Elastic Security Reviews

We have different use cases. We implement it for the banking and healthcare sectors. It's the most useful for the e-commerce platforms that we deploy it for. The most important feature is Elasticsearch.

They also use it for security. Elastic Security has been deployed in the National Bank of Dubai. They are currently using Elastic Stack and they're also using the security version. 

It's a good platform and the very best in the current market. We looked at the Forester report from December 2022 where it was said to be a leader. 

There are many benefits. It provides log monitoring, synthetic monitoring, real user monitoring, and application performance monitoring. 

These are the four main use cases that most organizations use it for. They want to know the downtime and the errors in the code. They acquire it through my company. It's mainly used by SMB-sized companies but not enterprise.

Elastic has one problem. In the past, Elastic Security was free. Now, they currently only offer the basic license or a certain period of time. 

The platinum and enterprise level features aren't offered in the free version and most organizations use the free version. They don't pay for the paid features. That's a problem in the market from the Elastic side. They should have a way for everybody to be able to benefit from the premium features. 

I have been using Elastic Security for one year. 

I would rate Elastic Security a nine out of ten. 

We are looking for the same tool on-premises that we can provide to our client as an MSSP. We're evaluating different types of tools in the market.

Although, we have a premium version, and I was checking the functions and features here.

We have some questions about the query language. So that also from this console and so that we can actually want to have a demonstration session where we can clarify this thing query to manage.

The interesting thing is about the dashboard. There are available widgets for the dashboards, along with specific features like different types of reports, such as a list of alerts. This helps to remind us which events are happening most often.

We are still evaluating the solution, but the dashboard is something good. And one more thing, it also has anomaly reports. I like that there is a report that is only based on anomaly-related activity.

One limitation of Elastic Security is that it does not have built-in workflows for all tasks. For example, if you need a workflow for compliance, you will need to create a custom workflow.

Sometimes, different types of clients require different workflows. And it absolutely varies from context to context. So that is often not available in [Elastic Security].

Additionally, the list of data sources that Elastic Security supports is limited. If you need to collect data from a system or application that is not on the list, you will need to develop a custom integration.

We have been evaluating it for the last two months.  

It works fine on the few devices we have deployed this solution. 

The scalability is good. It can be scaled easily in the production environment. 

The initial setup is easy. 

The pricing is fine. But the basic pricing should cover all the features you need.  Elastic needs to add more features, which are available as subscription-based add-ons. So more features may need to be added.

Overall, I would rate the solution an eight out of ten. We are still evaluating Elastic Security, but we are interested in learning more about its capabilities.

We are using Elastic Security for logging the application logs, as we use a microservice architecture. So all application logs are saved to this LogSpot.

It helps us detect errors and keep an eye on the application in both the development and production environments.

It can handle millions of loads at a time, and you can always use the filters to find exactly what you are looking for and detect errors in every log message you are searching for, basically.

There is an area of improvement in the Logs list. The load list may need to be paginated as there are limits. So if you are looking for logs for a specific application, you may get 50 lines of logs, but then you are lost. You need to add more features to specify your request so you can get the final result. It would be better to have additional features to specify your request and get the complete result.

I have been using this solution for nine months. Although, I am not using the latest version. 

I would rate the stability a nine out of ten. 

I would rate the scalability an eight out of ten. 

We definitely saw an ROI. It quickly finds the bugs.

I would recommend using it, especially if you have a microservice architecture. I also have a friend who has been using it for some big data projects, so I would recommend it for that as well. 

Overall, I would rate the solution a nine out of ten. 

It is currently deployed as a single instance, but we are currently looking at clusters. We are using it for a logging solution. I'm a developer and act as a server engineer for DevOps Engineers. It's used by developers and mobile developers. It could be used by quite a few different teams.

It is quite comprehensive, and you're able to do a lot of tasks. It has dashboards and we're able to create a lot of search queries. It is not easy to use, but once you get the hang of it, then it provides good graphs and visuals such as these. The indexes allow you to get your results quickly. The filtering and log passing is the advantage of Logstash.

In terms of query resolution, error searching finding and production issues, we're able to find issues quicker. We don't need to manually obtain the logging reports. All bugs in code are quickly identified in the logs as they are in one centralized logging location.

We're using the open-source edition, for now, I think maybe they can allow their OLED plugin to be open source, as at the moment it is commercialised. We are planning to go into the production to use the enterprise edition, we just wanted to check how this one works first.  I think maybe on the last exercise part, I think the index rotation can be improved. It's something that they need to work on. It can be complex on how the index, all the logs that have been ingested, the index rotation can be challenging, so if they can work on that. In terms of ingestion, I think they should look at incorporating all operating systems. It should be easy to collect logs from different sources without a workaround to push the logs into the system. For example, in AIX, there's no direct log shipper so you do need to do a bit of tweaking there.

We have been using ELK Logstash for three years or so. We believe we are using the latest version. 

The solution is quite stable, although it does need a bit of maintenance, and because there is quite a lot of plugins that come with it. There's a lot of testing that is involved to ensure that nothing breaks.

The solution is scalable. So you're able to extend it and grow it. For example, you're able to put it in a cluster, so it is quite scalable.

I have used the technical support. Their forums are quite good in terms of response. There is quite a big community of forums, where you can get similar question or issues that others have experienced issues previously. Even then direct support is quite good. They also have regional support. 

