Elastic Security is usually used to deliver and analyze logs for security teams. Some common use cases include search and analytics of log data from the system and sending it to other components. We are using features like point security and detection of gathering data.
The most valuable thing is that this solution is widely used for work management and research. It's easy to jump into the security use case with the same technology. Also, it's valuable from an operational point of view as you have the same knowledge of how to operate it, how to work management, search, and security instance.
The important part is that it's free of charge usage. For our use case, it's enough, and it's for a good cost because the basic level of the solution is free.
In terms of improvement, there could be more automation in responding to and evaluating detections. Additionally, there could be some sort of intelligent database checking for better effects. Overall, I think there could be more automation.
I have been using Elastic Security for four years now. When it started because we were working with Endgame before it merged with Elastic.
I rate the stability an eight out of ten because it depends on the design and how well you monitor it.
I would rate the scalability a ten out of ten; it is a very scalable solution. We work with enterprise-level companies.
The customer support is good. You have support from all project stages, beginning with the architecture. And after you roll out the solution, you have dedicated technical staff for the project.
Positive
The initial setup depends on what you were expecting, but since we have experience with it and know what it's good for, it's an eight out of ten. The initial deployment typically takes about a day. Then there's an initial stage of the project to integrate some of the client's specific requirements, which can take additional time depending on the complexity of their environment.
When it comes to maintenance, it depends on the project, and sometimes one person can support all roles.
Usually, it's enough to have one engineer with deep technical knowledge of the operating system and the deployment and configuration of the system. The other role is an analytical role with project management and coordination skills to communicate with customers and drive delivery.
We implement Elastic Security in our customer's environment. We are like a consulting company. Depending on their preference, the initial deployment could be on their internal cloud, on-premises, or on hardware visualization. The advantage of this solution is that it can be deployed anywhere, including public clouds, private clouds, on-premises, bare metal, and even on Kubernetes.
The deployment takes a few days, and in the initial stage of projects, it could take two months with some integrations to the system, setting some rules, and so on. But it also depends on our customers and how familiar they are with it and what they want.
Usually, we start with a small installation with a bit fewer sources, install the initial setup, and gather information from selected systems such as legacy systems, infrastructure systems, custom applications, and so on running in the customer environment. Then we show how our solution behaves, how it grows, and what is the expected volume of data. We plan the next iterations to extend the hardware deployment. As users start using the platform and become familiar with it, they can set their requirements for implementing iterations. Then we shape the infrastructure and implement some rules, detections, machine learning, and other features.
We prefer to move forward very fast with no big analytics because customers usually don't know what is happening in their systems, and with this approach, we are showing them what they need to focus on.
I would say you don't spend too much time evaluating and comparing it with other products. Just start with it because you can begin for free and gain knowledge. It's the best approach.
It's also a good idea to run it next to other solutions, like Splunk or QRadar, or something else, and compare how you can use this platform. We have also done some migration projects from these platforms to Elastic Security. Initially, some expectations were that it could not be as good for the price because it's free or cheaper, but surprisingly, we found it valuable and easy to use.
Overall, I rate it a seven out of ten because some features are still missing. However, it's a developing platform and technology that is a good investment for the future. Every release adds new features, and the platform fits future requests and changing IT landscapes, like cloud environments. There are no limits, and it's an open platform that can serve all needs.
