Elastic Security Reviews

We really like that it integrates into the overall ELK Stack, and we're using that as our theme. We were looking for a product compatible with that. We like the detailed investigation features of the platform as you're able to get a lot of detail as to what's going on on the host when you do investigations. We like the quarantine feature.

We chose the product based on the ability to scan for malware using a malware behavioral model as opposed to just a traditional hash-based antivirus. Therefore, it's not as intensive. We have a lot of satellite communications, and it's not as intensive since we don't require updates to calm down on a regular basis for updated DAT files for hashes on a regular basis. We only have to update quarterly against the new malware model. It's also a lot less impactful from a performance perspective on a machine.

It's a pretty solid product. It's pretty easy to use as it's not a full endpoint protection suite. We're actually dependent on using Windows Defender for a firewall and traditional antivirus when it's required. It could use maybe a little more on the Linux side. Now that the product line is getting picked up by Elastic, they're going to continue to build out and make the Linux feature set more robust. However, I would say that right now the Linux feature set is a little limited.

I've been using the solution for about a year.

Stability is very good. It's a very stable product. We haven't had any issues with stability at all.

For what we use it for, scalability has been great. Our environments tend to be smaller. We're only talking about 200 to 1,000 systems. Therefore, I don't know that I could speak to a real large scale since that's not our implementation level.

We are kind of in an interesting use case as we're not actually using it on a day-to-day basis. We are a production house, and we shift suites out to customers to use. As far as what the user feedback is on a regular basis, we don't really see a ton of that unless we kind of go out and hunt for it.

We're using the Microsoft Defender product. It's just what's embedded inside of the operating system. It's not the full Defender for Endpoint. It's just Windows and antivirus.

The Endgame itself is extremely straightforward to set up and you just filled out the ISO and you follow a couple of wizards you're done. It's very easy. I would say the ELK Stack is a little more complicated, however, that's due to the way we implement PKI in our environment. The product in itself is fairly straightforward to implement. It's our choice of certificate implementation that's making it a little more complicated.

We targeted it to be able to be maintained by one person. In a lot of cases, our scenario is that we only have one person available to maintain the product. It's very easy to maintain. There's not a ton going on. In a scene, you always have to have somebody watching the log of traffic if you want it to be effective. However, outside of that, there's no extreme maintenance associated with the product.

I do not know approximately how much it costs per month or per year. I'm not the one who makes the purchases.

We are just customers. 

I'd rate the solution an eight out of ten. 

There are around 150 pre-built use cases. One of the major use cases is when somebody tries to fiddle with logs, Elastic SIEM creates an alert because logs are the most critical things from the security aspect. For example, I have more than 1,000 terminals, which can be desktops, laptops, or any sort of servers. If somebody tries to delete Windows logs, Elastic SIEM immediately generates an alert indicating that somebody is trying to fiddle with the logs. Elastic SIEM sends me a pop-up message as well as an email.

It is very quick to react. I can set it to check anomalies or suspicious behavior every 30 seconds. It is very fast.

Elastic has a lot of beats, such as Winlogbeat and Filebeat. Beats are the agents that have to be installed on the terminals to send the data. When we install beats or Elastic agents on every terminal, they don't overload the terminals. In other SIEM solutions such as Splunk or QRadar, when beats or agents are installed on endpoints, they are very heavy for the terminals. They consume a lot of power of the terminals, whereas Elastic agents hardly consume any power and don't overload the terminals. 

There should be a simulation environment to check whether my Elastic implementation is functioning perfectly fine. Other competitors provide a simulation environment so that I can simulate an IT attack and see how my solution is reacting or giving me alerts. I have not found any such feature in Elastic.

Other solutions have their own Android and iOS applications that I can install on my mobile so that I am continuously connected to the SIEM. This is something missing in Elastic. There is no mobile app.

Its documentation should be a bit better. I have to spend at least a couple of hours to find the solution for a simple thing. The documentation should be more precise and much better than what their counterparts are offering.

When we buy Elastic, training is not included for free with Elastic. We have to pay extra for the training. They should include training in the price.

It is, for sure, reliable.

It is highly scalable. We at least have two dozen people who are using it. Some people may be using only a part of it, and some may be fully involved in it.

We have plans to increase its usage. We are ready with a running full-fledged server, and we can even handle data for potential customers. We are definitely planning to widen its usage.

I have interacted with them. They are quite responsive, and they do respond within the SLA.

