IT Central Station is now PeerSpot: Here's why

Elastic Security OverviewUNIXBusinessApplication

Elastic Security is #5 ranked solution in top Security Information and Event Management (SIEM) tools, #7 ranked solution in Log Management Software, and #8 ranked solution in EDR tools. PeerSpot users give Elastic Security an average rating of 8 out of 10. Elastic Security is most commonly compared to Splunk: Elastic Security vs Splunk. Elastic Security is popular among the large enterprise segment, accounting for 61% of users researching this solution on PeerSpot. The top industry researching this solution are professionals from a computer software company, accounting for 22% of all views.
Elastic Security Buyer's Guide

Download the Elastic Security Buyer's Guide including reviews and more. Updated: July 2022

What is Elastic Security?
Unify SIEM, endpoint security, and cloud security
Elastic Security modernizes security operations — enabling analytics across years of data, automating key processes, and bringing native endpoint security to every host.
Elastic Security equips teams to prevent, detect, and respond to threats at cloud speed and scale — securing business operations with a unified, open platform.

Elastic Security was previously known as Elastic SIEM, ELK Logstash.

Elastic Security Customers

Texas A&M, U.S. Air Force, NuScale Power, Martin's Point Health Care

Elastic Security Video

Archived Elastic Security Reviews (more than two years old)

Filter by:
Filter Reviews
Industry
Loading...
Filter Unavailable
Company Size
Loading...
Filter Unavailable
Job Level
Loading...
Filter Unavailable
Rating
Loading...
Filter Unavailable
Considered
Loading...
Filter Unavailable
Order by:
Loading...
  • Date
  • Highest Rating
  • Lowest Rating
  • Review Length
Search:
Showingreviews based on the current filters. Reset all filters
Director of Engineering at a tech services company with 201-500 employees
Real User
Continuously evolving on the security front and it has good speed, detail, and visualization
Pros and Cons
  • "The most valuable features are the speed, detail, and visualization. It has the latest standards."
  • "If you compare this with CrowdStrike or Carbon Black, they can improve."

What is our primary use case?

We want to track and to respond to our security incidents. That's the main reason we use it, to analyze and see like what all the incidents that are happening. We also deploy it for some of our clients.

What is most valuable?

The most valuable features are the speed, detail, and visualization. It has the latest standards. In the case of DNS traffic or identification logs, you can actually use it on nondiscrimination laws. It has a good speed in which we can analyze the logs and the net flow.

What needs improvement?

The signature security needs improvement.  If you compare this with CrowdStrike or Carbon Black, they can improve. 

For how long have I used the solution?

I have been using Elastic SIEM for one year. 
Buyer's Guide
Elastic Security
July 2022
Learn what your peers think about Elastic Security. Get advice and tips from experienced pros sharing their opinions. Updated: July 2022.
610,518 professionals have used our research since 2012.

What do I think about the stability of the solution?

It is stable.

What do I think about the scalability of the solution?

Scaling is not a problem. Most of these products are cloud-native so we were able to scale it easily. We are to implement it for smaller, medium, and bigger clients. I have done a few implementations with small and medium businesses and I've done a couple on the bigger side with bigger clients and we don't see much of a difference, but one of them can move down the fabric. With smaller and medium-sized businesses there is only one point of contact whereas with larger businesses there is a whole team that gets involved. 

How are customer service and support?

There were a couple of instances where we were in touch with the Elastic support team. The DevOps team was primarily in touch with them. We were able to close all of the issues. There We didn't need to continuously have calls with support. We were able to close it on all forums.

How was the initial setup?

Because I come from a technical background, I find the setup to be easy. It would also be easy for admins, like a manager or somebody who is on DevOps. But somebody without a background could find it complex. Overall, if you asked me to describe it is easy. If we have to customizations, we can close it in a week's time, max, okay. So as he said to whatever that is, they're magnificent customizations that they want to do and internally what they want. But if we want to add certain rules or connection with the rules. 

Which other solutions did I evaluate?

