of providers across different areas. From a workflow perspective, if you are a customer using a proprietary tool with proprietary mechanisms to manage how work is done, then the integration offered by Elastic Security wouldn't be great. If you have an enterprise-grade product involving firewall solutions, SOC tools, endpoint tools, privilege access management solutions, or any other cybersecurity tools, Elastic Security's integration capabilities would work and help manage your workflows seamlessly. One of my company's customers told me that the incident response time after the implementation of the product was reduced by half within the first few weeks of the rolling out of the solution in the company. The product is very user-friendly since it offers generative AI in the dashboard. If you don't know how to do something on the dashboard, you can ask a question, and the solution will guide you. From a user perspective, I would say that the person using the product should be knowledgeable and should know what he wants. The product is not for someone who is a novice. The cybersecurity analyst working on the tool should have a fair understanding of what he wants to achieve with the product. It is okay if a cybersecurity analyst does not know how to write a query in the tool since the product offers help through generative AI. You can ask generative AI how to write a query, and it helps you. Elastic Security can be a bit difficult to use if a person only has experience in SMBs with tools like Zoho. The product can also be difficult for those who have never dealt with query language. It would be easy to move to Elastic Security for those who use Splunk, IBM QRadar, or other enterprise-grade tools. I rate the overall tool a ten out of ten.
Executive Cybersecurity at a computer software company with 11-50 employees
Real User
Top 5
2023-10-03T08:58:22Z
Oct 3, 2023
Overall, I would rate the solution an eight out of ten. We are still evaluating Elastic Security, but we are interested in learning more about its capabilities.
I am a security engineer and I have a team of security engineers. We are an MSSP that provides security services to different clients. For example, a customer might need us to monitor their infrastructure, so they'd provide us access to their SIEM and monitoring tools. Similarly, one of our clients in UAE approached us to monitor their infrastructure, and I learned that they are using Elastic Security as an SIEM. I wanted to ensure that my team and I were comfortable using this solution to get clients to use this product. I rate Elasticsearch a six-point five out of ten. To anyone planning on choosing Elasticsearch, I advise you to know your infrastructure first and then plan how many instances you'll need. Consider how the number of devices and your business will grow, and plan accordingly. Then, deploy the solution according to the best practices. Once deployed, make sure you organize your integrations so that the solution is easy to manage in the long run because when you have more than 200,000 or 300,000 log sources feeding logs into your ELK, it will be very tough to manage.
Lead Enterprise Architect at a tech consulting company with 51-200 employees
Real User
Top 20
2023-06-27T14:27:27Z
Jun 27, 2023
I would rate the product an eight out of ten. You should use the solution if you want to have a very detailed machine-learning artificial intelligence. However, for certain production licenses, you need to prepare. It is open to different configurations and can just fit according to your requirements. This is one of the solution's good parts.
Intern Cybersecurity at a computer software company with 10,001+ employees
Real User
Top 10
2023-05-23T15:32:26Z
May 23, 2023
I rate Elastic Search seven out of 10. I would recommend it for people who are using it to learn about solutions, but I don't think it's capable of doing the work on an enterprise level.
Big Data Team Leader at a tech services company with 51-200 employees
Real User
Top 20
2023-04-06T12:14:00Z
Apr 6, 2023
I would say you don't spend too much time evaluating and comparing it with other products. Just start with it because you can begin for free and gain knowledge. It's the best approach. It's also a good idea to run it next to other solutions, like Splunk or QRadar, or something else, and compare how you can use this platform. We have also done some migration projects from these platforms to Elastic Security. Initially, some expectations were that it could not be as good for the price because it's free or cheaper, but surprisingly, we found it valuable and easy to use. Overall, I rate it a seven out of ten because some features are still missing. However, it's a developing platform and technology that is a good investment for the future. Every release adds new features, and the platform fits future requests and changing IT landscapes, like cloud environments. There are no limits, and it's an open platform that can serve all needs.
I'm a partner. I'd advise others to take advantage of the documentation of the solution in order to get the most out of the product. In general, I'd rate the solution eight out of ten.
Associate Delivery Lead at a tech services company with 1,001-5,000 employees
Real User
2020-07-03T04:02:35Z
Jul 3, 2020
I would say "Elastic is more a platform rather than a tool". For SIEM, Elastic is quite flexible, however you will have to create Use cases yourself (e.g. Threat hunting). Elastic nodes sizing is key in ensuring performance is not impacted.
