Coming October 25: PeerSpot Awards will be announced! Learn more
Omar Mezrag - PeerSpot reviewer
CyberSecurity Specialist at a security firm with 11-50 employees
Real User
Top 20
Delivers quick visibility but resource use is costly
Pros and Cons
  • "Elastic Security allows us to deliver visibility in a few hours, which makes our customers more confident in our service."
  • "Elastic Security provides a huge amount of searchable data, which is a great advantage in itself but is costly in terms of the number of servers used."

What is our primary use case?

Elastic Security primarily provides security via containment, verification, and recovery and improves detection. 

How has it helped my organization?

Elastic Security allows us to deliver visibility in a few hours, which makes our customers more confident in our service.

What is most valuable?

Elastic Security's best feature is its many options, which make auditing and organization less challenging.

What needs improvement?

Elastic Security is no scale, which creates some limitations in joining diagrams without duplicated information and costs the customer in additional storage. This is made more problematic because Elastic Security provides a huge amount of searchable data, which is a great advantage in itself but is costly in terms of the number of servers used. These costs may surprise customers when comparing Elastic Security to other solutions, although it is worth the extra cost.

Buyer's Guide
Elastic Security
September 2022
Learn what your peers think about Elastic Security. Get advice and tips from experienced pros sharing their opinions. Updated: September 2022.
633,184 professionals have used our research since 2012.

For how long have I used the solution?

I've been using Elastic Security for six years.

What do I think about the stability of the solution?

Elastic Security is very stable.

What do I think about the scalability of the solution?

Elastic Security is very scalable.

How are customer service and support?

Elastic Security's technical support is very responsive, and even if you don't have a resource or contact with them, we've had good feedback about the support community.

How would you rate customer service and support?

Positive

How was the initial setup?

The initial setup is straightforward for basic users who can use business selection, but the process for installing an adapted solution needs many improvements. Deployment takes a week for the basic setup, but it takes around twenty days for a more complex RDX.

What about the implementation team?

We used an in-house team.

What was our ROI?

Elastic Security gives a very good ROI if you calculate the searchable snapshot feature correctly.

What's my experience with pricing, setup cost, and licensing?

Elastic Security has yearly and monthly licenses available. The standard license's features are very similar to the free version, so if you don't need to use Elastic Security as an emergency service, you could go for the free version.

What other advice do I have?

I'd advise those looking into implementing Elastic Security to try to understand what they need to improve in terms of metrics, protection, and response and consider if this solution will solve your problems in these areas. I would rate Elastic Security seven out of ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
Flag as inappropriate
PeerSpot user
I.T. Manager at a healthcare company with 51-200 employees
Real User
Top 5
Analyses your security data quickly and effectively
Pros and Cons
  • "Just the ability to do a lot more than just up-down is nice, which a lot of people take for granted."
  • "The biggest challenge has been related to the implementation."

What is our primary use case?

We plan to use it to analyze the data that we're pumping into it from Active Directory and from firewalls, then we'll pass that information onto our own external SOC.

What is most valuable?

We really haven't had any significant SIEM solutions, so it's all new to us, other than a simple up-down solution. Just the ability to do a lot more than just up-down is nice, which a lot of people take for granted.

What needs improvement?

The biggest challenge has been related to the implementation. It's a very complex product which, without a lot of knowledge or a lot of training, it's very difficult to get into and make use of. They try and make a lot of the general features very simple to access; a lot of the dashboards are very simple to use and so forth, but a lot of the refined capabilities take serious skills. They're not necessarily the easiest to implement.

For how long have I used the solution?

We've been trying to implement it and get it up and going for a good three to four months now.

What do I think about the stability of the solution?

Elastic SIEM is pretty stable. I did have a problem during one of the upgrades, but customer support was able to resolve it for me quickly. Other than that, it's been very reliable and stable.

How are customer service and technical support?

The customer service is great; not a whole lot of back-and-forth going on.

How was the initial setup?

The initial setup was pretty straightforward.

What's my experience with pricing, setup cost, and licensing?

It's a monthly cost with Elastic SIEM, but I am not sure of the exact cost.

What other advice do I have?

In our case, being a medium-sized business, it takes a lot of resources to learn how to properly use and implement it — you need to have a good understanding. They give you a very good framework and a very good solution to work with, but there's a lot of intuition that's required to actually make it work well. It requires a lot more effort than they would lead you to believe or that you would even expect.

On a scale from one to ten, I would give this solution a rating of eight. This is based on my experiences from the past as we're still implementing it.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Buyer's Guide
Elastic Security
September 2022
Learn what your peers think about Elastic Security. Get advice and tips from experienced pros sharing their opinions. Updated: September 2022.
633,184 professionals have used our research since 2012.
Chief Operating Officer / SR. Project Manager at SCS
Real User
Top 20
A flexible, cost-effective, and reliable solution
Pros and Cons
  • "One of the most valuable features of this solution is that it is more flexible than AlienVault."
  • "It is difficult to anticipate and understand the space utilization, so more clarity there would be great."

What is our primary use case?

We use it as a SIEM for monitoring a client's environment.

What is most valuable?