I have expertise with Dell and I moved from it to Elastic because I had different projects and this was a natural extension. 

What other advice do I have?

You have to decide to what level you're trying to go. Is it an SMB or larger enterprise? Because if it is a bigger enterprise there might be a lot of other cybersecurity products that are already installed on their premises. You need to check the compatibility and how it's going to integrate.  Make sure it is easy to use and check to see what level you want to track. If there are incidents like unknown IPs and if you look at the logs and find there is no harm in the IPs there will be scrutiny on the endpoints.  Consider what kind of team you're going to have and what their ability is to customize things, to connect to different logs. They should look at the operation and see how to customize it and connect it.   Finally, consider your budget and how much you want to spend.  I would rate it an eight out of ten. It is evolving every day on the security front but there are still certain areas that can be improved more. In the next release, I'd like to see more improvements so that we can do more automation and have more automatic responses. That would be more helpful so that we don't have to delay the manual sources.

Which deployment model are you using for this solution?

Hybrid Cloud
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Cyber Security Consultant at a tech services company with 51-200 employees
Real User
A cost-effective solution with good performance
Pros and Cons
  • "The performance is good and it is faster than IBM QRadar."
  • "The interface could be more user friendly because it is sometimes hard to deal with."

What is our primary use case?

Elastic SIEM is used to monitor and deal with system log files.

What is most valuable?

The best part about this solution is that it is open-source and free to use.

The performance is good and it is faster than IBM QRadar.

What needs improvement?

The interface could be more user friendly because it is sometimes hard to deal with.

The initial setup can be made easier.

For how long have I used the solution?

I have been using Elastic SIEM for six months.

What do I think about the stability of the solution?

I am satisfied with the stability of Elastic SIEM.

How are customer service and technical support?

There is no technical support for the open-source, free version.

Which solution did I use previously and why did I switch?

I have used other SIEM solutions but this one is open-source, unlike some of the others.

It is also faster than IBM QRadar.

How was the initial setup?

The initial setup is complex and it is not easy to deploy.

It is also possible to have a cloud-based deployment.

What's my experience with pricing, setup cost, and licensing?

There is no charge for using the open-source version.

What other advice do I have?

This solution is complex and cannot be used by just anybody. That said, for people who don't want to buy a product or who want to do everything themselves, I would recommend it. The real problem is that its complexity means that it takes a lot of time to set up and learn to use. There is a lot of configuration and hard work.

I would rate this solution an eight out of ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Buyer's Guide
Elastic Security
July 2022
Learn what your peers think about Elastic Security. Get advice and tips from experienced pros sharing their opinions. Updated: July 2022.
610,518 professionals have used our research since 2012.
CEO at a tech services company with 51-200 employees
Real User
Stable, good technical support, and valuable machine learning features
Pros and Cons
  • "The most valuable feature is the machine learning capability."
  • "This solution is very hard to implement."

What is our primary use case?

We use Elastic SIEM for security and analytics.

What is most valuable?

The most valuable feature is the machine learning capability.

What needs improvement?

This solution is very hard to implement. It is not a simple product but rather, it has many features and we need to understand all of them. For example, there is the analytics, the parser, and the visualizer, and setting them all up is a little bit complex.

In the next release of this product, I would like to see SOAR automation features, similar to what Splunk Phantom has.

For how long have I used the solution?

We are conducting a PoC with Elastic SIEM and I have about two months of experience with it.

What do I think about the stability of the solution?

The deployment is stable, although they are evolving very fast. They frequently update everything.

We are using Elastic SIEM on a daily basis, even during holidays.

What do I think about the scalability of the solution?

I would say that it is scalable.

How are customer service and technical support?

The technical support is good.

How was the initial setup?

The initial setup is quite complex. Starting from the point where we were collecting the data, the deployment probably took about a month. However, simply installing the applications only takes a few days.

What about the implementation team?

We have an engineer in the company who handled the deployment. So far, things have been good.

What other advice do I have?

My advice to anybody who is implementing Elastic SIEM is to understand how the data works first. It is really different from other types of products.

