Senior Cyber Security Manager at a tech services company with 11-50 employees
Real User
Top 10
2024-11-25T04:19:00Z
Nov 25, 2024
Elastic sometimes does not correctly identify threats or anomalies. It might not classify an issue as malicious or critical accurately. CrowdStrike and Defender have more established threat intelligence integration due to having a larger client base.
Chief ARCHITECT at a manufacturing company with 11-50 employees
Real User
Top 20
2024-04-12T13:08:00Z
Apr 12, 2024
The solution lacks discovery. With effective discovery and asset management in place, you can identify the impact of threats. Having an asset management database allows you to determine the effects of threats on assets and their implications for business and operational aspects.
Director of Technology at a tech vendor with 11-50 employees
Real User
Top 5
2024-02-15T12:07:00Z
Feb 15, 2024
There is a constant evolution in the product. I think that the solution has a strong roadmap in place. I believe that the tool is going to be a leader in a lot of spaces, considering that it is evolving at a fast rate. From an improvement perspective, the product should be easier to use for those who don't know query language and have experience with only some basic products in the market.
Executive Cybersecurity at a computer software company with 11-50 employees
Real User
Top 5
2023-10-03T08:58:22Z
Oct 3, 2023
One limitation of Elastic Security is that it does not have built-in workflows for all tasks. For example, if you need a workflow for compliance, you will need to create a custom workflow. Sometimes, different types of clients require different workflows. And it absolutely varies from context to context. So that is often not available in [Elastic Security]. Additionally, the list of data sources that Elastic Security supports is limited. If you need to collect data from a system or application that is not on the list, you will need to develop a custom integration.
There are a lot of things that could be improved. For example, if I talk about Sentinel, the automation of the server component is very cool. But when it comes to Elastic, I don't see that. I think we need to come up with other solutions to make it possible to automate the response. This is easier in Azure Sentinel. Then if I come to integration, for example, there is a product from IBM called QRadar. They provide a very managed way to manage your integrated log sources. For example, you will get a list in one pane where you can segregate logs based on their log type. For example, it could be based on Windows or Linux. Even within them, you can segregate them based on their application. You can tag them. But in Elasticsearch, you will get all of these in one place, in a raw form which is not very presentable. You cannot visualize those log sources pretty well. Although you can visualize logs pretty well through dashboards and graphs, when it comes to integrated devices, management for those devices is missing. And wherever I use Elasticsearch, it takes a lot of time to reload or load. It is very time-consuming.
Elastic has one problem. In the past, Elastic Security was free. Now, they currently only offer the basic license or a certain period of time. The platinum and enterprise level features aren't offered in the free version and most organizations use the free version. They don't pay for the paid features. That's a problem in the market from the Elastic side. They should have a way for everybody to be able to benefit from the premium features.
Big Data Team Leader at a tech services company with 51-200 employees
Real User
Top 20
2023-04-06T12:14:00Z
Apr 6, 2023
In terms of improvement, there could be more automation in responding to and evaluating detections. Additionally, there could be some sort of intelligent database checking for better effects. Overall, I think there could be more automation.
System Administrator at a financial services firm with 11-50 employees
Real User
Top 10
2023-03-09T22:03:32Z
Mar 9, 2023
Elastic Security has a steep learning curve, so it takes some time to tune it and set it up for your environment. There are some costs associated with logging things that don't have value. So you need to be cautious to only log things that make sense and keep them around for as long as you need. You shouldn't hold onto things just because you think you might need them.
The solution wasn't designed for monitoring at first. It was for search and stack logs and for working with solutions like Kibana. Therefore, they are a bit weak when compared to traditional monitoring tools. They should work to improve their integration and graphical interfaces. Their visuals and graphs need to be better. They need better charts. These already exist in Kibana and should be in this solution as well.
The solution isn't really recognized in the market. They need to do a better job when they are marketing the solution. We'd like customers to have more visibility of it, and we'd like them to see how secure and highly effective it is. There needs to be more brand awareness. We have faced some obstacles when handling the implementation process. There are no templates available when integrating with other products. We sometimes need to find some workarounds. We'd like to see some more artificial intelligence capabilities.
An area for improvement in Elastic Security is the pricing. It could be better. Right now, when you increase the volume of logs to be collected, the price also increases a lot.