One of the most valuable features of this solution is that it is more flexible than AlienVault. 

What needs improvement?

It is difficult to anticipate and understand the space utilization, so more clarity there would be great.

For how long have I used the solution?

My company has been using this solution for two years.

What do I think about the stability of the solution?

It is a very stable solution.

What do I think about the scalability of the solution?

The solution is very scalable.

How are customer service and support?

The technical support is adequate.

How would you rate customer service and support?

Neutral

Which solution did I use previously and why did I switch?

We currently use AlienVault for some clients and Elastic Security for others. We chose Elastic Security because we felt it was the most flexible, cost-effective solution to provide the results needed.

How was the initial setup?

In certain respects, the setup of this solution is more straightforward than other solutions, but in other respects, it's more complex because it needs more fine-tuning than Splunk or AlienVault.

What about the implementation team?

We implemented through an in-house team and it took about two months.

What's my experience with pricing, setup cost, and licensing?

The licensing cost depends on the size of the environment it's monitoring. Everything is based on volume, as with all SIEMs. When compared to other products, the price is average or on the low side.

Which other solutions did I evaluate?

We evaluated several options, including Monster SIEM, Splunk, and Wazuh.

What other advice do I have?

There's a lot of fine-tuning involved with this solution. When you go to a diner, and the menu has everything on it, and you can't figure out which part to look at first, it's a double-edged sword. You can do everything with this solution, which means you have to figure out which part of "everything" makes sense for your company to do.

I would rate this solution as an eight out of ten. It's a good value for money and a  reliable solution, but it's heavily reliant on appropriate configuration.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
PeerSpot user
KarthikeyanSrinivasan - PeerSpot reviewer
Sr Cloud Data Architect at Sun Cloud LLC
Real User
Top 5
A flexible product that can be used in a number of scenarios, but its knowledge is quite rare and hard to come by
Pros and Cons
  • "Its flexibility is most valuable. We can have a number of scenarios, and we can get logs from anything. If we know how to use Logstash, we can tweak it in many ways. This makes the logging search on Elastic very easy."
  • "We are paying dearly for the guy who is working on the ELK Stack. That knowledge is quite rare and hard to come by. For difficulty and availability of resources, I would rate it a five out of 10."

What is our primary use case?

It is for our own infrastructure. We are trying to do ELK Stack for everything. We are trying to build our own monitoring solution. For now, we are using it as an alerting solution, and SIEM is going to be our destination.

What is most valuable?

Its flexibility is most valuable. We can have a number of scenarios, and we can get logs from anything. If we know how to use Logstash, we can tweak it in many ways. This makes the logging search on Elastic very easy.

With Kibana, we can make very beautiful dashboards the way we wanted. It makes sense for the business.

What needs improvement?

We are paying dearly for the guy who is working on the ELK Stack. That knowledge is quite rare and hard to come by. For difficulty and availability of resources, I would rate it a five out of 10.

What do I think about the scalability of the solution?

We don't have any scalability problems as of now. We have less than 2,000 devices.

What about the implementation team?

We have a contractor who is trying to develop and deploy the ELK Stack for us. He has requested a couple of servers, and we have given those to him. He asked for more RAM and storage for the service, and he will take time developing the custom Logstash scripts that we have asked for.

What's my experience with pricing, setup cost, and licensing?

I find it better than Splunk in terms of cost-effectiveness. For cost-effectiveness, I would rate it a nine out of 10.

What other advice do I have?

It is complex, but you just need to have patience and personnel to develop it. Unless you explore a technology, you won't know what are the pros and cons. I have not seen any cons as of now, but it has miles to go in terms of being equal to Splunk. It is a community-driven technology. So, it will get there.

I would rate this solution a seven out of 10.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Giuseppe Ragazzini - PeerSpot reviewer
Project Delivery Manager at Spindox
Real User
Top 20
A good SIEM solution but doesn't have as many features as its competitors
Pros and Cons
  • "It's not very complicated to install Elastic."
  • "With Elastic, you have to build the use cases for the specific requirement. Other products have a simple integration and more use cases to integrate out-of-the-box solutions for SIEM."

What is our primary use case?

I worked for a telco client for the security model of Elastic, but my role was unit manager. I don't have a lot of technical expertise, but I decided on the solution for a client, and I was responsible for the delivery.

I worked with the security of the mobile app. I see all the logs in Elastic for SIEM. I monitored the logging and some logs from the machine for a UNIX system with some use cases like the machine's file system.

This solution is deployed on-premise.

We provide this solution to our customers, which are telcos, in the finance industry, and in retail.

What is most valuable?

I think that it's a good solution for a SIEM.

What needs improvement?

Elastic doesn't have the features like other competitors in SIEM. For example, Dynatrace as a solution for SIEM has features that Elastic actually don't have.

With Elastic, you have to build the use cases for the specific requirement. Other products have a simple integration and more use cases to integrate out-of-the-box solutions for SIEM. That's the improvement I would like to see.

What do I think about the stability of the solution?

The product is stable.

Which solution did I use previously and why did I switch?

