Elastic Security Reviews

We primarily use the solution for endpoint protection.

The best feature would be the threat hunting and its AI chat-related queries. It's simple. You can just chat with the system so it can get you the report based on a chat rather than going through a configuration. It's got a built-in artificial solution, a chatbot.

The interface of the solution is good.

The solution could offer better reporting features.

The stability of the solution is good.

We use a Linux box. And it's a hardened VM so you don't have to worry about any kind of batches, etc. You just deploy and start using, and it's quite stable and hasn't broken down on us at all.

In terms of scalability, you just need to keep increasing your endpoint licenses. That's the only thing. It's as easy as getting a new license updated and then you can start deploying it to the new endpoints. Right now, we have around 500 end users. We have a buffer of 1,000, so we can add about 400 more endpoints, so we are ready to grow if we need to. I don't know if we'll extend beyond that.

We didn't previously use a different solution.

The initial setup is straightforward. Deployment can take up to four days.

We used a reseller to assist us with the deployment. Our experience with them was positive.

We pay a yearly licensing fee.

I'd advise others to definitely do a POC, and have a plan for at least a couple of months, to see the benefits of it and then decide if it's the right solution for them.

You would need some kind of technical knowhow, not on the product, but on the kinds of incidents which you could face. You need some hands-on knowledge.

I'd rate the solution eight out of ten. The solution is effective. They even offer Mac versions now.

We are a service provider, and use this solution to work with our customers.

We use this solution for collecting firewall logs and then supplying them to the log analyzer.

We are running Fortinet FortiGate for our firewall, and these are the logs that we are analyzing. Normally, we have a problem with the visualization part.

This solution helps us because we can find all of the logs in one place. We can easily find a specific log in a specific time period.

The visualization is very good.

There are connectors to gather logs for Windows PCs and Linux PCs, but if we have to get the logs from Syslog then we have to do it manually, and this should be automated.

It would be good if I could get technical support for specific devices. I think that Windows should have some specific connectors. When we implemented a new product, we had to create it manually.

The stability of this solution is fine.

This solution is scalable.

We have approximately two hundred users and we do not plan to increase usage at this time.

We had not contacted technical support for this solution.

We have used other SIEM solutions in our company.

On week is enough for the deployment.

We performed the integration ourselves.

We are using the free, open-source version of this solution.

We did not evaluate other options before choosing this solution.

We are interested in learning more about plugins for specific firewalls or other products.

The only problem with this solution is the development part, where we have to do it manually.

I would rate this solution a six out of ten.

We used this solution for gathering our application logs and analyzing application behavior.

This solution assists in tuning our applications.

This is one of the best open-source log management and log analyzer tools in the world.

The documentation for this solution is very important, and more needs to be developed. It was not as good as we expected, and because of that, we prefer to work on commercial solutions such as Splunk or ArcSight. If the documentation were improved and made more clear for beginners, or even professionals, then we would be more attracted to this solution.

As you gather more and more data, and the data continues to grow, I think it is difficult to handle, administer, and perform declustering.

I would like to see support for machine learning, where it can make predictions based on the data that it has learned from our environment.

In terms of stability, we have had many problems when dealing with big data.

There are six people who use this solution in our company.

I do not use the commercial version so I cannot comment on technical support. The open-source community is very important for this solution.

We used Splunk in parallel with this solution.

In my role as a Security Operations Center Analyst, I think that Splunk is more useful for me. This is because I do not work on analyzing application behavior. However, I help my colleagues with this task, using ELK Logstash, based on my experience with Splunk.

The initial setup of this solution was complex.

We have an enterprise structure and we cannot just install this solution, Logstash, and Kibana (the data visualization plugin for this solution), to have a good experience. For example, we had to set up the SQL database.

We now have nine Elasticsearch nodes in the company that all work together in a cluster. It is not simple, but rather, an enterprise structure.

We use the open-source version, so there is no charge for this solution.

The solution does not work as well as Splunk.

Our company uses Logstash for gathering the data, and Kibana for searching. The two are used together.

This is a solution that I recommend. It is the best open-source product for people working in SO, managing and analyzing logs.

