Elastic Security Reviews

We are using ELK Logstash for application log management and fault detection.

The feature that we have found the most valuable is scalability. 

The process of designing dashboards is a little cumbersome in Kibana. Unless you are an expert, you will not be able to use it. The process should be pretty straightforward. 

The authentication feature is what we are looking for. We would love to have a central authentication system in the open-source edition without the need for a license or an enterprise license. If they can give at least a simple authentication system within a company. In a large organization, authentication is very essential for security because logs can contain a lot of confidential data. Therefore, an authentication feature for who accesses it should be there.

We have been using ELK Logstash for nearly three years.

It's quite stable. We have not seen it going down at all for the last three years. It's working well consistently.

Scalability is very good. 

We have not taken the technical support at all, so we have been supporting ourselves. We are using the open-source edition, and we are supporting ourselves.

The initial setup was very straightforward for us because we are a software development company. We understand how to compile the source code. We can compile the source code, and we can deploy it. It was pretty straightforward for us.

You should know this solution pretty well. You need to be clear beforehand for what you are going to use this product. This is not something that you can use generally for anything and everything. You should be really clear in terms of your requirements.

I would rate ELK Logstash a nine out of ten. 

We want to track and to respond to our security incidents. That's the main reason we use it, to analyze and see like what all the incidents that are happening. We also deploy it for some of our clients.

The most valuable features are the speed, detail, and visualization. It has the latest standards.

In the case of DNS traffic or identification logs, you can actually use it on nondiscrimination laws. It has a good speed in which we can analyze the logs and the net flow.

The signature security needs improvement. 

If you compare this with CrowdStrike or Carbon Black, they can improve. 

I have been using Elastic SIEM for one year. 

It is stable.

Scaling is not a problem. Most of these products are cloud-native so we were able to scale it easily.

We are to implement it for smaller, medium, and bigger clients. I have done a few implementations with small and medium businesses and I've done a couple on the bigger side with bigger clients and we don't see much of a difference, but one of them can move down the fabric. With smaller and medium-sized businesses there is only one point of contact whereas with larger businesses there is a whole team that gets involved. 

There were a couple of instances where we were in touch with the Elastic support team. The DevOps team was primarily in touch with them. We were able to close all of the issues. There We didn't need to continuously have calls with support. We were able to close it on all forums.

Because I come from a technical background, I find the setup to be easy. It would also be easy for admins, like a manager or somebody who is on DevOps. But somebody without a background could find it complex. Overall, if you asked me to describe it is easy.

If we have to customizations, we can close it in a week's time, max, okay. So as he said to whatever that is, they're magnificent customizations that they want to do and internally what they want. But if we want to add certain rules or connection with the rules. 

I have expertise with Dell and I moved from it to Elastic because I had different projects and this was a natural extension. 

You have to decide to what level you're trying to go. Is it an SMB or larger enterprise? Because if it is a bigger enterprise there might be a lot of other cybersecurity products that are already installed on their premises. You need to check the compatibility and how it's going to integrate. 

Make sure it is easy to use and check to see what level you want to track. If there are incidents like unknown IPs and if you look at the logs and find there is no harm in the IPs there will be scrutiny on the endpoints. 

Consider what kind of team you're going to have and what their ability is to customize things, to connect to different logs. They should look at the operation and see how to customize it and connect it.  

Finally, consider your budget and how much you want to spend. 

I would rate it an eight out of ten. It is evolving every day on the security front but there are still certain areas that can be improved more.

In the next release, I'd like to see more improvements so that we can do more automation and have more automatic responses. That would be more helpful so that we don't have to delay the manual sources.

Elastic SIEM is used to monitor and deal with system log files.

The best part about this solution is that it is open-source and free to use.

The performance is good and it is faster than IBM QRadar.

The interface could be more user friendly because it is sometimes hard to deal with.

The initial setup can be made easier.

I have been using Elastic SIEM for six months.