Engineer at a tech services company with 501-1,000 employees
Real User
2022-07-01T05:07:16Z
Jul 1, 2022
It's a pretty solid product. It's pretty easy to use as it's not a full endpoint protection suite. We're actually dependent on using Windows Defender for a firewall and traditional antivirus when it's required. It could use maybe a little more on the Linux side. Now that the product line is getting picked up by Elastic, they're going to continue to build out and make the Linux feature set more robust. However, I would say that right now the Linux feature set is a little limited.
Elastic doesn't have the features like other competitors in SIEM. For example, Dynatrace as a solution for SIEM has features that Elastic actually don't have. With Elastic, you have to build the use cases for the specific requirement. Other products have a simple integration and more use cases to integrate out-of-the-box solutions for SIEM. That's the improvement I would like to see.
Information Security Analyst at a financial services firm with 1,001-5,000 employees
Real User
2022-02-06T07:24:04Z
Feb 6, 2022
The SIEM modules in Logstash, need more improvement. In the future, the modules could be more advanced as right now there are only very basic modules. We are facing an issue with the engineers. In the region, there are not many available. Only a few people might be available in our particular region, which is a problem. There isn't really a very good user experience. You need a lot of training. There is an interface with limited options. You need to work with the coding and you need to work with the scripts. It's not simple. If you want to configure something, for example, you need to be a proper programmer. It would ideal if they had a dashboard. Right now, the only way to see what you need to see is to go through all of the logs.
Professional Services Manager at PT Korelasi Persada Indonesia
Real User
2022-01-05T07:23:09Z
Jan 5, 2022
The Integration module could be improved. It is a pain to build integration with any product. We have to do parking and so on. It's not like other commercial solutions that use profile integration. I would also see more detection features on the SIEM side.
Consultant at a computer software company with 5,001-10,000 employees
Real User
2021-05-21T09:52:37Z
May 21, 2021
There should be a simulation environment to check whether my Elastic implementation is functioning perfectly fine. Other competitors provide a simulation environment so that I can simulate an IT attack and see how my solution is reacting or giving me alerts. I have not found any such feature in Elastic. Other solutions have their own Android and iOS applications that I can install on my mobile so that I am continuously connected to the SIEM. This is something missing in Elastic. There is no mobile app. Its documentation should be a bit better. I have to spend at least a couple of hours to find the solution for a simple thing. The documentation should be more precise and much better than what their counterparts are offering. When we buy Elastic, training is not included for free with Elastic. We have to pay extra for the training. They should include training in the price.
I.T. Manager at a healthcare company with 51-200 employees
Real User
2020-10-01T09:58:00Z
Oct 1, 2020
The biggest challenge has been related to the implementation. It's a very complex product which, without a lot of knowledge or a lot of training, it's very difficult to get into and make use of. They try and make a lot of the general features very simple to access; a lot of the dashboards are very simple to use and so forth, but a lot of the refined capabilities take serious skills. They're not necessarily the easiest to implement.
Consultant at a computer software company with 5,001-10,000 employees
Real User
2020-07-29T07:45:59Z
Jul 29, 2020
There are sensors called beats that have to be installed on all of the client machines, and there are seven or eight of them. As it is now, each beat needs to be configured separately, which can be quite hectic if my client has 1000+ machines. It would take a considerable period of time for us to complete the installation. They have begun working on this in the form of agents, which is a centralized management tool wherein all beats will be installed in a single stroke. The training that is offered for Elastic is in need of improvement because there is no depth to it. It hardly takes 15 or 20 minutes to complete a training session that they say will take two hours to finish. Clearly, something is missing. If a new engineer wants to work with Elastic then it is really very hard for them to understand the technology.
CEO at a tech services company with 51-200 employees
Real User
2020-04-28T08:50:45Z
Apr 28, 2020
This solution is very hard to implement. It is not a simple product but rather, it has many features and we need to understand all of them. For example, there is the analytics, the parser, and the visualizer, and setting them all up is a little bit complex. In the next release of this product, I would like to see SOAR automation features, similar to what Splunk Phantom has.