I would rate this solution an eight out of ten.

The intelligence of the system has been very impressive. It's not quite AI, but the technical bit where it correlates information, based on the attacks within an organization is good. The intelligence bit that it gathers from within itself is really good. It's pretty accurate and gives you good details to create an intelligence report and present that to your C-level management. 

I think user interface could be improved. They should introduce a hybrid model, because for now, Endgame is purely on premises. They do not have a full-blown model. They don't market themselves that way, which is why customers lose out on a lot of information. They don't know if the product is worth the trial or not because it's an organization that is going completely in the direction of digital transformation on the cloud and then Endgame's automatically removed as an option for them. They wouldn't even know Endgame goes on the cloud, because the company does not market it. 

The solution could also use better dashboards. They need to be more graphical, more matrix-like.

The solution is pretty stable.

I don't think I can comment on the scalability, because it wasn't in my use case. I was the only primary user; I was testing it because I was testing it against a competitor.

I haven't had to reach out to technical support.

The initial setup was a little complex.

We used a deployment consultant, but I installed it on my own.

It works well offline. It works on the cloud as well, but I doubt that it has 100% capability as it does on-premise. There's a difference. Endgame works very well when it's not connected to the internet as well. For example, if it's installed on a computer and the person's out on the road, it's still going to protect. Go through a good assessment of the Endpoint from an Endpoint security assessment methodology perspective.

I would rate this solution 7.5 out of 10 because I know of a solution that does better.

Documentation is very good, so implementation is fine.

Email notification should be done the same way as Logentries does it. Because of the notification issue we moved to Logentries, as it provides a simple way to get notification whenever a server encounters an error or something unexpected happens (which we have defined using Regex).

We set up a cron job to delete old logs so that we wouldn't hit a disk space issue. Such a feature should be available in the UI, where old logs can be deleted automatically. (Don’t know if this feature is already there).

No issues with stability.

Not really, but we did set up a cron job to delete old logs so that we wouldn't hit a disk space issue.

ELK documentation is very good, so never needed to contact technical support.

We used Logentries, but because it is open-source we moved to ELK as a part of cost-cutting strategy and evaluation of ELK. But the lack of a notification feature caused us to go back to Logentries.

Slightly complex, especially when you are configuring machines which are on a separate IP rather than on a single machine. In my case Elasticsearch, Kibana, and Logstash were on different machines. Along with that, we added a proxy server (nginx) ahead of the Kibana server. We used the proxy server for user authentication so that only known users should be able to access the Kibana dashboard. ELK didn’t have a free version for user authentication and that made us go for the alternative. We have, in total, four machines.

I give it a seven out of 10. They don't provide user authentication and authorisation features (Shield) as a part of their open-source version.

In my previous organization, I used this for central log management, increasing developer productivity.

Elasticsearch Indexing and the Visualize tools of Kibana.

Authentication is not a default in Kibana. We need to have another tool to have authentication and authorization. These two should be part of Kibana.

No issues with stability.

We had issues with scalability. Logstash was not scaling and aggregation was getting delayed. We moved to Fluentd making our stack from ELK to EFK.

We were using the open source version. Community support is good.

Complex. We needed to analyze multiple factors, like benchmarking, performance of Logstash.

I rate it at eight out of 10. It is scalable (if used properly), durable, and performance tested.

If you are good to spend money, Splunk is way better for log management. There might be other use cases where you may need ELK.

Elastic Security is usually used to deliver and analyze logs for security teams. Some common use cases include search and analytics of log data from the system and sending it to other components. We are using features like point security and detection of gathering data.

The most valuable thing is that this solution is widely used for work management and research. It's easy to jump into the security use case with the same technology. Also, it's valuable from an operational point of view as you have the same knowledge of how to operate it, how to work management, search, and security instance.

The important part is that it's free of charge usage. For our use case, it's enough, and it's for a good cost because the basic level of the solution is free.

In terms of improvement, there could be more automation in responding to and evaluating detections. Additionally, there could be some sort of intelligent database checking for better effects. Overall, I think there could be more automation.

I have been using Elastic Security for four years now. When it started because we were working with Endgame before it merged with Elastic.