I've had customers for Elastic Security in the last twelve months. Elastic Security requires maintenance, especially in a scaled-up environment, because you have multiple machines that work in a cluster environment, so you'll need some advanced skills to maintain that cluster. The solution becomes harder to maintain once it's scaled up. Elastic Security is a pretty straightforward solution I'd recommend to others, though you'd need a person who'll pick up the query or search language because Elastic Security requires a lot of query language, so you can search for data on it. There's a special search query pattern you have to remember before you can do the search or for you to do a better search. You can always do a normal search on Elastic Security, but if you want to have better search results or more accurate results, you need to learn the query language first. My rating for Elastic Security is eight out of ten because of its good performance and scalability. Its good search feature is very important for the use cases of my customers, but I deducted two points because the pricing for Elastic Security could still be improved.
Chief Operating Officer / SR. Project Manager at SCS
Real User
2022-05-20T17:40:00Z
May 20, 2022
There's a lot of fine-tuning involved with this solution. When you go to a diner, and the menu has everything on it, and you can't figure out which part to look at first, it's a double-edged sword. You can do everything with this solution, which means you have to figure out which part of "everything" makes sense for your company to do. I would rate this solution as an eight out of ten. It's a good value for money and a reliable solution, but it's heavily reliant on appropriate configuration.
I would rate this solution 7 out of 10. It's a good solution and I would recommend it, but there are other products that have more features that Elastic doesn't have.
Information Security Analyst at a financial services firm with 1,001-5,000 employees
Real User
2022-02-06T07:24:04Z
Feb 6, 2022
We are a partner. I'd advise others considering the solution that ELK is a good solution, however, it requires skills and capability. You need to be properly trained with it to get the most out of it. I would rate the solution at a five out of ten.
Professional Services Manager at PT Korelasi Persada Indonesia
Real User
2022-01-05T07:23:09Z
Jan 5, 2022
I rate Elastic SIEM eight out of 10. Elastic is easy, lightweight, and highly scalable, but you need to be skilled at scripting to use it. If you're going to use the product, you need to ensure your engineers have the scripting ability.
Consultant at a computer software company with 5,001-10,000 employees
Real User
2021-05-21T09:52:37Z
May 21, 2021
I would advise going for the latest version, but it may or may not be backward compatible. Nowadays, version 7.12 is the latest version, and I see that it is actually not compatible with the older versions. I would rate Elastic SIEM a seven out of ten.
I.T. Manager at a healthcare company with 51-200 employees
Real User
2020-10-01T09:58:00Z
Oct 1, 2020
In our case, being a medium-sized business, it takes a lot of resources to learn how to properly use and implement it — you need to have a good understanding. They give you a very good framework and a very good solution to work with, but there's a lot of intuition that's required to actually make it work well. It requires a lot more effort than they would lead you to believe or that you would even expect. On a scale from one to ten, I would give this solution a rating of eight. This is based on my experiences from the past as we're still implementing it.
Consultant at a computer software company with 5,001-10,000 employees
Real User
2020-07-29T07:45:59Z
Jul 29, 2020
My advice to anybody who is considering this product is that it is a very competitive tool that is very new in the market and the vendor is doing their best to improve services. I highly recommend it and suggest that people choose it without a second thought. I would rate this solution an eight out of ten.
Director of Engineering at a tech services company with 201-500 employees
Real User
2020-05-18T07:50:00Z
May 18, 2020
You have to decide to what level you're trying to go. Is it an SMB or larger enterprise? Because if it is a bigger enterprise there might be a lot of other cybersecurity products that are already installed on their premises. You need to check the compatibility and how it's going to integrate. Make sure it is easy to use and check to see what level you want to track. If there are incidents like unknown IPs and if you look at the logs and find there is no harm in the IPs there will be scrutiny on the endpoints. Consider what kind of team you're going to have and what their ability is to customize things, to connect to different logs. They should look at the operation and see how to customize it and connect it. Finally, consider your budget and how much you want to spend. I would rate it an eight out of ten. It is evolving every day on the security front but there are still certain areas that can be improved more. In the next release, I'd like to see more improvements so that we can do more automation and have more automatic responses. That would be more helpful so that we don't have to delay the manual sources.
