Elastic Security requires a longer setup time and has a steeper learning curve than Wazuh, but it excels in real-time monitoring, scalability, and advanced threat hunting. Wazuh, appreciated for its support and reasonable pricing, offers efficient log analysis and customizable alerts but needs UI and integration improvements.
The summary above is based on 48 interviews we conducted recently with Elastic Security and Wazuh users. To access the review's full transcripts, download our report.
It does not require hefty security budgets and can be deployed for enterprise security effectively.
I have seen value in security cost savings with Wazuh, as using proprietary EDR versions could save us substantial money.
Support is prompt and helpful.
Most of the time when my team encounters issues, they receive responses within 24 hours.
They responded quickly, which was crucial as I was on a time constraint.
We use the open-source version of Wazuh, which does not provide paid support.
The documentation is good and provides clear instructions, though it's targeted at those with technical backgrounds.
It allows us to think about specific use cases, such as gathering malicious IPs in a single view and analyzing threats based on geolocation.
It can accommodate thousands of endpoints on one instance, and multiple instances can run for different clients.
Currently, I don't see any limitations in terms of scalability as Wazuh can still connect many endpoints.
Scalability depends on the configuration and the infrastructure resources like compute and memory we allocate.
In terms of stability, I would rate Elastic a solid eight out of ten.
The stability of Wazuh is strong, with no issues stemming from the solution itself.
The stability of Wazuh is largely dependent on maintenance.
The indexer frequently times out, requiring system restarts.
CrowdStrike and Defender have more established threat intelligence integration due to having a larger client base.
My security testing team continuously reports vulnerabilities, and we have to fix and update the versions frequently.
Elastic Security consumes a lot of resources, requiring a substantial deployment setup.
The integration modules are insufficiently developed, necessitating the creation of custom integration solutions using tools like Logstash and PubSub.
I think Wazuh should improve by introducing AI functionalities, as it would be beneficial to see AI incorporated in the threat hunting and detection functionalities.
Wazuh could improve by creating videos on YouTube covering installation, use cases, and integration of third-party APIs for different scenarios that other SAAS services provide.
The pricing is reasonable, especially for Small Medium Enterprises (SMEs), making it a viable option for businesses building their security infrastructure.
This is beneficial for SMEs as they do not need extensive budgets for security solutions.
Elastic Security is considered cost-effective, especially at lower EPS levels.
Wazuh is completely free of charge.
Totaling around two lakh Indian rupees per month.
Wazuh is free to use, but there are licensing fees for third parties.
Elastic Security offers good insight regarding alerts, reports, and cases.
Elastic Security offers advanced features such as machine learning and integration with ChatGPT.
We require rapid processing speed for alerts and event data, and Elastic Security is very efficient at handling this level of data.
Wazuh is a SIEM tool that is highly customizable and versatile.
The system allows us to monitor endpoints effectively and collect security data that can be utilized across other platforms such as SOAR.
With this open source tool, organizations can establish their own customized setup.
Elastic Security combines the features of a security information and event management (SIEM) system with endpoint protection, allowing organizations to detect, investigate, and respond to threats in real time. This unified approach helps reduce complexity and improve the efficiency of security operations.
Additional offerings and benefits:
Finally, Elastic Security benefits from a global community of users who contribute to its threat intelligence, helping to enhance its detection capabilities. This collaborative approach ensures that the solution remains on the cutting edge of cybersecurity, with up-to-date information on the latest threats and vulnerabilities.
Wazuh is an enterprise-ready platform used for security monitoring. It is a free and open-source platform that is used for threat detection, incident response and compliance, and integrity monitoring. Wazuh is capable of protecting workloads across virtualized, on-premises, containerized, and cloud-based environments.
It consists of an endpoint security agent and a management server. Additionally, Wazuh is fully integrated with the Elastic Stack, allowing users the ability to navigate through security alerts via a data visualization tool.
Wazuh Capabilities
Some of Wazuh’s most notable capabilities include:
Wazuh Benefits
Some of the most valued benefits of Wazuh include:
Wazuh Offers
Reviews From Real Users
"It's very easy to integrate Wazuh with other environments, cloud applications, and on-prem applications. So, the advantage is that it's easy to implement and integrate with other solutions." - Robert C., IT Security Consultant at Microlan Kenya Limited
“The MITRE ATT&CK correlation is most valuable.” - Chief Information Security Officer at a financial services firm
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
