Elastic Security Reviews

My customers use Elastic Security for security monitoring, threat hunting, and threat identification.

What customers found most valuable in Elastic Security feature-wise is the search capability, in particular, the way of writing the search query and the speed of searching for results.

An area for improvement in Elastic Security is the pricing. It could be better. Right now, when you increase the volume of logs to be collected, the price also increases a lot.

I've been working with Elastic Security for four to five years now.

Elastic Security is a stable solution.

In terms of scalability, Elastic Security is pretty scalable.

I haven't escalated any issues with the Elastic Security technical support team.

In comparison with other similar solutions in the market, customers go with Elastic Security because of its scalability and its good performance. The solution has a good search feature, especially when a large volume of logs needs to be collected. Elastic Security also gives you pretty good results compared to other solutions.

The initial setup for Elastic Security is quite straightforward. For the cloud version of the solution, it's easy because it requires no installation. If you're setting up the on-premises version of Elastic Security, then it would take around three to four days to complete.

The licensing cost of Elastic Security is based on the daily ingestion rate. I can't recall the exact figure, but for 10GB of log action daily, it would cost around $20,000.

I've had customers for Elastic Security in the last twelve months.

Elastic Security requires maintenance, especially in a scaled-up environment, because you have multiple machines that work in a cluster environment, so you'll need some advanced skills to maintain that cluster. The solution becomes harder to maintain once it's scaled up.

Elastic Security is a pretty straightforward solution I'd recommend to others, though you'd need a person who'll pick up the query or search language because Elastic Security requires a lot of query language, so you can search for data on it. There's a special search query pattern you have to remember before you can do the search or for you to do a better search. You can always do a normal search on Elastic Security, but if you want to have better search results or more accurate results, you need to learn the query language first.

My rating for Elastic Security is eight out of ten because of its good performance and scalability. Its good search feature is very important for the use cases of my customers, but I deducted two points because the pricing for Elastic Security could still be improved.

My clients use this solution for security purposes and SIEM and log management.

The most valuable features of the solution are the prevention methods and the incident alerts. 

There is room for improvement in the Kibana dashboard and in the asset management for the program.

I've been working with Elastic Security for almost two years now.

The solution is stable if you don't touch it too much. Meaning, it's technically stable, but if there is a period of downtime, you will face quite a big hiccup in getting it running again and stabilized.

The scalability of Elastic is amazing. 

I would say the technical support isn't really good or bad. On a scale of one to ten, I would give it a five. 

Neutral

The setup can sometimes be quite complex for the backend team. It all depends on the client's environment, so we have to be flexible.

My company provides a team for deployment, which usually consists of at least three or four engineers. Deployment generally takes six months to one year.

I would say that, on average, a good ROI can be seen within one and a half to two years after deploying Elastic Security. 

Licensing for the solution is available as a one-year or three-year plan, and all of the features are included.

I would rate this solution as a seven out of ten.

Elastic is straightforward, easy to integrate, and highly customizable.  

The Integration module could be improved. It is a pain to build integration with any product. We have to do parking and so on. It's not like other commercial solutions that use profile integration. I would also see more detection features on the SIEM side.

Elastic is easily scalable.

Elastic support is good.

Elastic's initial setup is quite straightforward. 

Elastic is still priced far less than other commercial products. 

I rate Elastic SIEM eight out of 10. Elastic is easy, lightweight, and highly scalable, but you need to be skilled at scripting to use it. If you're going to use the product, you need to ensure your engineers have the scripting ability. 

My primary use case is to check market prices.

The main benefit of using this solution is that it improves your speed as you don't have to waste time searching for answers.

The most valuable feature is the search function, which allows me to go directly to the target to see the specific line a customer is searching for.

The price of this product could be improved, especially the additional costs. I would also like to see better-quality graphics.

I have found some bugs, but overall the stability is fine.

The scalability is fine.

Technical support is good, they're able to answer all of our questions.

The initial setup wasn't difficult, but that varies depending on the number of servers you have.

This tool is affordable, and its price is ok.

I would rate this solution eight out of ten.

The solution does not have a UI and this is one of the reasons we are looking for another solution.

When setting up some of the pipelines we are receiving different types of log messages with different patterns. When I try to force a certain pattern I need to restart the solution causing a huge inconvenience for us.

I have been using the solution for one year.

The solution is not stable.

We have approximately 15 users using the solution in my organization.

When doing the installation, the ELK is working well but sometimes when we search for specific words there is no longer any inception throughout. This issue has been difficult to debug or fix.

The index is very important when using this solution. We encountered a couple of issues when we set up the wrong index, it causes everything to go down. That means if we set up something incorrectly with the index, the solution will be down and we do not know why.

The solution is free.

We are currently evaluating other solutions to replace this one, such as Datadogs and New Relic. Datadog has a UI that this solution is lacking.

I would not recommend this solution.

I rate ELK Logstash a five out of ten.

In general, the solution is working together with Open Shift's deployment for the continuous delivery of many projects. This product takes the metrics and checks the log for components that Open Shift deploys. We work with the observation team that monitors the entire company to understand what can be observed and analyzed. 

