Elastic Security Reviews

We are looking for the same tool on-premises that we can provide to our client as an MSSP. We're evaluating different types of tools in the market.

Although, we have a premium version, and I was checking the functions and features here.

We have some questions about the query language. So that also from this console and so that we can actually want to have a demonstration session where we can clarify this thing query to manage.

The interesting thing is about the dashboard. There are available widgets for the dashboards, along with specific features like different types of reports, such as a list of alerts. This helps to remind us which events are happening most often.

We are still evaluating the solution, but the dashboard is something good. And one more thing, it also has anomaly reports. I like that there is a report that is only based on anomaly-related activity.

One limitation of Elastic Security is that it does not have built-in workflows for all tasks. For example, if you need a workflow for compliance, you will need to create a custom workflow.

Sometimes, different types of clients require different workflows. And it absolutely varies from context to context. So that is often not available in [Elastic Security].

Additionally, the list of data sources that Elastic Security supports is limited. If you need to collect data from a system or application that is not on the list, you will need to develop a custom integration.

We have been evaluating it for the last two months.  

It works fine on the few devices we have deployed this solution. 

The scalability is good. It can be scaled easily in the production environment. 

The initial setup is easy. 

The pricing is fine. But the basic pricing should cover all the features you need.  Elastic needs to add more features, which are available as subscription-based add-ons. So more features may need to be added.

Overall, I would rate the solution an eight out of ten. We are still evaluating Elastic Security, but we are interested in learning more about its capabilities.

Our primary use case of this solution is for application performance monitoring. We are customers of ELK.

This solution enables us to monitor application performance from Elasticsearch and we can predict some behaviors for applications using ELK. This product is distributed and scalable which is good for us.

The troubleshooting or diagnostic tool can be improved to provide a better understanding of internal behavior and how data is stored. It would also be helpful if they were to release the next version as a plugin or an extension, or as a JAR file, for the latest features. When releasing a new version they currently provide a new stack which means everything needs to be removed before the new version is installed. 

I've been using this solution for five years. 

The solution is generally stable, although with each new upgrade there is an adjustment period. They upgrade versions very regularly and it's hard to keep up. By the time my environment is stable with the previous versions, they are already bringing out a new version. 

Scalability is very good with this product. 

I'm not satisfied with technical support because whenever you raise a case, it goes to some random support person who asks questions about the architecture. It's a waste of time. I'm a platinum customer so each time I raise a request, it should go to a dedicated customer support representative who knows my case. It's very difficult when you work in a highly secure environment to get all the logs and send the logs to them each time. 

The initial setup is easy, but as you begin using the more advanced features like security and authentication with an AM and LM, then it becomes a bit tricky.

Licensing costs are high, they charge based on the nodes and the RAM. If I purchase a license for a 64GB RAM node and then want to have 128GB RAM, I can't because it's not in the contract so I have to pay on top of that. They removed a feature that allows me to provide multiple disks for one node so if I now want to add an extra disk to the volume, I have to buy a license for one extra node. It's very unfair. 

I would recommend this solution for an organization that doesn't require a highly secured environment, because they'll have to deal with the issues of VM upgrades and installations. If it's a highly secured environment like a bank, then I suggest ELK cloud instead of on-prem.

I rate this solution a seven out of 10. 

I was using this product up until recently when I changed companies, but I have been asked to implement logging in my new role and this is one of the options that I am considering.

It was used in conjunction with Kibana to examine our logs and perform debugging. When a user complained about misbehavior in an application, we would research the logs, test, and try to find out where the bug is.

The most valuable feature for me is Discover. I have not used all of the features, so I can't say that this will be best for everyone.

I would like the process of retrieving archived data and viewing it in Kibana to be simplified.

We ran into trouble once or twice regarding problems with timestamps that came about because of issues with memory. Consequently, the correct data was not logged and it had to be done again.

I used this product for about eight months, up until about two months ago.

We were using this solution once or twice every couple of weeks when we encountered a bug. I found that it was stable.

I have not tested scalability. In my previous company, there were 20 people on the team, but only the backend developers were using ELK Logstash. This was perhaps 10 users.

We hosted this solution ourselves, so there was no technical support.

We have used Graylog in the past, but it was self-hosted and the experience wasn't great.

I did not do the initial setup myself.

My colleague deployed this solution for me.

This is an open-source product, so there are no costs.

When my colleague set up this application, it was configured such that every seven days, the data is archived into long-term storage. When I needed something from the archived logs, it was easy to retrieve and I could look through them again. This is something that I would suggest doing.

My suggestion for anybody who is implementing ELK Logstash is to make sure that the entire team knows how to use it. If only one person knows it and takes care of it, then it is not a very productive experience. On the other hand, if everybody is familiar with it, the experience will be much better.

This is definitely a product that I recommend using.

I would rate this solution an eight out of ten.

We have different use cases. We implement it for the banking and healthcare sectors. It's the most useful for the e-commerce platforms that we deploy it for. The most important feature is Elasticsearch.

They also use it for security. Elastic Security has been deployed in the National Bank of Dubai. They are currently using Elastic Stack and they're also using the security version. 