Cyber Security Consultant at a tech services company with 51-200 employees
Real User
2020-04-28T08:50:48Z
Apr 28, 2020
This solution is complex and cannot be used by just anybody. That said, for people who don't want to buy a product or who want to do everything themselves, I would recommend it. The real problem is that its complexity means that it takes a lot of time to set up and learn to use. There is a lot of configuration and hard work. I would rate this solution an eight out of ten.
CEO at a tech services company with 51-200 employees
Real User
2020-04-28T08:50:45Z
Apr 28, 2020
My advice to anybody who is implementing Elastic SIEM is to understand how the data works first. It is really different from other types of products. Overall, the product is very stable and it is well-liked. I think that everybody should consider using it. I would rate this solution an eight out of ten.
Manager- Information Security at a tech services company with 51-200 employees
Real User
2019-11-13T05:29:00Z
Nov 13, 2019
I'd advise others to definitely do a POC, and have a plan for at least a couple of months, to see the benefits of it and then decide if it's the right solution for them. You would need some kind of technical knowhow, not on the product, but on the kinds of incidents which you could face. You need some hands-on knowledge. I'd rate the solution eight out of ten. The solution is effective. They even offer Mac versions now.
Former CISO | Cyber Security Enthusiast at a tech services company with 51-200 employees
Real User
2019-07-09T05:26:00Z
Jul 9, 2019
It works well offline. It works on the cloud as well, but I doubt that it has 100% capability as it does on-premise. There's a difference. Endgame works very well when it's not connected to the internet as well. For example, if it's installed on a computer and the person's out on the road, it's still going to protect. Go through a good assessment of the Endpoint from an Endpoint security assessment methodology perspective. I would rate this solution 7.5 out of 10 because I know of a solution that does better.
Elastic Security is a robust, open-source security solution designed to offer integrated threat prevention, detection, and response capabilities across an organization's entire digital estate. Part of the Elastic Stack (which includes Elasticsearch, Logstash, and Kibana), Elastic Security leverages the power of search, analytics, and data aggregation to provide real-time insight into threats and vulnerabilities. It is a comprehensive platform that supports a wide range of security needs, from...
Elastic Security uses AI capabilities to detect anomalies and discover unknown traffic patterns. It also has an AI assistant that you can use to ask questions, which is a really powerful tool. Overall, I rate the solution an eight out of ten.
The solution allows you to generate alerts. You can automatically detect and configure mail in some addresses and automatically identify the identity that you have in your system. This is important for confidentiality in order to control the risks in identifying the users. The solution also uses artificial intelligence to identify anyone using your system. We use the solution to monitor the activities of the people in the organization to prevent attacks in a controlled environment. We use the tool to observe the behavior of attacks and how to mitigate them. Today, security is more important than people know. You need to know who has access to your network, repository, or cell phone. Overall, I rate the solution ten out of ten.
Anomaly detection comes into play when conducting a threat investigation using threat intelligence or querying threats. Typically, security events stem from various sources, such as operating system logs, event logs, application logs, and security logs, all collected from different systems and traffic data. This data streams at an enormous rate, measured in events per second, often reaching millions. Therefore, the task involves running anomaly detection across these events to pinpoint those requiring analysis and further threat-hunting efforts. If you're using Kaspersky for event management or passing through data stream pipelines, Elastic can convert the data into a usable format for ingestion into the cluster. Integration with existing solutions is straightforward since Elastic is an open-source platform. Overall, I rate the solution an eight out of ten.
