Elastic Security Reviews

We use it as a SIEM for monitoring a client's environment.

One of the most valuable features of this solution is that it is more flexible than AlienVault. 

It is difficult to anticipate and understand the space utilization, so more clarity there would be great.

My company has been using this solution for two years.

It is a very stable solution.

The solution is very scalable.

The technical support is adequate.

Neutral

We currently use AlienVault for some clients and Elastic Security for others. We chose Elastic Security because we felt it was the most flexible, cost-effective solution to provide the results needed.

In certain respects, the setup of this solution is more straightforward than other solutions, but in other respects, it's more complex because it needs more fine-tuning than Splunk or AlienVault.

We implemented through an in-house team and it took about two months.

The licensing cost depends on the size of the environment it's monitoring. Everything is based on volume, as with all SIEMs. When compared to other products, the price is average or on the low side.

We evaluated several options, including Monster SIEM, Splunk, and Wazuh.

There's a lot of fine-tuning involved with this solution. When you go to a diner, and the menu has everything on it, and you can't figure out which part to look at first, it's a double-edged sword. You can do everything with this solution, which means you have to figure out which part of "everything" makes sense for your company to do.

I would rate this solution as an eight out of ten. It's a good value for money and a  reliable solution, but it's heavily reliant on appropriate configuration.

We primarily use the solution to have a correlation on all the Windows event logs. We use it more for forensic purposes now. We are looking for something which will be a more proactive product for us and be able to detect any threats and take automatic action.

All of the features on the solution are useful due to the fact that I have the full Stack, therefore I can collect and then visualize. We have the dashboard tutor as well.

The solution has a good community surrounding it for lots of helpful documentation for troubleshooting purposes.

The solution is lacking some features of AI and machine learning. There may be a feature out there we are not using or maybe it's on a different solution, however, having more AI would be so helpful for us.

The solution needs to be more reactive to investigations. We need to be able to detect and prevent any attacks before it can damage our infrastructure. Currently, this solution doesn't offer that.

I know there are some features which are coming, and which is already available. To be honest, I haven't had any time to play around and check what could be the advantages of them. Compared to other products, already the features available - and there are lots of things which are provided - are quite useful. We are not managing it. We're only using it. For us, if we had the technical skills to manage the solution, we might be able to see and understand a few features that we're not already taking advantage of.

I've been using the solution for three years.

The solution is scalable for us now, although it didn't start that way.

We have about 50 users between SecOps and the Microsoft team. The network team of between 50 and 100 people are using it on a regular basis.

I never had to be in contact with technical support. I mainly rely on the communities around the solution and that is where I find almost all of the information I need. They're great. There's lots of information available that helps you troubleshoot issues.

We previously used a product from Quest Software called Change Auditor. We actually didn't switch off this solution. We use both Quest and ELK in our organization.

The main difference is that one you have to pay for, while the other one is much cheaper and if you don't need all the features, you can use it for free.

ELK has much more information, as well. You can grab much more information with ELK than you can with Change Auditor, without adding any additional modules.

The initial setup as I recall was pretty easy. However, I moved to an infrastructure that had a connection to a second ELK instance that I am not managing.

The settings on that instance are more complex than my initial setup. 

I am not a specialist in big data infrastructure. I am a process engineer. You need some dedicated and well-trained people as soon as you have a large infrastructure and you are sending a lot of events to the elastic instance so that it is performed correctly. That's always the challenge you have with on-premise infrastructure.

I'm not sure how much the company pays to use ELK. It's not part of the job that I handle.

We're ELK customers. Mostly I'm a specialist on the infrastructure of the solution.

The solution is perfect as long as you are using it for forensics. In terms of threat detection, it could be better. There could be another product that is more appropriate for that aspect.

I'd rate the solution eight out of ten.

The product is for use cases involving observability, visualization, dashboards, analytics, and security.