Former CISO | Cyber Security Enthusiast at a tech services company with 51-200 employees
Real User
2019-07-09T05:26:00Z
Jul 9, 2019
I think user interface could be improved. They should introduce a hybrid model, because for now, Endgame is purely on premises. They do not have a full-blown model. They don't market themselves that way, which is why customers lose out on a lot of information. They don't know if the product is worth the trial or not because it's an organization that is going completely in the direction of digital transformation on the cloud and then Endgame's automatically removed as an option for them. They wouldn't even know Endgame goes on the cloud, because the company does not market it. The solution could also use better dashboards. They need to be more graphical, more matrix-like.
Elastic Security is a robust, open-source security solution designed to offer integrated threat prevention, detection, and response capabilities across an organization's entire digital estate. Part of the Elastic Stack (which includes Elasticsearch, Logstash, and Kibana), Elastic Security leverages the power of search, analytics, and data aggregation to provide real-time insight into threats and vulnerabilities. It is a comprehensive platform that supports a wide range of security needs, from...
Elastic sometimes does not correctly identify threats or anomalies. It might not classify an issue as malicious or critical accurately. CrowdStrike and Defender have more established threat intelligence integration due to having a larger client base.
The solution's basic setup takes time, and a lot of effort is required from the beginning to make it actually work.
The solution should generate an automatic product that integrates with ELK Stack to use artificial intelligence.
The solution lacks discovery. With effective discovery and asset management in place, you can identify the impact of threats. Having an asset management database allows you to determine the effects of threats on assets and their implications for business and operational aspects.
There is a constant evolution in the product. I think that the solution has a strong roadmap in place. I believe that the tool is going to be a leader in a lot of spaces, considering that it is evolving at a fast rate. From an improvement perspective, the product should be easier to use for those who don't know query language and have experience with only some basic products in the market.
One limitation of Elastic Security is that it does not have built-in workflows for all tasks. For example, if you need a workflow for compliance, you will need to create a custom workflow. Sometimes, different types of clients require different workflows. And it absolutely varies from context to context. So that is often not available in [Elastic Security]. Additionally, the list of data sources that Elastic Security supports is limited. If you need to collect data from a system or application that is not on the list, you will need to develop a custom integration.
There are a lot of things that could be improved. For example, if I talk about Sentinel, the automation of the server component is very cool. But when it comes to Elastic, I don't see that. I think we need to come up with other solutions to make it possible to automate the response. This is easier in Azure Sentinel. Then if I come to integration, for example, there is a product from IBM called QRadar. They provide a very managed way to manage your integrated log sources. For example, you will get a list in one pane where you can segregate logs based on their log type. For example, it could be based on Windows or Linux. Even within them, you can segregate them based on their application. You can tag them. But in Elasticsearch, you will get all of these in one place, in a raw form which is not very presentable. You cannot visualize those log sources pretty well. Although you can visualize logs pretty well through dashboards and graphs, when it comes to integrated devices, management for those devices is missing. And wherever I use Elasticsearch, it takes a lot of time to reload or load. It is very time-consuming.
Elastic has one problem. In the past, Elastic Security was free. Now, they currently only offer the basic license or a certain period of time. The platinum and enterprise level features aren't offered in the free version and most organizations use the free version. They don't pay for the paid features. That's a problem in the market from the Elastic side. They should have a way for everybody to be able to benefit from the premium features.
The tool should improve its scalability.
The tool needs to integrate with legacy servers. Big companies can have legacy servers that may not always be updated.
The setup process is complex. You need a solid working knowledge of networking, operating systems, and a little programming.
In terms of improvement, there could be more automation in responding to and evaluating detections. Additionally, there could be some sort of intelligent database checking for better effects. Overall, I think there could be more automation.
Elastic Security has a steep learning curve, so it takes some time to tune it and set it up for your environment. There are some costs associated with logging things that don't have value. So you need to be cautious to only log things that make sense and keep them around for as long as you need. You shouldn't hold onto things just because you think you might need them.
We aren't expecting any new features in the next release, We have everything we need. Technical support could respond faster.
The solution wasn't designed for monitoring at first. It was for search and stack logs and for working with solutions like Kibana. Therefore, they are a bit weak when compared to traditional monitoring tools. They should work to improve their integration and graphical interfaces. Their visuals and graphs need to be better. They need better charts. These already exist in Kibana and should be in this solution as well.
The solution isn't really recognized in the market. They need to do a better job when they are marketing the solution. We'd like customers to have more visibility of it, and we'd like them to see how secure and highly effective it is. There needs to be more brand awareness. We have faced some obstacles when handling the implementation process. There are no templates available when integrating with other products. We sometimes need to find some workarounds. We'd like to see some more artificial intelligence capabilities.