Other products like Splunk are better than Elastic for a SIEM because there are some use cases already available for a client. Elastic doesn't have this, so the user must build the SIEM solution. I think that Elastic has to increase the features for the SIEM.

How was the initial setup?

It's not very complicated to install Elastic, but I didn't deploy it.

What other advice do I have?

I would rate this solution 7 out of 10.

It's a good solution and I would recommend it, but there are other products that have more features that Elastic doesn't have.

Which deployment model are you using for this solution?

On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
Flag as inappropriate
PeerSpot user
Principal Cyber Security Manager at Ask4key
Real User
Top 20
Valuable prevention methods and asset alerts, but room for improvement in the Kibana dashboard and asset management

What is our primary use case?

My clients use this solution for security purposes and SIEM and log management.

What is most valuable?

The most valuable features of the solution are the prevention methods and the incident alerts. 

What needs improvement?

There is room for improvement in the Kibana dashboard and in the asset management for the program.

For how long have I used the solution?

I've been working with Elastic Security for almost two years now.

What do I think about the stability of the solution?

The solution is stable if you don't touch it too much. Meaning, it's technically stable, but if there is a period of downtime, you will face quite a big hiccup in getting it running again and stabilized.

What do I think about the scalability of the solution?

The scalability of Elastic is amazing. 

How are customer service and support?

I would say the technical support isn't really good or bad. On a scale of one to ten, I would give it a five. 

How would you rate customer service and support?

Neutral

How was the initial setup?

The setup can sometimes be quite complex for the backend team. It all depends on the client's environment, so we have to be flexible.

What about the implementation team?

My company provides a team for deployment, which usually consists of at least three or four engineers. Deployment generally takes six months to one year.

What was our ROI?

I would say that, on average, a good ROI can be seen within one and a half to two years after deploying Elastic Security. 

What's my experience with pricing, setup cost, and licensing?

Licensing for the solution is available as a one-year or three-year plan, and all of the features are included.

What other advice do I have?

I would rate this solution as a seven out of ten.

Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
Flag as inappropriate
PeerSpot user
Associate Director - Solutions at a comms service provider with 1,001-5,000 employees
Real User
Good indexing of logs, cost-effective, and stable
Pros and Cons
  • "I like the indexing of the logs."
  • "Better integration with third-party APMs would be really good."

What is our primary use case?

We use this solution for the Microsoft deployment of auto-management.

What is most valuable?

I like the indexing of the logs.

For how long have I used the solution?

I have been using ELK Logstash for one year.

What do I think about the stability of the solution?

This product is quite stable and I've not seen any type of issue with it so far.

What do I think about the scalability of the solution?

With respect to scalability, you have to properly plan. Generally, I don't see any issues with scalability.

How are customer service and technical support?

We have not used technical support because we always had talent within the company for end-user support.

Which solution did I use previously and why did I switch?

This was a solution that our client chose, and they were not using a different one prior to this.

How was the initial setup?

I do not think that we had any issues with the deployment. Overall, I would say that the process is of medium complexity.

What about the implementation team?

The support team assisted us with the deployment. I don't think that we had any issues with the team.

What's my experience with pricing, setup cost, and licensing?

Compared to other products such as Dynatrace, this is one of the cheaper options.

Which other solutions did I evaluate?

Our client provided us with this option after they had already been through a selection process.

What other advice do I have?

My advice is that this is a good product to use if you are financially contained, and you want to start with something small. Later, if you need to scale then you can look at other options.

I would rate this solution an eight out of ten.

Which deployment model are you using for this solution?

Public Cloud
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
DevOps Manager at a tech services company with 11-50 employees
Real User
Lacking user interface, not stable, but free to use
Pros and Cons
    • "The solution does not have a UI and this is one of the reasons we are looking for another solution."

    What needs improvement?

    The solution does not have a UI and this is one of the reasons we are looking for another solution.

    When setting up some of the pipelines we are receiving different types of log messages with different patterns. When I try to force a certain pattern I need to restart the solution causing a huge inconvenience for us.

    For how long have I used the solution?

    I have been using the solution for one year.

    What do I think about the stability of the solution?

    The solution is not stable.

    What do I think about the scalability of the solution?

    We have approximately 15 users using the solution in my organization.

    How was the initial setup?

    When doing the installation, the ELK is working well but sometimes when we search for specific words there is no longer any inception throughout. This issue has been difficult to debug or fix.

    The index is very important when using this solution. We encountered a couple of issues when we set up the wrong index, it causes everything to go down. That means if we set up something incorrectly with the index, the solution will be down and we do not know why.

    What's my experience with pricing, setup cost, and licensing?

    The solution is free.

    Which other solutions did I evaluate?

    We are currently evaluating other solutions to replace this one, such as Datadogs and New Relic. Datadog has a UI that this solution is lacking.

    What other advice do I have?

    I would not recommend this solution.

    I rate ELK Logstash a five out of ten.

    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    PeerSpot user
    Buyer's Guide
    Download our free Elastic Security Report and get advice and tips from experienced pros sharing their opinions.
    Updated: September 2022
    Buyer's Guide
    Download our free Elastic Security Report and get advice and tips from experienced pros sharing their opinions.