I was not there when the deployment was done, but based on what I have heard, it was complex because of the server deployment and cluster formation, and it took at least two months.

Its price is fine. Its licensing works on a yearly basis. We have to renew the license every year.

I also have a good experience with Darktrace. When we buy Darktrace, we get training free of cost, which is not there in Elastic. We have to pay extra for training. There is certainly room for improvement.

I was not in this company when this was chosen.

I would advise going for the latest version, but it may or may not be backward compatible. Nowadays, version 7.12 is the latest version, and I see that it is actually not compatible with the older versions. 

I would rate Elastic SIEM a seven out of ten.

In general, the solution is working together with Open Shift's deployment for the continuous delivery of many projects. This product takes the metrics and checks the log for components that Open Shift deploys. We work with the observation team that monitors the entire company to understand what can be observed and analyzed. 

The solution is able to handle searches quickly and efficiently. It's much faster than other solutions we've tried. It spends far less time on searches related to capacity and indexing information.

The possibility to stack, locate, and search with your indexing feature at a high rate of speed is its best feature. 

It helps that the solution can work together with the infrastructure agents to get the metrics we need. 

The integration is quite good.

The initial setup is not difficult. It's easy to set up and customize. It's a strong selling point for the solution. 

It's easy to collect the data.

The documentation is big. It's very well documented.

It's working and easy to work with.

The cost is reasonable. It's not overly pricey.

This type of monitoring is not very mature just yet. We need more real-time information in a way that's easier to manage.

We need to be able to monitor from any location in the world and any location in the company. We find that solutions such as Dynatrace and Datadog offer much more functionality, perhaps due to the fact that they are more mature.

The solution needs to integrate more AI capabilities, specifically to assist in anomaly detection.

The instrumentation of APM can be enhanced; can be better. It's not automated. It's a very manual process. This ends up being more costly for us. Dynatrace and Datadog are better in this area.

The support on offer could be much better.

I've been using the solution for the last six months at this point. It hasn't been an extremely long amount of time just yet.

The stability has been pretty good. It's reliable. There aren't bugs or glitches. it doesn't crash or freeze. I'd describe it as 95% stable overall.

We haven't really done any scaling. We only have had an environment with a small cluster on-premises and we can't really test it for scalability. We have no more than four servers for the platform and never really needed to expand anything.

The solution may be used by around 1,000 people in our organization.

Technical support could be a lot better. They should offer online chat functionality so that we can get answers to questions right away. It would make troubleshooting a lot faster and less cumbersome.

We've had some troubles, and when we do, we need to open a ticket to get it resolved, which takes some time.

That said, it does offer very good documentation and their knowledge is very good when you do interact with them.

The initial setup is easy. It's not complex or difficult. It's pretty straightforward.

It's very easy to set everything up and configure it on-premises.

The deployment only took an hour or two. We only deployed to one environment. It was pretty fast.

The cost is pretty low. It is not open-source, however.

We are just customers and end-users.

I would advise others to use this solution. It's relatively low cost and the implementation is quick, giving you results faster. 

I would rate the solution at an eight out of ten overall.

Overall, the solution is good.

The machine learning aspect of the solution has been great.

The deployment is not that complicated.

ELK is open-source, and it will give you the framework you need to build everything from scratch.

The SIEM modules in Logstash, need more improvement. In the future, the modules could be more advanced as right now there are only very basic modules.

We are facing an issue with the engineers. In the region, there are not many available. Only a few people might be available in our particular region, which is a problem. 

There isn't really a very good user experience. You need a lot of training. There is an interface with limited options. You need to work with the coding and you need to work with the scripts. It's not simple. If you want to configure something, for example, you need to be a proper programmer.

It would ideal if they had a dashboard. Right now, the only way to see what you need to see is to go through all of the logs. 

I've used the solution for one and a half years.

The stability of the solution is good. However, it depends on the configurations. If the solution is configured properly from the beginning, it will be stable. However, if the solution is not configured from beginning properly, it will not be. This is due to the fact that ELK Elasticsearch gives you the framework only, and the customizations depend on the guys who will be coming to configure everything for the company.

The scalability is good, however, there is a certain level of skill that is needed. Due to the lack of trained engineers in the area, this could be a challenge.

We've reached out to technical support in the past. We found that sometimes communication with them was difficult as there was a lack of understanding. This means that it takes a longer time to reach a resolution. However, in the end, when we have had issues, we were able to resolve them, even if it was a bit delayed. 