I rate the stability an eight out of ten because it depends on the design and how well you monitor it.

I would rate the scalability a ten out of ten; it is a very scalable solution. We work with enterprise-level companies.

The customer support is good. You have support from all project stages, beginning with the architecture. And after you roll out the solution, you have dedicated technical staff for the project.

Positive

The initial setup depends on what you were expecting, but since we have experience with it and know what it's good for, it's an eight out of ten. The initial deployment typically takes about a day. Then there's an initial stage of the project to integrate some of the client's specific requirements, which can take additional time depending on the complexity of their environment.

When it comes to maintenance, it depends on the project, and sometimes one person can support all roles.

Usually, it's enough to have one engineer with deep technical knowledge of the operating system and the deployment and configuration of the system. The other role is an analytical role with project management and coordination skills to communicate with customers and drive delivery.

We implement Elastic Security in our customer's environment. We are like a consulting company. Depending on their preference, the initial deployment could be on their internal cloud, on-premises, or on hardware visualization. The advantage of this solution is that it can be deployed anywhere, including public clouds, private clouds, on-premises, bare metal, and even on Kubernetes.

The deployment takes a few days, and in the initial stage of projects, it could take two months with some integrations to the system, setting some rules, and so on. But it also depends on our customers and how familiar they are with it and what they want.

Usually, we start with a small installation with a bit fewer sources, install the initial setup, and gather information from selected systems such as legacy systems, infrastructure systems, custom applications, and so on running in the customer environment. Then we show how our solution behaves, how it grows, and what is the expected volume of data. We plan the next iterations to extend the hardware deployment. As users start using the platform and become familiar with it, they can set their requirements for implementing iterations. Then we shape the infrastructure and implement some rules, detections, machine learning, and other features.

We prefer to move forward very fast with no big analytics because customers usually don't know what is happening in their systems, and with this approach, we are showing them what they need to focus on.

I would say you don't spend too much time evaluating and comparing it with other products. Just start with it because you can begin for free and gain knowledge. It's the best approach.

It's also a good idea to run it next to other solutions, like Splunk or QRadar, or something else, and compare how you can use this platform. We have also done some migration projects from these platforms to Elastic Security. Initially, some expectations were that it could not be as good for the price because it's free or cheaper, but surprisingly, we found it valuable and easy to use.

Overall, I rate it a seven out of ten because some features are still missing. However, it's a developing platform and technology that is a good investment for the future. Every release adds new features, and the platform fits future requests and changing IT landscapes, like cloud environments. There are no limits, and it's an open platform that can serve all needs.

Our use case for Elastic Security is for log management and security information for the management team.

The most valuable feature is the scalability. We are in Indonesia, more engineers understand Elastic Security here. So it is easier to scale and also develop. In features, the discovery to query all the logs is very important to us. It is very easy, especially with the query function and the feature to generate alerts and create tools. Sometimes we use the alert security dashboard to monitor our clients.

I think because we are a cybersecurity company, the thing that can be improved is the prebuilt tools, especially quality. Compared to its competitor, they still have fewer prebuilt security rules. Elastic Security, in terms of generating alerts, cannot group the same products into one another. Even though the alerts are the same, they still generate them one by one. So, it is very noisy in our dashboard. I would like the Elastic Security admin to group all the same alarms into one alarm so that our dashboard is not noisy.

I have been working with Elastic Security for around one or two years in my current company.

I would rate the stability of the solution a seven out of ten and there are a lot of glitches. 

Elastic Security has very good scalability.

I have had no direct communication with the support team but my technical team says that they are not helpful. 

Neutral

The setup process is very complex if you are new to it. But if you already understand how Elastic Security works and how the architect works, I think it is quite simple.

The pricing is in the middle. I think it is not an expensive experience if we compare it with big names, for example, QRadar, and also Oxide. I think Elastic Security is quite cheap. I would rate the pricing of this solution a five out of ten. 

I think they are doing a pretty good job in terms of the user interface and also the user experience. I think in terms of the basic features and also the user experience, it is enough for us to support our daily operations.

Overall, I would rate the solution a seven out of ten.