Overall, the product is very stable and it is well-liked. I think that everybody should consider using it.

I would rate this solution an eight out of ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
Junior System Engineer at Efficom-lille
Real User
Enables us to retrieve data from various servers and sources so we can detect errors
Pros and Cons
  • "I use the stack every morning to check the errors and it's just so clear. I don't see any disadvantage to using Logstash."
  • "One thing they could add is a quick step to enable users who don't have a solid background to build a dashboard and quickly search, without difficulty."

What is our primary use case?

We use Logstash to retrieve data from our servers, from different sources, to our Elastic Stack. There, Elastic Search allows us to search it, and we can visualize the data with Kibana.

What is most valuable?

I use the stack every morning to check the errors and it's just so clear. I don't see any disadvantage to using Logstash.

What needs improvement?

Our system architect has noticed a slowdown of the solution, but I don't see a slowdown.

One thing they could add is a quick step to enable users who don't have a solid background to build a dashboard and quickly search, without difficulty.

For how long have I used the solution?

We have been using Elastic Stack for about three years.

What do I think about the stability of the solution?

The solution is stable. We also monitor the Elastic Stack health and it's been a while since we have had an issue. The stability doesn't cause any problems. It's good. We haven't had any major issues.

What do I think about the scalability of the solution?

For now, we haven't had any problems. I'm just a user. I'm not the one responsible for the total solution. I use Kibana for the dashboard to detect any errors in our servers.

But for the future, perhaps we will need to scale our solution because we deploy new components and we implement new servers on Azure. 

How are customer service and technical support?

The solution is maintained by dedicated architects who provide us with a solid platform. There is no direct support from Elastic Stack. We don't have any issue or any problem which requires support.

How was the initial setup?

I'm a system engineer. The architects who set up these solutions did it before I worked here.

I learned how to use it by doing searches and finding information about it.  I learned to use it very quickly. The documentation is very simple to use, as long as you have some technical background in computers.

What's my experience with pricing, setup cost, and licensing?

Elastic Stack is an open-source tool. You don't have to pay anything for the components.

What other advice do I have?

Think carefully about how you will build the solution so that it is a high-availability solution. That is the trick when using Elastic Stack. Examine what your needs are.

I would rate Logstash at eight out of 10. I think the solution is really complete, with the components it has. It is a good solution. 

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Senior Manager Analytics at a financial services firm with 501-1,000 employees
Real User
A simple and easy-to-use solution for IT monitoring and anomaly detection
Pros and Cons
  • "It's simple and easy to use."
  • "This solution cannot do predictive maintenance, so we have to build our own modules for doing it."

What is our primary use case?

The primary use case of this solution is for IT monitoring, predictive maintenance, and anomaly detection.

What is most valuable?

It's simple and easy to use.

What needs improvement?

This solution cannot do predictive maintenance, so we have to build our own modules for doing it.

It doesn't do advanced analytics. They should have some advance analytics in this solution.

With Kibana, we wanted it to be easier to use. The data visualization is there but it should be easier to use.

Also, they should start proving APIs for doing ML and AI.

For how long have I used the solution?

I have been using this solution for two months.

What do I think about the stability of the solution?

This solution is stable and so far, we have had no issues.

What do I think about the scalability of the solution?

The scalability is very good. We are running it on an eight-node machine so far, and with eight nodes we have had no issues.

How are customer service and technical support?

We haven't contacted support. They do have the support and we have spoken with them over email. We might need their assistance next month.

What other advice do I have?

Anyone who wants to do IT log monitoring, realtime and who wants to do the anomaly detection, should go with this solution.

So far from what we have seen, I would rate this solution a nine out of ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Associate Delivery Lead at a tech services company with 1,001-5,000 employees
Real User
Fast, easy and offers easy infrastructure monitoring abilities
Pros and Cons
  • "ELK Logstash is easy and fast, at least for the initial setup with the out of box uses."
  • "In terms of what could be improved with Elastic, in some use cases, especially on the advanced level, they are not ready made, so you'll have to write some scripts."