The product has made amazing developments and has gone miles ahead in a short span of time when it comes to its enhanced threat detection and threat response capabilities. The product has helped manage endpoint security since it serves as a single tool that provides all the functionalities together. After you deploy Elastic Security, you can do everything with it, and there is no need to buy separate products or licenses. Through the setup of Elastic ELK Stack, you can get all the functionalities like SIEM, SOC, threat detection, endpoint detection, user behavior analytics, data analytics, data lake analytics, virtualization, dashboarding, cross-referencing, and threat response. Elastic Security's most beneficial for security needs steps from the tool's openness. The tool is a highly customizable product, allowing you to play with it as much as you want. Speaking about real-time data analytics features in Elastic Security improve security posture, the real-time is not real-time natively. You need real-time streaming capabilities, for which you need something like Apache Kafka to stream data. The analytical power of Elastic Security is extremely high. If you can get me data in real-time, I can analyze data in real time with Elastic Security. The product has introduced generative AI in the tool. The product has covered all technological advancements a person can think of, and it also has a lot of roadmap for the future development of the solution. The tool is strong and capable. Elastic Security offers one of the highest integration capabilities I have seen in any kit in the market. The tool offers a lot of out-of-the-box connectors and a lot of certification from a lot of providers across different areas. From a workflow perspective, if you are a customer using a proprietary tool with proprietary mechanisms to manage how work is done, then the integration offered by Elastic Security wouldn't be great. If you have an enterprise-grade product involving firewall solutions, SOC tools, endpoint tools, privilege access management solutions, or any other cybersecurity tools, Elastic Security's integration capabilities would work and help manage your workflows seamlessly. One of my company's customers told me that the incident response time after the implementation of the product was reduced by half within the first few weeks of the rolling out of the solution in the company. The product is very user-friendly since it offers generative AI in the dashboard. If you don't know how to do something on the dashboard, you can ask a question, and the solution will guide you. From a user perspective, I would say that the person using the product should be knowledgeable and should know what he wants. The product is not for someone who is a novice. The cybersecurity analyst working on the tool should have a fair understanding of what he wants to achieve with the product. It is okay if a cybersecurity analyst does not know how to write a query in the tool since the product offers help through generative AI. You can ask generative AI how to write a query, and it helps you. Elastic Security can be a bit difficult to use if a person only has experience in SMBs with tools like Zoho. The product can also be difficult for those who have never dealt with query language. It would be easy to move to Elastic Security for those who use Splunk, IBM QRadar, or other enterprise-grade tools. I rate the overall tool a ten out of ten.
Overall, I would rate the solution an eight out of ten. We are still evaluating Elastic Security, but we are interested in learning more about its capabilities.
I am a security engineer and I have a team of security engineers. We are an MSSP that provides security services to different clients. For example, a customer might need us to monitor their infrastructure, so they'd provide us access to their SIEM and monitoring tools. Similarly, one of our clients in UAE approached us to monitor their infrastructure, and I learned that they are using Elastic Security as an SIEM. I wanted to ensure that my team and I were comfortable using this solution to get clients to use this product. I rate Elasticsearch a six-point five out of ten. To anyone planning on choosing Elasticsearch, I advise you to know your infrastructure first and then plan how many instances you'll need. Consider how the number of devices and your business will grow, and plan accordingly. Then, deploy the solution according to the best practices. Once deployed, make sure you organize your integrations so that the solution is easy to manage in the long run because when you have more than 200,000 or 300,000 log sources feeding logs into your ELK, it will be very tough to manage.
I would rate Elastic Security a nine out of ten.
I would rate the solution a seven out of ten.
I would rate the product an eight out of ten. You should use the solution if you want to have a very detailed machine-learning artificial intelligence. However, for certain production licenses, you need to prepare. It is open to different configurations and can just fit according to your requirements. This is one of the solution's good parts.
I rate Elastic Search seven out of 10. I would recommend it for people who are using it to learn about solutions, but I don't think it's capable of doing the work on an enterprise level.
I would say you don't spend too much time evaluating and comparing it with other products. Just start with it because you can begin for free and gain knowledge. It's the best approach. It's also a good idea to run it next to other solutions, like Splunk or QRadar, or something else, and compare how you can use this platform. We have also done some migration projects from these platforms to Elastic Security. Initially, some expectations were that it could not be as good for the price because it's free or cheaper, but surprisingly, we found it valuable and easy to use. Overall, I rate it a seven out of ten because some features are still missing. However, it's a developing platform and technology that is a good investment for the future. Every release adds new features, and the platform fits future requests and changing IT landscapes, like cloud environments. There are no limits, and it's an open platform that can serve all needs.
I rate Elastic Security nine out of 10. I can't speak to any of the other security features, but it works for logging and SIEM.
I'm using the latest version of the solution. I'd recommend the solution to others. I'd rate the solution eight out of ten.
I'm a partner. I'd advise others to take advantage of the documentation of the solution in order to get the most out of the product. In general, I'd rate the solution eight out of ten.
For new customers, this is a perfect choice. For older customers, it's very difficult to change solutions. I'd rate the solution eight out of ten.
I would say "Elastic is more a platform rather than a tool". For SIEM, Elastic is quite flexible, however you will have to create Use cases yourself (e.g. Threat hunting). Elastic nodes sizing is key in ensuring performance is not impacted.