There is a constant evolution in the product. I think that the solution has a strong roadmap in place. I believe that the tool is going to be a leader in a lot of spaces, considering that it is evolving at a fast rate.

From an improvement perspective, the product should be easier to use for those who don't know query language and have experience with only some basic products in the market.

I have been using Elastic Security for more than three years. My company has a partnership with Elastic Security. My company operates as the solution's reseller, and we also manage the tool's implementation.

It is an extremely stable solution. Stability-wise, I rate the solution a ten out of ten.

It is an extremely scalable solution. Scalability-wise, I rate the solution a ten out of ten.

Whether the product suits small, medium, or enterprise-sized businesses is something that would depend on how you quantify your risks. Elastic Security is an ideal solution for anybody and everybody because it offers a free version of the solution. Small or medium businesses can use the free version of the tool. The solution has very comprehensive capabilities in the free version itself. Enterprises, large corporations, and government organizations can use the tool's paid version because it supports a lot of features from an analytical perspective. The free version doesn't have many analytical features in it. People who want to have a cybersecurity solution in their environment, which may not be specifically Elastic Security, should know the roadmap and the vision, along with a plan on what they want and how they want to go about with the product they want in their company to see where they want to end up in their cybersecurity journey. Your investments will make a lot of sense if you have a clear vision in mind.

Elastic Security is not an ideal product if you are trying to do something very simple or basic with some check mark activities or an audit to show someone that there is some technology used in the company.

I haven't had any single customer of my company telling me that the support of the product is not good. I believe that the product offers great support. I rate the technical support a nine out of ten.

Positive

I have experience with Elastic Security, Rapid7, and IBM.

I rate the initial setup phase a six or seven on a scale of one to ten, where one is difficult and ten is easy.

The product's initial setup phase is neither easy nor difficult. It is easy to manage the setup phase if you know how to do it correctly. Complexity comes along as a part of the tool, especially if it is powerful and has a lot of capabilities. If it is very easy to manage the setup phase of a tool, then it is bound to have some limitations.

The solution is deployed on the cloud, on-premises model, or a hybrid cloud.

It can take a few days to get the product up and running. The time required to deploy the tool depends on the use cases of the user.

The product offers an amazing pricing structure. Price-wise, the product is very competitive.

The product has made amazing developments and has gone miles ahead in a short span of time when it comes to its enhanced threat detection and threat response capabilities.

The product has helped manage endpoint security since it serves as a single tool that provides all the functionalities together. After you deploy Elastic Security, you can do everything with it, and there is no need to buy separate products or licenses. Through the setup of Elastic ELK Stack, you can get all the functionalities like SIEM, SOC, threat detection, endpoint detection, user behavior analytics, data analytics, data lake analytics, virtualization, dashboarding, cross-referencing, and threat response.

Elastic Security's most beneficial for security needs steps from the tool's openness. The tool is a highly customizable product, allowing you to play with it as much as you want.

Speaking about real-time data analytics features in Elastic Security improve security posture, the real-time is not real-time natively. You need real-time streaming capabilities, for which you need something like Apache Kafka to stream data. The analytical power of Elastic Security is extremely high. If you can get me data in real-time, I can analyze data in real time with Elastic Security.

The product has introduced generative AI in the tool.

The product has covered all technological advancements a person can think of, and it also has a lot of roadmap for the future development of the solution. The tool is strong and capable.

Elastic Security offers one of the highest integration capabilities I have seen in any kit in the market. The tool offers a lot of out-of-the-box connectors and a lot of certification from a lot of providers across different areas. From a workflow perspective, if you are a customer using a proprietary tool with proprietary mechanisms to manage how work is done, then the integration offered by Elastic Security wouldn't be great. If you have an enterprise-grade product involving firewall solutions, SOC tools, endpoint tools, privilege access management solutions, or any other cybersecurity tools, Elastic Security's integration capabilities would work and help manage your workflows seamlessly.