What is our primary use case?

The primary use cases are for infrastructure monitoring networks, security analytics, and SIEM.

We are evaluating it for business analytics as well.

What is most valuable?

The feature that I have found most valuable is the infrastructure monitoring part because it is quite easy. If you want to get up and running, we could create use cases in four to five days. So the initial infrastructure for simple analytics is quite easy.

ELK Logstash is easy and fast, at least for the initial setup with the out of box uses. I'm not talking about advanced use cases, but the basic ones are quite easy to configure.

What needs improvement?

In terms of what could be improved with Elastic, in some use cases, especially on the advanced level, they are not ready-made, so you'll have to write some scripts. This is the case, especially with a trade. If you are comparing it with a SIEM tool, you don't have ready-made use cases.

I would say that to have a better place in the market they should have more built-in use cases so that rather than people creating them, the prime uses had inbuilt use cases. It could even include more templates or automation.

For how long have I used the solution?

I have been using this solution almost 10 - 11 months.

What do I think about the stability of the solution?

In terms of stability, as a starting point with simple use cases, it's quite easy and fast to deploy.

What do I think about the scalability of the solution?

In terms of assessing its scalability, we have not gone with a very huge amount of data yet so it is early to comment on that. We started with three node architecture and I think slowly we'll scale up.

It is suitable for small to large businesses. We have started small but we plan to scale it up.

Currently, we are using the solution between 16 and 24 hours a day, 7 days a week for live monitoring.

How are customer service and technical support?

We have been in touch with support and raised tickets a couple of times, especially when we get stuck with respect to some advanced level issues.

Sometimes the reply has been quite fast and sometimes it has taken maybe 24 to 48 hours. They could definitely improve a bit on their support.

How was the initial setup?

We have done both setups, on-premise as well as on AWS.

The installation is quite okay. We have done three or four installations and it's fine. We have deployed on Windows as well as on Linux platforms.

I don't get involved in the installation, but I have a small team who does it and based on their experience, we have installed in one day.

The installation of full-frame solutions is quite smooth.

What about the implementation team?

We implement it ourselves in-house. We have a technical team that does it. We can refer to blogs in case we get stuck, but so far it's been smooth.

If you have a basically knowledgeable person, even without a lot of experience, as we had on our team, people with only two months' experience, they have been able to do it quite well in a day or two.

Which other solutions did I evaluate?

Until now, we have not evaluated the Elastic cloud version, which is the fast kind of solution. But we have deployed the on-premise as well as the AWS options.

What other advice do I have?

Based on my experience, it's quite easy and manageable with small scale implementations, and the time to market is quite fast. I can have good monitoring with a couple of use cases set up in less than four weeks.

In terms of other advice, it depends what I am looking for. Am I looking at this as a platform or for a specific use case? If I see it as a platform, I would definitely say it's a good platform to work on. In that case, I would rate it an eight on a scale of one to ten.

Which deployment model are you using for this solution?

Hybrid Cloud
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
MarioReale - PeerSpot reviewer
Cloud Engineer at GARR
Real User
A stable solution for collecting authentication information from service providers
Pros and Cons
  • "The most valuable feature is the ability to collect authentication information from service providers."
  • "Anything that supports high availability or ease of deployment in a highly available environment would help to improve this solution."

What is our primary use case?

The primary use of this solution is to gather authentication information and use it to determine which identity provider is breaking on which service provider. We store it as anonymized session information for each user.

What is most valuable?

The most valuable feature is the ability to collect authentication information from service providers.

What needs improvement?

Configuring the server is difficult and can be improved.

I would like to have a high availability set up that is easy to configure. Anything that supports high availability or ease of deployment in a highly available environment would help to improve this solution.

For how long have I used the solution?

I had been using Logstash for about three years. I am no longer using it but the people that I used to work with are.

What do I think about the stability of the solution?

We did not have any issues in terms of stability or performance.

What do I think about the scalability of the solution?