I've had customers for Elastic Security in the last twelve months. Elastic Security requires maintenance, especially in a scaled-up environment, because you have multiple machines that work in a cluster environment, so you'll need some advanced skills to maintain that cluster. The solution becomes harder to maintain once it's scaled up. Elastic Security is a pretty straightforward solution I'd recommend to others, though you'd need a person who'll pick up the query or search language because Elastic Security requires a lot of query language, so you can search for data on it. There's a special search query pattern you have to remember before you can do the search or for you to do a better search. You can always do a normal search on Elastic Security, but if you want to have better search results or more accurate results, you need to learn the query language first. My rating for Elastic Security is eight out of ten because of its good performance and scalability. Its good search feature is very important for the use cases of my customers, but I deducted two points because the pricing for Elastic Security could still be improved.
We are just customers. I'd rate the solution an eight out of ten.
I would rate this solution as a seven out of ten.
There's a lot of fine-tuning involved with this solution. When you go to a diner, and the menu has everything on it, and you can't figure out which part to look at first, it's a double-edged sword. You can do everything with this solution, which means you have to figure out which part of "everything" makes sense for your company to do. I would rate this solution as an eight out of ten. It's a good value for money and a reliable solution, but it's heavily reliant on appropriate configuration.
I would rate this solution 7 out of 10. It's a good solution and I would recommend it, but there are other products that have more features that Elastic doesn't have.
We are a partner. I'd advise others considering the solution that ELK is a good solution, however, it requires skills and capability. You need to be properly trained with it to get the most out of it. I would rate the solution at a five out of ten.
I rate Elastic SIEM eight out of 10. Elastic is easy, lightweight, and highly scalable, but you need to be skilled at scripting to use it. If you're going to use the product, you need to ensure your engineers have the scripting ability.
I would advise going for the latest version, but it may or may not be backward compatible. Nowadays, version 7.12 is the latest version, and I see that it is actually not compatible with the older versions. I would rate Elastic SIEM a seven out of ten.
In our case, being a medium-sized business, it takes a lot of resources to learn how to properly use and implement it — you need to have a good understanding. They give you a very good framework and a very good solution to work with, but there's a lot of intuition that's required to actually make it work well. It requires a lot more effort than they would lead you to believe or that you would even expect. On a scale from one to ten, I would give this solution a rating of eight. This is based on my experiences from the past as we're still implementing it.
My advice to anybody who is considering this product is that it is a very competitive tool that is very new in the market and the vendor is doing their best to improve services. I highly recommend it and suggest that people choose it without a second thought. I would rate this solution an eight out of ten.
You have to decide to what level you're trying to go. Is it an SMB or larger enterprise? Because if it is a bigger enterprise there might be a lot of other cybersecurity products that are already installed on their premises. You need to check the compatibility and how it's going to integrate. Make sure it is easy to use and check to see what level you want to track. If there are incidents like unknown IPs and if you look at the logs and find there is no harm in the IPs there will be scrutiny on the endpoints. Consider what kind of team you're going to have and what their ability is to customize things, to connect to different logs. They should look at the operation and see how to customize it and connect it. Finally, consider your budget and how much you want to spend. I would rate it an eight out of ten. It is evolving every day on the security front but there are still certain areas that can be improved more. In the next release, I'd like to see more improvements so that we can do more automation and have more automatic responses. That would be more helpful so that we don't have to delay the manual sources.
This solution is complex and cannot be used by just anybody. That said, for people who don't want to buy a product or who want to do everything themselves, I would recommend it. The real problem is that its complexity means that it takes a lot of time to set up and learn to use. There is a lot of configuration and hard work. I would rate this solution an eight out of ten.
My advice to anybody who is implementing Elastic SIEM is to understand how the data works first. It is really different from other types of products. Overall, the product is very stable and it is well-liked. I think that everybody should consider using it. I would rate this solution an eight out of ten.
I'd advise others to definitely do a POC, and have a plan for at least a couple of months, to see the benefits of it and then decide if it's the right solution for them. You would need some kind of technical knowhow, not on the product, but on the kinds of incidents which you could face. You need some hands-on knowledge. I'd rate the solution eight out of ten. The solution is effective. They even offer Mac versions now.
It works well offline. It works on the cloud as well, but I doubt that it has 100% capability as it does on-premise. There's a difference. Endgame works very well when it's not connected to the internet as well. For example, if it's installed on a computer and the person's out on the road, it's still going to protect. Go through a good assessment of the Endpoint from an Endpoint security assessment methodology perspective. I would rate this solution 7.5 out of 10 because I know of a solution that does better.