An area for improvement in Elastic Security is the pricing. It could be better. Right now, when you increase the volume of logs to be collected, the price also increases a lot.
It's a pretty solid product. It's pretty easy to use as it's not a full endpoint protection suite. We're actually dependent on using Windows Defender for a firewall and traditional antivirus when it's required. It could use maybe a little more on the Linux side. Now that the product line is getting picked up by Elastic, they're going to continue to build out and make the Linux feature set more robust. However, I would say that right now the Linux feature set is a little limited.
There is room for improvement in the Kibana dashboard and in the asset management for the program.
It is difficult to anticipate and understand the space utilization, so more clarity there would be great.
Elastic doesn't have the features like other competitors in SIEM. For example, Dynatrace as a solution for SIEM has features that Elastic actually don't have. With Elastic, you have to build the use cases for the specific requirement. Other products have a simple integration and more use cases to integrate out-of-the-box solutions for SIEM. That's the improvement I would like to see.
The SIEM modules in Logstash, need more improvement. In the future, the modules could be more advanced as right now there are only very basic modules. We are facing an issue with the engineers. In the region, there are not many available. Only a few people might be available in our particular region, which is a problem. There isn't really a very good user experience. You need a lot of training. There is an interface with limited options. You need to work with the coding and you need to work with the scripts. It's not simple. If you want to configure something, for example, you need to be a proper programmer. It would ideal if they had a dashboard. Right now, the only way to see what you need to see is to go through all of the logs.
The Integration module could be improved. It is a pain to build integration with any product. We have to do parking and so on. It's not like other commercial solutions that use profile integration. I would also see more detection features on the SIEM side.
There should be a simulation environment to check whether my Elastic implementation is functioning perfectly fine. Other competitors provide a simulation environment so that I can simulate an IT attack and see how my solution is reacting or giving me alerts. I have not found any such feature in Elastic. Other solutions have their own Android and iOS applications that I can install on my mobile so that I am continuously connected to the SIEM. This is something missing in Elastic. There is no mobile app. Its documentation should be a bit better. I have to spend at least a couple of hours to find the solution for a simple thing. The documentation should be more precise and much better than what their counterparts are offering. When we buy Elastic, training is not included for free with Elastic. We have to pay extra for the training. They should include training in the price.
The biggest challenge has been related to the implementation. It's a very complex product which, without a lot of knowledge or a lot of training, it's very difficult to get into and make use of. They try and make a lot of the general features very simple to access; a lot of the dashboards are very simple to use and so forth, but a lot of the refined capabilities take serious skills. They're not necessarily the easiest to implement.
There are sensors called beats that have to be installed on all of the client machines, and there are seven or eight of them. As it is now, each beat needs to be configured separately, which can be quite hectic if my client has 1000+ machines. It would take a considerable period of time for us to complete the installation. They have begun working on this in the form of agents, which is a centralized management tool wherein all beats will be installed in a single stroke. The training that is offered for Elastic is in need of improvement because there is no depth to it. It hardly takes 15 or 20 minutes to complete a training session that they say will take two hours to finish. Clearly, something is missing. If a new engineer wants to work with Elastic then it is really very hard for them to understand the technology.
The signature security needs improvement. If you compare this with CrowdStrike or Carbon Black, they can improve.
The interface could be more user friendly because it is sometimes hard to deal with. The initial setup can be made easier.
This solution is very hard to implement. It is not a simple product but rather, it has many features and we need to understand all of them. For example, there is the analytics, the parser, and the visualizer, and setting them all up is a little bit complex. In the next release of this product, I would like to see SOAR automation features, similar to what Splunk Phantom has.
The solution could offer better reporting features.
I think user interface could be improved. They should introduce a hybrid model, because for now, Endgame is purely on premises. They do not have a full-blown model. They don't market themselves that way, which is why customers lose out on a lot of information. They don't know if the product is worth the trial or not because it's an organization that is going completely in the direction of digital transformation on the cloud and then Endgame's automatically removed as an option for them. They wouldn't even know Endgame goes on the cloud, because the company does not market it. The solution could also use better dashboards. They need to be more graphical, more matrix-like.