Elastic Security and Elastic Observability are key players in threat detection and performance monitoring. Elastic Observability holds a slight edge due to its expansive monitoring features and data insights.
Features: Elastic Security offers threat detection, anomaly detection, and detailed alerts. Elastic Observability provides robust data visualization, broad integration capabilities, and superior data analysis.
Room for Improvement: Elastic Security could improve complex configurations, reporting features, and usability. Elastic Observability needs enhancements in scalability, data processing speed, and handling of large-scale data.
Ease of Deployment and Customer Service: Elastic Security is known for straightforward deployment but requires advanced technical support. Elastic Observability offers a simple deployment process and slightly better customer service.
Pricing and ROI: Elastic Security is seen as cost-effective initially but has mixed ROI reviews. Elastic Observability, while more expensive initially, provides more reliable ROI according to users.
It does not require hefty security budgets and can be deployed for enterprise security effectively.
Most of the time when my team encounters issues, they receive responses within 24 hours.
Support is prompt and helpful.
Elastic Observability seems to have a good scale-out capability.
What is not scalable for us is not on Elastic's side.
It allows us to think about specific use cases, such as gathering malicious IPs in a single view and analyzing threats based on geolocation.
It is very stable, and I would rate it ten out of ten based on my interaction with it.
Elastic Observability is really stable.
In terms of stability, I would rate Elastic a solid eight out of ten.
For instance, if you have many error logs and want to create a rule with a custom query, such as triggering an alert for five errors in the last hour, all you need to do is open the AI bot, type this question, and it generates an Elastic query for you to use in your alert rules.
It lacked some capabilities when handling on-prem devices, like network observability, package flow analysis, and device performance data on the infrastructure side.
Elastic Observability could improve asset discovery as the current requirement to push the agent is not ideal.
CrowdStrike and Defender have more established threat intelligence integration due to having a larger client base.
My security testing team continuously reports vulnerabilities, and we have to fix and update the versions frequently.
Elastic Security consumes a lot of resources, requiring a substantial deployment setup.
Observability is actually cheaper compared to logs because you're not indexing huge blobs of text and trying to parse those.
Elastic Observability is cost-efficient and provides all features in the enterprise license without asset-based licensing.
The license is reasonably priced, however, the VMs where we host the solution are extremely expensive, making the overall cost in the public cloud high.
The pricing is reasonable, especially for Small Medium Enterprises (SMEs), making it a viable option for businesses building their security infrastructure.
This is beneficial for SMEs as they do not need extensive budgets for security solutions.
Elastic Security is considered cost-effective, especially at lower EPS levels.
the most valued feature of Elastic is its log analytics capabilities.
The most valuable feature is the integrated platform that allows customers to start from observability and expand into other areas like security, EDR solutions, etc.
Every integration, whether for Windows or Linux or even Palo Alto or Fortinet, installs the out-of-the-box dashboards along with it, making it easy to parse incoming data meaningfully and immediately start viewing dashboards to see what's happening in the platform.
The platform provides more visibility and requires less effort in monitoring.
We require rapid processing speed for alerts and event data, and Elastic Security is very efficient at handling this level of data.
Elastic Security offers good insight regarding alerts, reports, and cases.
Elastic Observability is primarily used for monitoring login events, application performance, and infrastructure, supporting significant data volumes through features like log aggregation, centralized logging, and system metric analysis.
Elastic Observability employs Elastic APM for performance and latency analysis, significantly aiding business KPIs and technical stability. It is popular among users for system and server monitoring, capacity planning, cyber security, and managing data pipelines. With the integration of Kibana, it offers robust visualization, reporting, and incident response capabilities through rapid log searches while supporting machine learning and hybrid cloud environments.
What are Elastic Observability's key features?Companies in technology, finance, healthcare, and other industries implement Elastic Observability for tailored monitoring solutions. They find its integration with existing systems useful for maintaining operation efficiency and security, particularly valuing the visualization capabilities through Kibana to monitor KPIs and improve incident response times.
Elastic Security combines the features of a security information and event management (SIEM) system with endpoint protection, allowing organizations to detect, investigate, and respond to threats in real time. This unified approach helps reduce complexity and improve the efficiency of security operations.
Additional offerings and benefits:
Finally, Elastic Security benefits from a global community of users who contribute to its threat intelligence, helping to enhance its detection capabilities. This collaborative approach ensures that the solution remains on the cutting edge of cybersecurity, with up-to-date information on the latest threats and vulnerabilities.
We monitor all Log Management reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