It's a good platform and the very best in the current market. We looked at the Forester report from December 2022 where it was said to be a leader. 

There are many benefits. It provides log monitoring, synthetic monitoring, real user monitoring, and application performance monitoring. 

These are the four main use cases that most organizations use it for. They want to know the downtime and the errors in the code. They acquire it through my company. It's mainly used by SMB-sized companies but not enterprise.

Elastic has one problem. In the past, Elastic Security was free. Now, they currently only offer the basic license or a certain period of time. 

The platinum and enterprise level features aren't offered in the free version and most organizations use the free version. They don't pay for the paid features. That's a problem in the market from the Elastic side. They should have a way for everybody to be able to benefit from the premium features. 

I have been using Elastic Security for one year. 

I would rate Elastic Security a nine out of ten. 

Elastic Security is very easy to adapt. 

The tool should improve its scalability. 

I have been working with the product for seven years. 

The solution is stable. 

Our DevOps uses the product regularly. 

I would rate the solution a seven out of ten. 

The product has huge integration varieties available. 

The tool needs to integrate with legacy servers. Big companies can have legacy servers that may not always be updated. 

I have been working with the solution for the last eight months. 

The solution is scalable and flexible. My company has 20 users for the product. 

We had relied on in-house support initially. However, we understand now that there are a few areas where we need to have vendor support. So we have contacted a few different companies and contractors for it. In the beginning, it may be possible to do support in-house. However, if you have a lot of commercial production environment services, then it is very hard to do without vendor support. 

We decided to use the solution because it was a very promising tool and other alternatives had limitations. The tool has availability, data infrastructure, data uptime, etc. The solution is quite flexible in terms of cost. You don't need to buy a license for each and everything. Whenever you require a license, you can just buy it. I think these are the two main drivers. The product is quite open in terms of integration with machine learning which helps us with proactive monitoring. 

The product's initial setup is very easy. I think the most important point is how you design your infrastructure because the solution is quite open. So you have to design it based on the nature of the data. You also need to get a life cycle so that there is no load on the storage. The solution's flexibility depends on how you design it. 

The tool's pricing is flexible and comes at unit cost. You don't have to pay for everything. 

I would rate the product an eight out of ten. You should use the solution if you want to have a very detailed machine-learning artificial intelligence. However, for certain production licenses, you need to prepare. It is open to different configurations and can just fit according to your requirements. This is one of the solution's good parts. 

I sell Elastic Security to my customers. Almost all my customers use the free version, but some use the enterprise version.

I like that it's a SIEM platform. I like that I can sell Elastic Security quickly. Elastic Security has a large community that can support users.

It would be better if Elastic Security had less storage for data. My customers do not like this. Other vendors have local support in different countries, but Elastic Security doesn't. I would like to have Operational Technology (OT) Security in the next release.

I have been working with this Elastic Security for about ten months.

Elastic Security is a stable solution. It's the most stable solution I have ever seen.

The initial setup is straightforward. Anyone who knows the basic features can implement this product. Elastic Security has a large community that can support users.

We implement this solution for our customers. We present and demonstrate the POC, and we support them. After the implementation, we provide the provisioning service. Deployment time depends on the business size, but it usually takes about 20 days to a month. 

The price is reasonable. It probably costs the same as ArcSight and LogRhythm SIEM. FortiSIEM might cost less than Elastic Security. There are no hidden or additional costs.

This product is better suited for large enterprises. It's one of the best options in the marketplace. I would tell potential users to use all the features because they are already collecting all the logs and data in one place.

On a scale from one to ten, I would give Elastic Security an eight.

We used this solution for gathering our application logs and analyzing application behavior.

This solution assists in tuning our applications.

This is one of the best open-source log management and log analyzer tools in the world.

The documentation for this solution is very important, and more needs to be developed. It was not as good as we expected, and because of that, we prefer to work on commercial solutions such as Splunk or ArcSight. If the documentation were improved and made more clear for beginners, or even professionals, then we would be more attracted to this solution.

As you gather more and more data, and the data continues to grow, I think it is difficult to handle, administer, and perform declustering.

I would like to see support for machine learning, where it can make predictions based on the data that it has learned from our environment.

In terms of stability, we have had many problems when dealing with big data.

There are six people who use this solution in our company.

I do not use the commercial version so I cannot comment on technical support. The open-source community is very important for this solution.

We used Splunk in parallel with this solution.

In my role as a Security Operations Center Analyst, I think that Splunk is more useful for me. This is because I do not work on analyzing application behavior. However, I help my colleagues with this task, using ELK Logstash, based on my experience with Splunk.

The initial setup of this solution was complex.

We have an enterprise structure and we cannot just install this solution, Logstash, and Kibana (the data visualization plugin for this solution), to have a good experience. For example, we had to set up the SQL database.

We now have nine Elasticsearch nodes in the company that all work together in a cluster. It is not simple, but rather, an enterprise structure.

We use the open-source version, so there is no charge for this solution.

The solution does not work as well as Splunk.

Our company uses Logstash for gathering the data, and Kibana for searching. The two are used together.

This is a solution that I recommend. It is the best open-source product for people working in SO, managing and analyzing logs.

I would rate this solution an eight out of ten.