Logging solution previously, but mainly I've been using Graylog and ELK. Graylog gives you centralized logging. It's built for a logging solution, whereas ELK is designed and built for more big data. If you want to go in deeper into analytics, ELK gives you that flexibility and out of the box models. The two solutions are widely used by a lot of bigger clients in the industry and they've been tried and tested.

With ELK, installation is not really straightforward. There are about three applications to consider. It's quite intense in terms of set up, but once you've done the setup, then it's nice and smooth. The implementation took about 3 weeks, but that is because I was doing it in between other projects. We used an implementation plan. It was deployed to the development environment, then the Point of Concept (POC) environments. It was then deployed into the production environment.

We implemented the solution in-house. There were no third parties involved. For deployment and maintenance, we just need about two to three people and the role is known as maintenance and installation.

We're using the open-source solution, So there are no-cost implications on it, but we are planning to use it throughout the organization. So, we will soon adopt the open-source model and depending on if there is a need for enterprise then we'll go down the enterprise route. If you need a lasting solution, you do need to buy the license for the OLED plugin. The free version comes fully standard and has everything that you need. It is easy to deploy, easy to use, and you get everything you need to become operational with it, and have nothing further to pay unless you want the OLED plugin. 

We also have Graylog, for Graylog we're using it in parallel for a similar solution. At the moment, we're basically just comparing the two and see which one is preferred.

Do a POC first. They should compare solutions and also look at different log formats they're trying to ingest. See how it really fits with the use case. This goes for ELK and Graylog. You can trial the enterprise version. In terms of lessons learned it does need some time and resources. It also needs adequate planning. You need to follow the documentation clearly and properly. I would give this solution 8 out of 10. 

Elastic Security is very easy to adapt. 

The tool should improve its scalability. 

I have been working with the product for seven years. 

The solution is stable. 

Our DevOps uses the product regularly. 

I would rate the solution a seven out of ten. 

I use Elastic Search to collect logs from an Active Directory server and forward the incidents to the SOAR solution.

Elastic Security is a highly flexible platform that can be implemented anywhere. 

The setup process is complex. You need a solid working knowledge of networking, operating systems, and a little programming. 

I have used Elastic Security for three or four months.

I rate Elastic Security seven out of 10 for stability. It isn't very stable. 

The setup process is highly complex because you need to configure every agent separately and then connect them to each other and the system architecture. It would be difficult for the average user. I had a cybersecurity consultant to help me set up some of the agents. It took about three days to deploy. Maintaining Elastic Search is also challenging.

I rate Elastic Search seven out of 10. I would recommend it for people who are using it to learn about solutions, but I don't think it's capable of doing the work on an enterprise level. 

The solution is compatible with the cloud-native environment and they can adapt to it faster. 

Elastic Security's maintenance is hard and its scalability is a challenge. There are complications in scaling and upgrading. The solution needs to also provide periodic upgrade checks. 

I have been working with the solution for four years. 

The product is stable. 

The product's initial setup is straightforward but experts need to do it. 

The base product is open-source but if you need advanced security features then you need to pay for the subscription. Elastic Security's price is reasonable in some cases and in other cases it's not. 

I would rate the tool a seven out of ten. The solution has a very active community with troubleshooting cases. You need to consider the growth rate and environmental complexity when buying the product. If you need to use a multi-node or cluster version, then install it during initiation itself. So that you don't need to do the same procedure in the next three to six months. 

My customers use Elastic Security for security monitoring, threat hunting, and threat identification.

What customers found most valuable in Elastic Security feature-wise is the search capability, in particular, the way of writing the search query and the speed of searching for results.

An area for improvement in Elastic Security is the pricing. It could be better. Right now, when you increase the volume of logs to be collected, the price also increases a lot.

I've been working with Elastic Security for four to five years now.

Elastic Security is a stable solution.

In terms of scalability, Elastic Security is pretty scalable.

I haven't escalated any issues with the Elastic Security technical support team.

In comparison with other similar solutions in the market, customers go with Elastic Security because of its scalability and its good performance. The solution has a good search feature, especially when a large volume of logs needs to be collected. Elastic Security also gives you pretty good results compared to other solutions.

The initial setup for Elastic Security is quite straightforward. For the cloud version of the solution, it's easy because it requires no installation. If you're setting up the on-premises version of Elastic Security, then it would take around three to four days to complete.

The licensing cost of Elastic Security is based on the daily ingestion rate. I can't recall the exact figure, but for 10GB of log action daily, it would cost around $20,000.

I've had customers for Elastic Security in the last twelve months.

Elastic Security requires maintenance, especially in a scaled-up environment, because you have multiple machines that work in a cluster environment, so you'll need some advanced skills to maintain that cluster. The solution becomes harder to maintain once it's scaled up.

Elastic Security is a pretty straightforward solution I'd recommend to others, though you'd need a person who'll pick up the query or search language because Elastic Security requires a lot of query language, so you can search for data on it. There's a special search query pattern you have to remember before you can do the search or for you to do a better search. You can always do a normal search on Elastic Security, but if you want to have better search results or more accurate results, you need to learn the query language first.

My rating for Elastic Security is eight out of ten because of its good performance and scalability. Its good search feature is very important for the use cases of my customers, but I deducted two points because the pricing for Elastic Security could still be improved.