The solution is able to handle searches quickly and efficiently. It's much faster than other solutions we've tried. It spends far less time on searches related to capacity and indexing information.

The possibility to stack, locate, and search with your indexing feature at a high rate of speed is its best feature. 

It helps that the solution can work together with the infrastructure agents to get the metrics we need. 

The integration is quite good.

The initial setup is not difficult. It's easy to set up and customize. It's a strong selling point for the solution. 

It's easy to collect the data.

The documentation is big. It's very well documented.

It's working and easy to work with.

The cost is reasonable. It's not overly pricey.

This type of monitoring is not very mature just yet. We need more real-time information in a way that's easier to manage.

We need to be able to monitor from any location in the world and any location in the company. We find that solutions such as Dynatrace and Datadog offer much more functionality, perhaps due to the fact that they are more mature.

The solution needs to integrate more AI capabilities, specifically to assist in anomaly detection.

The instrumentation of APM can be enhanced; can be better. It's not automated. It's a very manual process. This ends up being more costly for us. Dynatrace and Datadog are better in this area.

The support on offer could be much better.

I've been using the solution for the last six months at this point. It hasn't been an extremely long amount of time just yet.

The stability has been pretty good. It's reliable. There aren't bugs or glitches. it doesn't crash or freeze. I'd describe it as 95% stable overall.

We haven't really done any scaling. We only have had an environment with a small cluster on-premises and we can't really test it for scalability. We have no more than four servers for the platform and never really needed to expand anything.

The solution may be used by around 1,000 people in our organization.

Technical support could be a lot better. They should offer online chat functionality so that we can get answers to questions right away. It would make troubleshooting a lot faster and less cumbersome.

We've had some troubles, and when we do, we need to open a ticket to get it resolved, which takes some time.

That said, it does offer very good documentation and their knowledge is very good when you do interact with them.

The initial setup is easy. It's not complex or difficult. It's pretty straightforward.

It's very easy to set everything up and configure it on-premises.

The deployment only took an hour or two. We only deployed to one environment. It was pretty fast.

The cost is pretty low. It is not open-source, however.

We are just customers and end-users.

I would advise others to use this solution. It's relatively low cost and the implementation is quick, giving you results faster. 

I would rate the solution at an eight out of ten overall.

ELK Stack is made up of Elasticsearch, Logstash, and Kibana. What we have is considered modified ELK Stack where instead of the Logstash we use Fluentd, but it serves the same purpose as basically a pipe to get the data into the Elasticsearch.

We primarily use the solution for everything you could think of from error detection to general logging and auditing, to security awareness.

Recently I started using some Kibana alerting, which is in the latest versions of Kibana. It's very helpful in general.

You can't beat the price as it is basically free. There are also a lot of features on offer.

We've found the initial setup to be quite straightforward.

The stability is excellent.

Sometimes, the solution isn't the easiest to use.

The solution probably doesn't have all of the advanced machine learning like some other SIEM providers have right now. It's something that could be improved upon.

I've been using the solution for three or four years at this point. It's been a while.

The stability of the solution has been excellent. There are no bugs or glitches. It doesn't crash or freeze. The reliability is very high.

I have no reason to believe this solution wouldn't scale well if a company needed it to. I see no limitations there.

That said, that's a speculative area for us right now. We haven't attempted to scale the product ourselves.

Obviously, Elasticsearch has to do all of its indexing upfront and that might be a scaling concern whereas something like Devo with its just-in-time indexing is pretty darned interesting.

On our end, mostly development staff and operations staff are using it right now. For our organization, everything is going to increase. We're just starting to ramp up usage now.

I've never dealt with technical support. I can't speak to how helpful or responsive they are.

The initial setup is not overly complex. It's pretty straightforward. A company shouldn't have any issues with the implementation process overall. Everything in AWS has gotten pretty straightforward.

The maintenance of the solution is minimal. It would only take one person to maintain it.

The price of the product is very good, as it is largely free. There isn't any operating cost. It's basically free software. I'm not aware of any enterprise versions that would cost more. Everything is an AWS service.

We're just customers and end-users. We don't have a business relationship with the company.

We're using the latest version of the solution.

The product in general has come very far. It's gotten a lot better over the years.

I'd recommend the solution to other organizations. I'd advise anyone to try it out.

Overall, I would rate it at an eight out of ten. We've largely been very pleased with the product.

We use this solution for the Microsoft deployment of auto-management.

I like the indexing of the logs.

I have been using ELK Logstash for one year.

This product is quite stable and I've not seen any type of issue with it so far.

With respect to scalability, you have to properly plan. Generally, I don't see any issues with scalability.

We have not used technical support because we always had talent within the company for end-user support.

This was a solution that our client chose, and they were not using a different one prior to this.

I do not think that we had any issues with the deployment. Overall, I would say that the process is of medium complexity.

The support team assisted us with the deployment. I don't think that we had any issues with the team.

Compared to other products such as Dynatrace, this is one of the cheaper options.

Our client provided us with this option after they had already been through a selection process.

My advice is that this is a good product to use if you are financially contained, and you want to start with something small. Later, if you need to scale then you can look at other options.

I would rate this solution an eight out of ten.