Elastic Security Reviews

Our primary use case of this solution is for application performance monitoring. We are customers of ELK.

This solution enables us to monitor application performance from Elasticsearch and we can predict some behaviors for applications using ELK. This product is distributed and scalable which is good for us.

The troubleshooting or diagnostic tool can be improved to provide a better understanding of internal behavior and how data is stored. It would also be helpful if they were to release the next version as a plugin or an extension, or as a JAR file, for the latest features. When releasing a new version they currently provide a new stack which means everything needs to be removed before the new version is installed. 

I've been using this solution for five years. 

The solution is generally stable, although with each new upgrade there is an adjustment period. They upgrade versions very regularly and it's hard to keep up. By the time my environment is stable with the previous versions, they are already bringing out a new version. 

Scalability is very good with this product. 

I'm not satisfied with technical support because whenever you raise a case, it goes to some random support person who asks questions about the architecture. It's a waste of time. I'm a platinum customer so each time I raise a request, it should go to a dedicated customer support representative who knows my case. It's very difficult when you work in a highly secure environment to get all the logs and send the logs to them each time. 

The initial setup is easy, but as you begin using the more advanced features like security and authentication with an AM and LM, then it becomes a bit tricky.

Licensing costs are high, they charge based on the nodes and the RAM. If I purchase a license for a 64GB RAM node and then want to have 128GB RAM, I can't because it's not in the contract so I have to pay on top of that. They removed a feature that allows me to provide multiple disks for one node so if I now want to add an extra disk to the volume, I have to buy a license for one extra node. It's very unfair. 

I would recommend this solution for an organization that doesn't require a highly secured environment, because they'll have to deal with the issues of VM upgrades and installations. If it's a highly secured environment like a bank, then I suggest ELK cloud instead of on-prem.

I rate this solution a seven out of 10. 

There are around 150 pre-built use cases. One of the major use cases is when somebody tries to fiddle with logs, Elastic SIEM creates an alert because logs are the most critical things from the security aspect. For example, I have more than 1,000 terminals, which can be desktops, laptops, or any sort of servers. If somebody tries to delete Windows logs, Elastic SIEM immediately generates an alert indicating that somebody is trying to fiddle with the logs. Elastic SIEM sends me a pop-up message as well as an email.

It is very quick to react. I can set it to check anomalies or suspicious behavior every 30 seconds. It is very fast.

Elastic has a lot of beats, such as Winlogbeat and Filebeat. Beats are the agents that have to be installed on the terminals to send the data. When we install beats or Elastic agents on every terminal, they don't overload the terminals. In other SIEM solutions such as Splunk or QRadar, when beats or agents are installed on endpoints, they are very heavy for the terminals. They consume a lot of power of the terminals, whereas Elastic agents hardly consume any power and don't overload the terminals. 

There should be a simulation environment to check whether my Elastic implementation is functioning perfectly fine. Other competitors provide a simulation environment so that I can simulate an IT attack and see how my solution is reacting or giving me alerts. I have not found any such feature in Elastic.

Other solutions have their own Android and iOS applications that I can install on my mobile so that I am continuously connected to the SIEM. This is something missing in Elastic. There is no mobile app.

Its documentation should be a bit better. I have to spend at least a couple of hours to find the solution for a simple thing. The documentation should be more precise and much better than what their counterparts are offering.

When we buy Elastic, training is not included for free with Elastic. We have to pay extra for the training. They should include training in the price.

It is, for sure, reliable.

It is highly scalable. We at least have two dozen people who are using it. Some people may be using only a part of it, and some may be fully involved in it.

We have plans to increase its usage. We are ready with a running full-fledged server, and we can even handle data for potential customers. We are definitely planning to widen its usage.

I have interacted with them. They are quite responsive, and they do respond within the SLA.

I was not there when the deployment was done, but based on what I have heard, it was complex because of the server deployment and cluster formation, and it took at least two months.

Its price is fine. Its licensing works on a yearly basis. We have to renew the license every year.

I also have a good experience with Darktrace. When we buy Darktrace, we get training free of cost, which is not there in Elastic. We have to pay extra for training. There is certainly room for improvement.

I was not in this company when this was chosen.

I would advise going for the latest version, but it may or may not be backward compatible. Nowadays, version 7.12 is the latest version, and I see that it is actually not compatible with the older versions. 

I would rate Elastic SIEM a seven out of ten.

My use case for the product revolved around conducting demonstrations and testing. It also helped me with tracing ransomware and managing threat scenarios.

The integration with Siemens Endpoint Security in Elastic Security has been beneficial for security. The provided rules are good, making it easy to create and understand rules. Patterns and detections are made through index patterns, requiring some follow-up steps.

In real-time, the impact of Elastic Security on ransomware is significant. For known and repeated ransomware, it can detect and prevent effectively using established signatures and behavioral patterns. However, for new types of ransomware with less complex behaviors or those that modify files minimally, conventional detection methods may struggle. Elastic Security proves to be effective even in challenging cases.