I've also worked with LogRhythm and there is no comparison. LogRhythm is the best solution for me. The use cases are better and are readily available. In contrast, with ELK, we need to deploy a lot of things. We need to program people and we need skills and training. We need a lot of things. Even the LogRhythm training is easier than ELK. With ELK, you need to build the customization, rules, everything, from scratch. WithLogRhythm, you just have to enable features.

If a company wants some more specific detailed use cases, then ELK would be better than LogRhythm, however, for a generic use case, LogRhythm is better.

The initial setup is pretty simple and straightforward. It's not overly complex. 

That said, it does require trained specialists, and there just aren't that many in our area. 

Overall, I would rate the setup process at a two out of five. 

The configuration must be done correctly, and that depends on who is configuring it. If the person configuring it, for example, only has an administrator background, he will configure the administrator stuff. If he has a security background, he will configure for security.

We are a partner. 

I'd advise others considering the solution that ELK is a good solution, however, it requires skills and capability. You need to be properly trained with it to get the most out of it. 

I would rate the solution at a five out of ten.

We do not use monitoring due to the fact that we use Prometheus for monitoring. We don't use APM and so on. We use ELK only for logging.

The solution has very good logging functionality. 

The aggregation capability is quite useful. 

The solution is quite stable. The performance has been good.

The solution scales well.

The solution has gotten easier to deploy since the 2019 version.

Using ELK the first time there was a lack of security. We had to buy the paid version due to the fact that we needed to secure access to Kubernetes.

The problem with ELK is it's difficult to administer. When you have a problem, it can be very, very difficult to rebuild indexes. In fact, you have to monitor the stack and it's very, very difficult. Sometimes we lose indexes or we have nothing on the dashboard.

I've been using the solution for about two years at this point. It hasn't been an extremely long amount of time.

The solution is stable. It's reliable. There are no bugs or glitches. It doesn't crash or freeze.

The solution can scale. If a company needs to expand it, it can do so pretty easily.

We use the solution for quite a small team. Ten people work on it.

Due to the fact that we have a paid version of the product, technical support has been fine. We've been satisfied with the level of service provided to us. They are quite helpful and responsive.

Previously, we were on Datadog, Kubernetes Logs. It was not very easy to debug incidents and so on. If I had to compare, I'd say that Datadog is very easy to implement and it's such a fast solution.

The first time, it was very hard to deploy on Kubernetes. However, as we reached version seven, they are now an operator. Now it's very easy to deploy. We no longer have any issues.

The solution is a bit expensive. I don't know the pricing of Datadog, which is what we used to use, however, it's my understanding that it is very expensive also. 

We are a customer and an end-user. We do not have a business relationship with ELK.

The solution is deployed on Kubernetes in Azure.

I would advise other companies and users not to mix monitoring and logging. It's not the same purpose. Many people do monitoring by scanning logs. It's not a good idea. The good idea is to monitor separately. In case of incidents, you have to monitor metrics and logins for the root cause. It's important to separate this, and not treat them as the same thing.

I'd rate the solution at an eight out of ten.

ELK Stack is made up of Elasticsearch, Logstash, and Kibana. What we have is considered modified ELK Stack where instead of the Logstash we use Fluentd, but it serves the same purpose as basically a pipe to get the data into the Elasticsearch.

We primarily use the solution for everything you could think of from error detection to general logging and auditing, to security awareness.

Recently I started using some Kibana alerting, which is in the latest versions of Kibana. It's very helpful in general.

You can't beat the price as it is basically free. There are also a lot of features on offer.

We've found the initial setup to be quite straightforward.

The stability is excellent.

Sometimes, the solution isn't the easiest to use.

The solution probably doesn't have all of the advanced machine learning like some other SIEM providers have right now. It's something that could be improved upon.

I've been using the solution for three or four years at this point. It's been a while.

The stability of the solution has been excellent. There are no bugs or glitches. It doesn't crash or freeze. The reliability is very high.

I have no reason to believe this solution wouldn't scale well if a company needed it to. I see no limitations there.

That said, that's a speculative area for us right now. We haven't attempted to scale the product ourselves.

Obviously, Elasticsearch has to do all of its indexing upfront and that might be a scaling concern whereas something like Devo with its just-in-time indexing is pretty darned interesting.

On our end, mostly development staff and operations staff are using it right now. For our organization, everything is going to increase. We're just starting to ramp up usage now.

I've never dealt with technical support. I can't speak to how helpful or responsive they are.