One of my company's customers told me that the incident response time after the implementation of the product was reduced by half within the first few weeks of the rolling out of the solution in the company.

The product is very user-friendly since it offers generative AI in the dashboard. If you don't know how to do something on the dashboard, you can ask a question, and the solution will guide you. From a user perspective, I would say that the person using the product should be knowledgeable and should know what he wants. The product is not for someone who is a novice. The cybersecurity analyst working on the tool should have a fair understanding of what he wants to achieve with the product. It is okay if a cybersecurity analyst does not know how to write a query in the tool since the product offers help through generative AI. You can ask generative AI how to write a query, and it helps you. Elastic Security can be a bit difficult to use if a person only has experience in SMBs with tools like Zoho. The product can also be difficult for those who have never dealt with query language. It would be easy to move to Elastic Security for those who use Splunk, IBM QRadar, or other enterprise-grade tools.

I rate the overall tool a ten out of ten.

I use Elastic Search to collect logs from an Active Directory server and forward the incidents to the SOAR solution.

Elastic Security is a highly flexible platform that can be implemented anywhere. 

The setup process is complex. You need a solid working knowledge of networking, operating systems, and a little programming. 

I have used Elastic Security for three or four months.

I rate Elastic Security seven out of 10 for stability. It isn't very stable. 

The setup process is highly complex because you need to configure every agent separately and then connect them to each other and the system architecture. It would be difficult for the average user. I had a cybersecurity consultant to help me set up some of the agents. It took about three days to deploy. Maintaining Elastic Search is also challenging.

I rate Elastic Search seven out of 10. I would recommend it for people who are using it to learn about solutions, but I don't think it's capable of doing the work on an enterprise level. 

We primarily use the solution for endpoint protection.

The best feature would be the threat hunting and its AI chat-related queries. It's simple. You can just chat with the system so it can get you the report based on a chat rather than going through a configuration. It's got a built-in artificial solution, a chatbot.

The interface of the solution is good.

The solution could offer better reporting features.

The stability of the solution is good.

We use a Linux box. And it's a hardened VM so you don't have to worry about any kind of batches, etc. You just deploy and start using, and it's quite stable and hasn't broken down on us at all.

In terms of scalability, you just need to keep increasing your endpoint licenses. That's the only thing. It's as easy as getting a new license updated and then you can start deploying it to the new endpoints. Right now, we have around 500 end users. We have a buffer of 1,000, so we can add about 400 more endpoints, so we are ready to grow if we need to. I don't know if we'll extend beyond that.

We didn't previously use a different solution.

The initial setup is straightforward. Deployment can take up to four days.

We used a reseller to assist us with the deployment. Our experience with them was positive.

We pay a yearly licensing fee.

I'd advise others to definitely do a POC, and have a plan for at least a couple of months, to see the benefits of it and then decide if it's the right solution for them.

You would need some kind of technical knowhow, not on the product, but on the kinds of incidents which you could face. You need some hands-on knowledge.

I'd rate the solution eight out of ten. The solution is effective. They even offer Mac versions now.

We are looking for the same tool on-premises that we can provide to our client as an MSSP. We're evaluating different types of tools in the market.

Although, we have a premium version, and I was checking the functions and features here.

We have some questions about the query language. So that also from this console and so that we can actually want to have a demonstration session where we can clarify this thing query to manage.

The interesting thing is about the dashboard. There are available widgets for the dashboards, along with specific features like different types of reports, such as a list of alerts. This helps to remind us which events are happening most often.

We are still evaluating the solution, but the dashboard is something good. And one more thing, it also has anomaly reports. I like that there is a report that is only based on anomaly-related activity.

One limitation of Elastic Security is that it does not have built-in workflows for all tasks. For example, if you need a workflow for compliance, you will need to create a custom workflow.

Sometimes, different types of clients require different workflows. And it absolutely varies from context to context. So that is often not available in [Elastic Security].