Scalability was not a problem for us.

How are customer service and technical support?

We did not have to contact technical support.

How was the initial setup?

The initial setup is pretty straightforward.

Our deployment took quite some time but it was not because of Logstash issues. It was a more complex situation because we didn't have access to all of the nodes that we wanted to forward. So, it took between 10 and 15 months to deploy, although it was for administrative reasons as opposed to technical ones.

What about the implementation team?

I had my own team for working with this solution but it was not for a single company. Our team was associated with a European partner and it was distributed around European cities.

What other advice do I have?

My advice for anybody who is implementing this system is to set it up so that you can manage it remotely.

Overall, this product does what it is supposed to do, although there is always room for improvement.

I would rate this solution a nine out of ten.

Which deployment model are you using for this solution?

Private Cloud
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Manager- Information Security at a tech services company with 51-200 employees
Real User
Good threat hunting and capability for AI chat-related queries with very good stability
Pros and Cons
  • "The stability of the solution is good."
  • "The solution could offer better reporting features."

What is our primary use case?

We primarily use the solution for endpoint protection.

What is most valuable?

The best feature would be the threat hunting and its AI chat-related queries. It's simple. You can just chat with the system so it can get you the report based on a chat rather than going through a configuration. It's got a built-in artificial solution, a chatbot.

The interface of the solution is good.

What needs improvement?

The solution could offer better reporting features.

For how long have I used the solution?

I've been using the solution for three years.

What do I think about the stability of the solution?

The stability of the solution is good.

We use a Linux box. And it's a hardened VM so you don't have to worry about any kind of batches, etc. You just deploy and start using, and it's quite stable and hasn't broken down on us at all.

What do I think about the scalability of the solution?

In terms of scalability, you just need to keep increasing your endpoint licenses. That's the only thing. It's as easy as getting a new license updated and then you can start deploying it to the new endpoints. Right now, we have around 500 end users. We have a buffer of 1,000, so we can add about 400 more endpoints, so we are ready to grow if we need to. I don't know if we'll extend beyond that.

Which solution did I use previously and why did I switch?

We didn't previously use a different solution.

How was the initial setup?

The initial setup is straightforward. Deployment can take up to four days.

What about the implementation team?

We used a reseller to assist us with the deployment. Our experience with them was positive.

What's my experience with pricing, setup cost, and licensing?

We pay a yearly licensing fee.

What other advice do I have?

I'd advise others to definitely do a POC, and have a plan for at least a couple of months, to see the benefits of it and then decide if it's the right solution for them.

You would need some kind of technical knowhow, not on the product, but on the kinds of incidents which you could face. You need some hands-on knowledge.

I'd rate the solution eight out of ten. The solution is effective. They even offer Mac versions now.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
it_user771693 - PeerSpot reviewer
User at a comms service provider with 51-200 employees
Real User
Good visualization, but more automation is needed
Pros and Cons
  • "The visualization is very good."
  • "There are connectors to gather logs for Windows PCs and Linux PCs, but if we have to get the logs from Syslog then we have to do it manually, and this should be automated."

What is our primary use case?

We are a service provider, and use this solution to work with our customers.

We use this solution for collecting firewall logs and then supplying them to the log analyzer.

We are running Fortinet FortiGate for our firewall, and these are the logs that we are analyzing. Normally, we have a problem with the visualization part.

How has it helped my organization?

This solution helps us because we can find all of the logs in one place. We can easily find a specific log in a specific time period.

What is most valuable?

The visualization is very good.

What needs improvement?

There are connectors to gather logs for Windows PCs and Linux PCs, but if we have to get the logs from Syslog then we have to do it manually, and this should be automated.

It would be good if I could get technical support for specific devices. I think that Windows should have some specific connectors. When we implemented a new product, we had to create it manually.

What do I think about the stability of the solution?

The stability of this solution is fine.

What do I think about the scalability of the solution?

This solution is scalable.

We have approximately two hundred users and we do not plan to increase usage at this time.

How are customer service and technical support?