The initial setup is not overly complex. It's pretty straightforward. A company shouldn't have any issues with the implementation process overall. Everything in AWS has gotten pretty straightforward.

The maintenance of the solution is minimal. It would only take one person to maintain it.

The price of the product is very good, as it is largely free. There isn't any operating cost. It's basically free software. I'm not aware of any enterprise versions that would cost more. Everything is an AWS service.

We're just customers and end-users. We don't have a business relationship with the company.

We're using the latest version of the solution.

The product in general has come very far. It's gotten a lot better over the years.

I'd recommend the solution to other organizations. I'd advise anyone to try it out.

Overall, I would rate it at an eight out of ten. We've largely been very pleased with the product.

My customers use Elastic Security for security monitoring, threat hunting, and threat identification.

What customers found most valuable in Elastic Security feature-wise is the search capability, in particular, the way of writing the search query and the speed of searching for results.

An area for improvement in Elastic Security is the pricing. It could be better. Right now, when you increase the volume of logs to be collected, the price also increases a lot.

I've been working with Elastic Security for four to five years now.

Elastic Security is a stable solution.

In terms of scalability, Elastic Security is pretty scalable.

I haven't escalated any issues with the Elastic Security technical support team.

In comparison with other similar solutions in the market, customers go with Elastic Security because of its scalability and its good performance. The solution has a good search feature, especially when a large volume of logs needs to be collected. Elastic Security also gives you pretty good results compared to other solutions.

The initial setup for Elastic Security is quite straightforward. For the cloud version of the solution, it's easy because it requires no installation. If you're setting up the on-premises version of Elastic Security, then it would take around three to four days to complete.

The licensing cost of Elastic Security is based on the daily ingestion rate. I can't recall the exact figure, but for 10GB of log action daily, it would cost around $20,000.

I've had customers for Elastic Security in the last twelve months.

Elastic Security requires maintenance, especially in a scaled-up environment, because you have multiple machines that work in a cluster environment, so you'll need some advanced skills to maintain that cluster. The solution becomes harder to maintain once it's scaled up.

Elastic Security is a pretty straightforward solution I'd recommend to others, though you'd need a person who'll pick up the query or search language because Elastic Security requires a lot of query language, so you can search for data on it. There's a special search query pattern you have to remember before you can do the search or for you to do a better search. You can always do a normal search on Elastic Security, but if you want to have better search results or more accurate results, you need to learn the query language first.

My rating for Elastic Security is eight out of ten because of its good performance and scalability. Its good search feature is very important for the use cases of my customers, but I deducted two points because the pricing for Elastic Security could still be improved.

We are using the solution for log management. We use it for monitoring and observing. 

Its search engine is great, and it is really quick. In the beginning, we wanted to search through terabytes of log data, and after that, we decided to search using the solution.

The initial setup is very easy.

It can scale well. 

It's very stable and reliable. 

We use it as an open-source product and do not have to pay for licensing. 

There is a lot of good documentation online if you need to troubleshoot. Everything is clear and easy to follow. 

The solution wasn't designed for monitoring at first. It was for search and stack logs and for working with solutions like Kibana. Therefore, they are a bit weak when compared to traditional monitoring tools. 

They should work to improve their integration and graphical interfaces. Their visuals and graphs need to be better. They need better charts. These already exist in Kibana and should be in this solution as well. 

I've been using the solution for two years. 

The solution is very stable. There are no bugs or glitches, and it doesn't crash or freeze. it is reliable, and the performance is good. It'd rate the general stability ten out of ten. 

We can easily scale up, according to our needs. It's easy to expand. 

I'd rate the overall ability to scale up eight out of ten. 

They do not have technical support. They have community support and documentation to help with troubleshooting. We've been happy with the amount of detail we can find online if we need assistance. 

I have not used any other products that are the same. I only use Micro Focus Ops Bridge and SiteScope, which are traditional monitoring tools, so I can't categorize them. They are slow yet they can handle big networks. 

The solution is straightforward to set up. They have documentation on their site that shows how to do everything step by step. Everything is very clear and easy to understand. I'd rate the overall ease of implementation nine out of ten. 

The deployment is fast and only takes hours, not days. 

One person helped me deploy the solution. However, we did not need outside assistance. We did it ourselves. 

The solution is open-source and, therefore, free to use. 

I'm a partner. 

I'd advise others to take advantage of the documentation of the solution in order to get the most out of the product.

In general, I'd rate the solution eight out of ten.