Additionally, the list of data sources that Elastic Security supports is limited. If you need to collect data from a system or application that is not on the list, you will need to develop a custom integration.

We have been evaluating it for the last two months.  

It works fine on the few devices we have deployed this solution. 

The scalability is good. It can be scaled easily in the production environment. 

The initial setup is easy. 

The pricing is fine. But the basic pricing should cover all the features you need.  Elastic needs to add more features, which are available as subscription-based add-ons. So more features may need to be added.

Overall, I would rate the solution an eight out of ten. We are still evaluating Elastic Security, but we are interested in learning more about its capabilities.

Our primary use case of this solution is for application performance monitoring. We are customers of ELK.

This solution enables us to monitor application performance from Elasticsearch and we can predict some behaviors for applications using ELK. This product is distributed and scalable which is good for us.

The troubleshooting or diagnostic tool can be improved to provide a better understanding of internal behavior and how data is stored. It would also be helpful if they were to release the next version as a plugin or an extension, or as a JAR file, for the latest features. When releasing a new version they currently provide a new stack which means everything needs to be removed before the new version is installed. 

I've been using this solution for five years. 

The solution is generally stable, although with each new upgrade there is an adjustment period. They upgrade versions very regularly and it's hard to keep up. By the time my environment is stable with the previous versions, they are already bringing out a new version. 

Scalability is very good with this product. 

I'm not satisfied with technical support because whenever you raise a case, it goes to some random support person who asks questions about the architecture. It's a waste of time. I'm a platinum customer so each time I raise a request, it should go to a dedicated customer support representative who knows my case. It's very difficult when you work in a highly secure environment to get all the logs and send the logs to them each time. 

The initial setup is easy, but as you begin using the more advanced features like security and authentication with an AM and LM, then it becomes a bit tricky.

Licensing costs are high, they charge based on the nodes and the RAM. If I purchase a license for a 64GB RAM node and then want to have 128GB RAM, I can't because it's not in the contract so I have to pay on top of that. They removed a feature that allows me to provide multiple disks for one node so if I now want to add an extra disk to the volume, I have to buy a license for one extra node. It's very unfair. 

I would recommend this solution for an organization that doesn't require a highly secured environment, because they'll have to deal with the issues of VM upgrades and installations. If it's a highly secured environment like a bank, then I suggest ELK cloud instead of on-prem.

I rate this solution a seven out of 10. 

I was using this product up until recently when I changed companies, but I have been asked to implement logging in my new role and this is one of the options that I am considering.

It was used in conjunction with Kibana to examine our logs and perform debugging. When a user complained about misbehavior in an application, we would research the logs, test, and try to find out where the bug is.

The most valuable feature for me is Discover. I have not used all of the features, so I can't say that this will be best for everyone.

I would like the process of retrieving archived data and viewing it in Kibana to be simplified.

We ran into trouble once or twice regarding problems with timestamps that came about because of issues with memory. Consequently, the correct data was not logged and it had to be done again.

I used this product for about eight months, up until about two months ago.

We were using this solution once or twice every couple of weeks when we encountered a bug. I found that it was stable.

I have not tested scalability. In my previous company, there were 20 people on the team, but only the backend developers were using ELK Logstash. This was perhaps 10 users.

We hosted this solution ourselves, so there was no technical support.

We have used Graylog in the past, but it was self-hosted and the experience wasn't great.

I did not do the initial setup myself.

My colleague deployed this solution for me.

This is an open-source product, so there are no costs.

When my colleague set up this application, it was configured such that every seven days, the data is archived into long-term storage. When I needed something from the archived logs, it was easy to retrieve and I could look through them again. This is something that I would suggest doing.

My suggestion for anybody who is implementing ELK Logstash is to make sure that the entire team knows how to use it. If only one person knows it and takes care of it, then it is not a very productive experience. On the other hand, if everybody is familiar with it, the experience will be much better.

This is definitely a product that I recommend using.

I would rate this solution an eight out of ten.