Elastic Security Reviews

We use Elastic Security for basic SIEM reporting.

The most valuable feature of Elastic Security is that you can install agents, and they are not separately licensed. You can also directly install integrations onto those agents. The solution's user interface is good.

Presentation-wise, the dashboards are not that pretty from an aesthetic point of view. Regarding usability, you should be familiar with the Elastic syntaxes and how to use them, or else it can be pretty hard. The solution's query building is not that intuitive compared to other solutions.

I have been using Elastic Security for one year.

Elastic Security needs a lot of configuration from the architecture point of view, but other than that, it's pretty stable. Suppose you are doing small deployments and reaching the limit of the deployments. At some point, if there is a lack of resources and you have not configured the automatic scaling, it might freeze up, and you need to restart it.

Elastic Security's initial setup is easy.

Elastic Security is free to use.

Elastic Security has a pretty easy setup for someone starting a cybersecurity career. You will have a taste of what CM solutions look like, how they work, and the workflow because it's pretty easy to set up. Many cool features exist even in an on-premises, free, open-source version. Using Elastic Security is a pretty nice way to start.

Overall, I rate Elastic Security a seven out of ten.

I use the tool for security operations.

Elastic Security is not good for my company. I also use Splunk. Splunk is better than Elastic Security. Elastic Security is used in our main security systems, and now we also use NetFlow. SPL is better than Elastic Security. SPL is better for creating dashboards. It is very good for creating dashboards.

I want to find an automatic security system in the tool, like a SOAR solution. I am looking forward to seeing a SOAR system in the tool.

I have been using Elastic Security for three years. I use Elastic Security 8.0. I am a customer of the tool.

I am a Splunk customer, but its usage is shrinking in our company. I have hands-on experience with Splunk for five to six years. As a basic enterprise system, Splunk is very good, and it also has many applications, making it a very useful tool. I am trying to find a managed security system. Splunk helps our organization monitor multiple cloud environments. It is not so easy to monitor multiple cloud environments with Splunk Enterprise Security's dashboards. With Splunk, it is very easy to find Azure and Azure API connections, but the versions vary. If the tool's version varies, the system won't work. Once we are able to set up the system, the tool will work fine.

Some application tools should be provided by the maker as they can be very beneficial to us.

Splunk's visibility into multiple environments is to manage the tool in the cloud. I have used the tool, and it has the capability to detect threats.

The product's initial setup phase was done two years ago, and the whole process was not so good, even though it was created with the support team from the project team. My company has a number of servers in the system, but it is not good enough or easy to implement the tool.

I just had one requirement with the product and had to send it across to the tool vendors.

The solution is deployed with the help of Azure.

The product's implementation phase was managed by IIJ, which is a system integrator. The help for Elasticsearch 7.0, but not so good for Elasticsearch 8.0.

The price of Elastic Security is not so bad compared to Splunk. I can say that the product is cheaply priced.

In cyber security operations, I use the tool only for troubleshooting or checking the network traffic. I really didn't really use it for security operations.

I am facing trouble creating a security system using Elastic Search. I am also considering other solutions, like Splunk, but I know that small and medium firms don't contact IBM.

The tool's functionality is good for overall security and incident response times.

I have heard from people that the tool generates results.

I would not recommend the product to others. I would recommend Splunk to others.

I rate the tool a six to seven out of ten.

Elastic Security is very customizable, and the dashboards are very easy to build. It's a very, very, very fast tool. If I click on something on my other SIEM to drill down into that thing, it only drills down a little, but Elastic Security will filter everything that's on the screen.

It's a little bit of a learning curve to understand the logic of searching for things and trying to find what you're looking for in Elastic Security. You have to understand because it's not all formatted the same. My last SIEM had a whole drop-down where you literally could click on whatever data source you wanted to look at.

It's not like that in Elastic Security. Sometimes, it's a drop-down, and sometimes it's like a specific thing inside something else. You have to get in there and understand your environment to really know where your data is. Trying to find what you're looking for if you don't know the environment is extremely hard in Elastic Security.