I am satisfied with the stability of Elastic SIEM.

There is no technical support for the open-source, free version.

I have used other SIEM solutions but this one is open-source, unlike some of the others.

It is also faster than IBM QRadar.

The initial setup is complex and it is not easy to deploy.

It is also possible to have a cloud-based deployment.

There is no charge for using the open-source version.

This solution is complex and cannot be used by just anybody. That said, for people who don't want to buy a product or who want to do everything themselves, I would recommend it. The real problem is that its complexity means that it takes a lot of time to set up and learn to use. There is a lot of configuration and hard work.

I would rate this solution an eight out of ten.

We use Elastic SIEM for security and analytics.

The most valuable feature is the machine learning capability.

This solution is very hard to implement. It is not a simple product but rather, it has many features and we need to understand all of them. For example, there is the analytics, the parser, and the visualizer, and setting them all up is a little bit complex.

In the next release of this product, I would like to see SOAR automation features, similar to what Splunk Phantom has.

We are conducting a PoC with Elastic SIEM and I have about two months of experience with it.

The deployment is stable, although they are evolving very fast. They frequently update everything.

We are using Elastic SIEM on a daily basis, even during holidays.

I would say that it is scalable.

The technical support is good.

The initial setup is quite complex. Starting from the point where we were collecting the data, the deployment probably took about a month. However, simply installing the applications only takes a few days.

We have an engineer in the company who handled the deployment. So far, things have been good.

My advice to anybody who is implementing Elastic SIEM is to understand how the data works first. It is really different from other types of products.

Overall, the product is very stable and it is well-liked. I think that everybody should consider using it.

I would rate this solution an eight out of ten.

We use Logstash to retrieve data from our servers, from different sources, to our Elastic Stack. There, Elastic Search allows us to search it, and we can visualize the data with Kibana.

I use the stack every morning to check the errors and it's just so clear. I don't see any disadvantage to using Logstash.

Our system architect has noticed a slowdown of the solution, but I don't see a slowdown.

One thing they could add is a quick step to enable users who don't have a solid background to build a dashboard and quickly search, without difficulty.

We have been using Elastic Stack for about three years.

The solution is stable. We also monitor the Elastic Stack health and it's been a while since we have had an issue. The stability doesn't cause any problems. It's good. We haven't had any major issues.

For now, we haven't had any problems. I'm just a user. I'm not the one responsible for the total solution. I use Kibana for the dashboard to detect any errors in our servers.

But for the future, perhaps we will need to scale our solution because we deploy new components and we implement new servers on Azure. 

The solution is maintained by dedicated architects who provide us with a solid platform. There is no direct support from Elastic Stack. We don't have any issue or any problem which requires support.

I'm a system engineer. The architects who set up these solutions did it before I worked here.

I learned how to use it by doing searches and finding information about it.  I learned to use it very quickly. The documentation is very simple to use, as long as you have some technical background in computers.

Elastic Stack is an open-source tool. You don't have to pay anything for the components.

Think carefully about how you will build the solution so that it is a high-availability solution. That is the trick when using Elastic Stack. Examine what your needs are.

I would rate Logstash at eight out of 10. I think the solution is really complete, with the components it has. It is a good solution. 

The primary use case of this solution is for IT monitoring, predictive maintenance, and anomaly detection.

It's simple and easy to use.

This solution cannot do predictive maintenance, so we have to build our own modules for doing it.

It doesn't do advanced analytics. They should have some advance analytics in this solution.

With Kibana, we wanted it to be easier to use. The data visualization is there but it should be easier to use.

Also, they should start proving APIs for doing ML and AI.

I have been using this solution for two months.

This solution is stable and so far, we have had no issues.

The scalability is very good. We are running it on an eight-node machine so far, and with eight nodes we have had no issues.

We haven't contacted support. They do have the support and we have spoken with them over email. We might need their assistance next month.