On the cloud, it allows testing of SaaS-based applications, performance evaluations using CDMs and APIs, incident detection within company network infrastructures, and comprehensive management of security services.

Improvements in Elastic Security could include refining and normalizing queries to make them more user-friendly, enhancing the user experience with better documentation, and addressing any latency issues.

I have utilized Elastic Security for approximately three to four months.

I rate the product’s stability an eight out of ten.

Scaling Elastic Security is relatively easy, with a rating of seven out of ten.

The tool's deployment is straightforward. 

I rate the overall product an eight out of ten.

Elastic Security is very easy to adapt. 

The tool should improve its scalability. 

I have been working with the product for seven years. 

The solution is stable. 

Our DevOps uses the product regularly. 

I would rate the solution a seven out of ten. 

The product has huge integration varieties available. 

The tool needs to integrate with legacy servers. Big companies can have legacy servers that may not always be updated. 

I have been working with the solution for the last eight months. 

The solution is scalable and flexible. My company has 20 users for the product. 

We had relied on in-house support initially. However, we understand now that there are a few areas where we need to have vendor support. So we have contacted a few different companies and contractors for it. In the beginning, it may be possible to do support in-house. However, if you have a lot of commercial production environment services, then it is very hard to do without vendor support. 

We decided to use the solution because it was a very promising tool and other alternatives had limitations. The tool has availability, data infrastructure, data uptime, etc. The solution is quite flexible in terms of cost. You don't need to buy a license for each and everything. Whenever you require a license, you can just buy it. I think these are the two main drivers. The product is quite open in terms of integration with machine learning which helps us with proactive monitoring. 

The product's initial setup is very easy. I think the most important point is how you design your infrastructure because the solution is quite open. So you have to design it based on the nature of the data. You also need to get a life cycle so that there is no load on the storage. The solution's flexibility depends on how you design it. 

The tool's pricing is flexible and comes at unit cost. You don't have to pay for everything. 

I would rate the product an eight out of ten. You should use the solution if you want to have a very detailed machine-learning artificial intelligence. However, for certain production licenses, you need to prepare. It is open to different configurations and can just fit according to your requirements. This is one of the solution's good parts. 

We are using Elastic Security for logging the application logs, as we use a microservice architecture. So all application logs are saved to this LogSpot.

It helps us detect errors and keep an eye on the application in both the development and production environments.

It can handle millions of loads at a time, and you can always use the filters to find exactly what you are looking for and detect errors in every log message you are searching for, basically.

There is an area of improvement in the Logs list. The load list may need to be paginated as there are limits. So if you are looking for logs for a specific application, you may get 50 lines of logs, but then you are lost. You need to add more features to specify your request so you can get the final result. It would be better to have additional features to specify your request and get the complete result.

I have been using this solution for nine months. Although, I am not using the latest version. 

I would rate the stability a nine out of ten. 

I would rate the scalability an eight out of ten. 

We definitely saw an ROI. It quickly finds the bugs.

I would recommend using it, especially if you have a microservice architecture. I also have a friend who has been using it for some big data projects, so I would recommend it for that as well. 

Overall, I would rate the solution a nine out of ten. 

I use Elastic Search to collect logs from an Active Directory server and forward the incidents to the SOAR solution.

Elastic Security is a highly flexible platform that can be implemented anywhere. 

The setup process is complex. You need a solid working knowledge of networking, operating systems, and a little programming. 

I have used Elastic Security for three or four months.

I rate Elastic Security seven out of 10 for stability. It isn't very stable. 

The setup process is highly complex because you need to configure every agent separately and then connect them to each other and the system architecture. It would be difficult for the average user. I had a cybersecurity consultant to help me set up some of the agents. It took about three days to deploy. Maintaining Elastic Search is also challenging.

I rate Elastic Search seven out of 10. I would recommend it for people who are using it to learn about solutions, but I don't think it's capable of doing the work on an enterprise level. 

I sell Elastic Security to my customers. Almost all my customers use the free version, but some use the enterprise version.

I like that it's a SIEM platform. I like that I can sell Elastic Security quickly. Elastic Security has a large community that can support users.

It would be better if Elastic Security had less storage for data. My customers do not like this. Other vendors have local support in different countries, but Elastic Security doesn't. I would like to have Operational Technology (OT) Security in the next release.

I have been working with this Elastic Security for about ten months.

Elastic Security is a stable solution. It's the most stable solution I have ever seen.

The initial setup is straightforward. Anyone who knows the basic features can implement this product. Elastic Security has a large community that can support users.

We implement this solution for our customers. We present and demonstrate the POC, and we support them. After the implementation, we provide the provisioning service. Deployment time depends on the business size, but it usually takes about 20 days to a month. 

The price is reasonable. It probably costs the same as ArcSight and LogRhythm SIEM. FortiSIEM might cost less than Elastic Security. There are no hidden or additional costs.

This product is better suited for large enterprises. It's one of the best options in the marketplace. I would tell potential users to use all the features because they are already collecting all the logs and data in one place.

On a scale from one to ten, I would give Elastic Security an eight.