Elastic Security's scalability is pretty easy. Since it's in the cloud, you have to watch your throughput to ensure you're staying within what you've bought. That being said, they have had to build scripts to understand that throughput because there is no easy way to see how much data you're actually pushing to the cloud. If you go over your cap, they'll bite you in the bill, and you wouldn't even know it.

Elastic Security's initial setup is not easy. We've had to hire an entire team, and it's taken over a year and a half to set up the solution.

Before choosing Elastic Security, we evaluated Microsoft Sentinel.

The learning curve for Elastic Security is heavy. It becomes easier once you get into it and start using it as a user. We had to hire a separate team to help build the back end. Elastic Security is not an easy product to set up.

Elastic Security has better user usability and intuitiveness. It's hard to build the tool, but it is quick and has easy dashboards. Elastic Security is great once you get it built, but the build is the hardest part.

Overall, I rate Elastic Security a six out of ten.

We primarily use Elastic Security as a log aggregator, so we use it like a SIEM. It ingests all our logs and reports on them in aggregate.

We've used Elastic Security to solve some challenges involving various data sources. Things were being logged, but they were scattered around the organization. Elastic has sped up problem-solving. I can also imagine other use cases where we might use it for things that weren't system related. I use it for IT troubleshooting, but you could probably use it for sales forecasting or anything that I could make a data source out of.

Elastic Security gives us the ability to look at more than one source of data. For example, if a Windows client is doing something weird, I can grab all the Windows clients, then pivot to the firewall logs. 

I can look at events from more than one source across multiple different locations and find patterns or anomalies. The machine learning capabilities are helpful, and I can create rules for notifications to be more proactive rather than responding after something has gone wrong.

Elastic Security has a steep learning curve, so it takes some time to tune it and set it up for your environment. There are some costs associated with logging things that don't have value. So you need to be cautious to only log things that make sense and keep them around for as long as you need. You shouldn't hold onto things just because you think you might need them.

I have used Elastic Security for about a year.

Elastic Security support is pretty good. Their support staff seems to know the product well. They provide answers but don't offer much training. They have lots of videos and documentation, but there's not a live person that tells you how to do things. They mostly refer you to the documentation. 

Setting up Elastic Security is complex in some ways. Getting the solution to ingest your logs is the most difficult part. If the logs are of little value or you're holding on to those events for too long, they're not really worth as much. They're not as actionable if they're a month or a year old.

I rate Elastic Security nine out of 10. I can't speak to any of the other security features, but it works for logging and SIEM. 

We use it as a SIEM for monitoring a client's environment.

One of the most valuable features of this solution is that it is more flexible than AlienVault. 

It is difficult to anticipate and understand the space utilization, so more clarity there would be great.

My company has been using this solution for two years.

It is a very stable solution.

The solution is very scalable.

The technical support is adequate.

Neutral

We currently use AlienVault for some clients and Elastic Security for others. We chose Elastic Security because we felt it was the most flexible, cost-effective solution to provide the results needed.

In certain respects, the setup of this solution is more straightforward than other solutions, but in other respects, it's more complex because it needs more fine-tuning than Splunk or AlienVault.

We implemented through an in-house team and it took about two months.

The licensing cost depends on the size of the environment it's monitoring. Everything is based on volume, as with all SIEMs. When compared to other products, the price is average or on the low side.

We evaluated several options, including Monster SIEM, Splunk, and Wazuh.

There's a lot of fine-tuning involved with this solution. When you go to a diner, and the menu has everything on it, and you can't figure out which part to look at first, it's a double-edged sword. You can do everything with this solution, which means you have to figure out which part of "everything" makes sense for your company to do.

I would rate this solution as an eight out of ten. It's a good value for money and a  reliable solution, but it's heavily reliant on appropriate configuration.

I worked for a telco client for the security model of Elastic, but my role was unit manager. I don't have a lot of technical expertise, but I decided on the solution for a client, and I was responsible for the delivery.

I worked with the security of the mobile app. I see all the logs in Elastic for SIEM. I monitored the logging and some logs from the machine for a UNIX system with some use cases like the machine's file system.

This solution is deployed on-premise.