Anyone who wants to do IT log monitoring, realtime and who wants to do the anomaly detection, should go with this solution.

So far from what we have seen, I would rate this solution a nine out of ten.

The primary use cases are for infrastructure monitoring networks, security analytics, and SIEM.

We are evaluating it for business analytics as well.

The feature that I have found most valuable is the infrastructure monitoring part because it is quite easy. If you want to get up and running, we could create use cases in four to five days. So the initial infrastructure for simple analytics is quite easy.

ELK Logstash is easy and fast, at least for the initial setup with the out of box uses. I'm not talking about advanced use cases, but the basic ones are quite easy to configure.

In terms of what could be improved with Elastic, in some use cases, especially on the advanced level, they are not ready-made, so you'll have to write some scripts. This is the case, especially with a trade. If you are comparing it with a SIEM tool, you don't have ready-made use cases.

I would say that to have a better place in the market they should have more built-in use cases so that rather than people creating them, the prime uses had inbuilt use cases. It could even include more templates or automation.

I have been using this solution almost 10 - 11 months.

In terms of stability, as a starting point with simple use cases, it's quite easy and fast to deploy.

In terms of assessing its scalability, we have not gone with a very huge amount of data yet so it is early to comment on that. We started with three node architecture and I think slowly we'll scale up.

It is suitable for small to large businesses. We have started small but we plan to scale it up.

Currently, we are using the solution between 16 and 24 hours a day, 7 days a week for live monitoring.

We have been in touch with support and raised tickets a couple of times, especially when we get stuck with respect to some advanced level issues.

Sometimes the reply has been quite fast and sometimes it has taken maybe 24 to 48 hours. They could definitely improve a bit on their support.

We have done both setups, on-premise as well as on AWS.

The installation is quite okay. We have done three or four installations and it's fine. We have deployed on Windows as well as on Linux platforms.

I don't get involved in the installation, but I have a small team who does it and based on their experience, we have installed in one day.

The installation of full-frame solutions is quite smooth.

We implement it ourselves in-house. We have a technical team that does it. We can refer to blogs in case we get stuck, but so far it's been smooth.

If you have a basically knowledgeable person, even without a lot of experience, as we had on our team, people with only two months' experience, they have been able to do it quite well in a day or two.

Until now, we have not evaluated the Elastic cloud version, which is the fast kind of solution. But we have deployed the on-premise as well as the AWS options.

Based on my experience, it's quite easy and manageable with small scale implementations, and the time to market is quite fast. I can have good monitoring with a couple of use cases set up in less than four weeks.

In terms of other advice, it depends what I am looking for. Am I looking at this as a platform or for a specific use case? If I see it as a platform, I would definitely say it's a good platform to work on. In that case, I would rate it an eight on a scale of one to ten.

The primary use of this solution is to gather authentication information and use it to determine which identity provider is breaking on which service provider. We store it as anonymized session information for each user.

The most valuable feature is the ability to collect authentication information from service providers.

Configuring the server is difficult and can be improved.

I would like to have a high availability set up that is easy to configure. Anything that supports high availability or ease of deployment in a highly available environment would help to improve this solution.

I had been using Logstash for about three years. I am no longer using it but the people that I used to work with are.

We did not have any issues in terms of stability or performance.

Scalability was not a problem for us.

We did not have to contact technical support.

The initial setup is pretty straightforward.

Our deployment took quite some time but it was not because of Logstash issues. It was a more complex situation because we didn't have access to all of the nodes that we wanted to forward. So, it took between 10 and 15 months to deploy, although it was for administrative reasons as opposed to technical ones.

I had my own team for working with this solution but it was not for a single company. Our team was associated with a European partner and it was distributed around European cities.

My advice for anybody who is implementing this system is to set it up so that you can manage it remotely.

Overall, this product does what it is supposed to do, although there is always room for improvement.

I would rate this solution a nine out of ten.