We provide this solution to our customers, which are telcos, in the finance industry, and in retail.

I think that it's a good solution for a SIEM.

Elastic doesn't have the features like other competitors in SIEM. For example, Dynatrace as a solution for SIEM has features that Elastic actually don't have.

With Elastic, you have to build the use cases for the specific requirement. Other products have a simple integration and more use cases to integrate out-of-the-box solutions for SIEM. That's the improvement I would like to see.

The product is stable.

Other products like Splunk are better than Elastic for a SIEM because there are some use cases already available for a client. Elastic doesn't have this, so the user must build the SIEM solution. I think that Elastic has to increase the features for the SIEM.

It's not very complicated to install Elastic, but I didn't deploy it.

I would rate this solution 7 out of 10.

It's a good solution and I would recommend it, but there are other products that have more features that Elastic doesn't have.

There are around 150 pre-built use cases. One of the major use cases is when somebody tries to fiddle with logs, Elastic SIEM creates an alert because logs are the most critical things from the security aspect. For example, I have more than 1,000 terminals, which can be desktops, laptops, or any sort of servers. If somebody tries to delete Windows logs, Elastic SIEM immediately generates an alert indicating that somebody is trying to fiddle with the logs. Elastic SIEM sends me a pop-up message as well as an email.

It is very quick to react. I can set it to check anomalies or suspicious behavior every 30 seconds. It is very fast.

Elastic has a lot of beats, such as Winlogbeat and Filebeat. Beats are the agents that have to be installed on the terminals to send the data. When we install beats or Elastic agents on every terminal, they don't overload the terminals. In other SIEM solutions such as Splunk or QRadar, when beats or agents are installed on endpoints, they are very heavy for the terminals. They consume a lot of power of the terminals, whereas Elastic agents hardly consume any power and don't overload the terminals. 

There should be a simulation environment to check whether my Elastic implementation is functioning perfectly fine. Other competitors provide a simulation environment so that I can simulate an IT attack and see how my solution is reacting or giving me alerts. I have not found any such feature in Elastic.

Other solutions have their own Android and iOS applications that I can install on my mobile so that I am continuously connected to the SIEM. This is something missing in Elastic. There is no mobile app.

Its documentation should be a bit better. I have to spend at least a couple of hours to find the solution for a simple thing. The documentation should be more precise and much better than what their counterparts are offering.

When we buy Elastic, training is not included for free with Elastic. We have to pay extra for the training. They should include training in the price.

It is, for sure, reliable.

It is highly scalable. We at least have two dozen people who are using it. Some people may be using only a part of it, and some may be fully involved in it.

We have plans to increase its usage. We are ready with a running full-fledged server, and we can even handle data for potential customers. We are definitely planning to widen its usage.

I have interacted with them. They are quite responsive, and they do respond within the SLA.

I was not there when the deployment was done, but based on what I have heard, it was complex because of the server deployment and cluster formation, and it took at least two months.

Its price is fine. Its licensing works on a yearly basis. We have to renew the license every year.

I also have a good experience with Darktrace. When we buy Darktrace, we get training free of cost, which is not there in Elastic. We have to pay extra for training. There is certainly room for improvement.

I was not in this company when this was chosen.

I would advise going for the latest version, but it may or may not be backward compatible. Nowadays, version 7.12 is the latest version, and I see that it is actually not compatible with the older versions. 

I would rate Elastic SIEM a seven out of ten.

Elastic Security makes data communication easier.

The solution should generate an automatic product that integrates with ELK Stack to use artificial intelligence.

The solution is not expensive and costs around ten dollars a month.

The solution allows you to generate alerts. You can automatically detect and configure mail in some addresses and automatically identify the identity that you have in your system. This is important for confidentiality in order to control the risks in identifying the users. The solution also uses artificial intelligence to identify anyone using your system.

We use the solution to monitor the activities of the people in the organization to prevent attacks in a controlled environment. We use the tool to observe the behavior of attacks and how to mitigate them. Today, security is more important than people know. You need to know who has access to your network, repository, or cell phone.

Overall, I rate the solution ten out of ten.