We had not contacted technical support for this solution.

Which solution did I use previously and why did I switch?

We have used other SIEM solutions in our company.

How was the initial setup?

On week is enough for the deployment.

What about the implementation team?

We performed the integration ourselves.

What's my experience with pricing, setup cost, and licensing?

We are using the free, open-source version of this solution.

Which other solutions did I evaluate?

We did not evaluate other options before choosing this solution.

What other advice do I have?

We are interested in learning more about plugins for specific firewalls or other products.

The only problem with this solution is the development part, where we have to do it manually.

I would rate this solution a six out of ten.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
it_user782697 - PeerSpot reviewer
Security Operation Center Analyst at Sadad
Real User
Helps us with application behavioral analysis and tuning
Pros and Cons
  • "It is the best open-source product for people working in SO, managing and analyzing logs."
  • "If the documentation were improved and made more clear for beginners, or even professionals, then we would be more attracted to this solution."

What is our primary use case?

We used this solution for gathering our application logs and analyzing application behavior.

How has it helped my organization?

This solution assists in tuning our applications.

What is most valuable?

This is one of the best open-source log management and log analyzer tools in the world.

What needs improvement?

The documentation for this solution is very important, and more needs to be developed. It was not as good as we expected, and because of that, we prefer to work on commercial solutions such as Splunk or ArcSight. If the documentation were improved and made more clear for beginners, or even professionals, then we would be more attracted to this solution.

As you gather more and more data, and the data continues to grow, I think it is difficult to handle, administer, and perform declustering.

I would like to see support for machine learning, where it can make predictions based on the data that it has learned from our environment.

For how long have I used the solution?

We have been using this solution for six or seven months.

What do I think about the stability of the solution?

In terms of stability, we have had many problems when dealing with big data.

What do I think about the scalability of the solution?

There are six people who use this solution in our company.

How are customer service and technical support?

I do not use the commercial version so I cannot comment on technical support. The open-source community is very important for this solution.

Which solution did I use previously and why did I switch?

We used Splunk in parallel with this solution.

In my role as a Security Operations Center Analyst, I think that Splunk is more useful for me. This is because I do not work on analyzing application behavior. However, I help my colleagues with this task, using ELK Logstash, based on my experience with Splunk.

How was the initial setup?

The initial setup of this solution was complex.

We have an enterprise structure and we cannot just install this solution, Logstash, and Kibana (the data visualization plugin for this solution), to have a good experience. For example, we had to set up the SQL database.

We now have nine Elasticsearch nodes in the company that all work together in a cluster. It is not simple, but rather, an enterprise structure.

What's my experience with pricing, setup cost, and licensing?

We use the open-source version, so there is no charge for this solution.

Which other solutions did I evaluate?

The solution does not work as well as Splunk.

What other advice do I have?

Our company uses Logstash for gathering the data, and Kibana for searching. The two are used together.

This is a solution that I recommend. It is the best open-source product for people working in SO, managing and analyzing logs.

I would rate this solution an eight out of ten.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
it_user1071018 - PeerSpot reviewer
Former CISO | Cyber Security Enthusiast at a tech services company with 51-200 employees
Real User
The system intelligence gives you good detail for creating intelligence reports
Pros and Cons
  • "The intelligence of the system has been very impressive. It's not quite AI, but the technical bit where it correlates information, based on the seen attacks within an organization is good."
  • "The solution could also use better dashboards. They need to be more graphical, more matrix-like."

What is most valuable?

The intelligence of the system has been very impressive. It's not quite AI, but the technical bit where it correlates information, based on the attacks within an organization is good. The intelligence bit that it gathers from within itself is really good. It's pretty accurate and gives you good details to create an intelligence report and present that to your C-level management. 

What needs improvement?

I think user interface could be improved. They should introduce a hybrid model, because for now, Endgame is purely on premises. They do not have a full-blown model. They don't market themselves that way, which is why customers lose out on a lot of information. They don't know if the product is worth the trial or not because it's an organization that is going completely in the direction of digital transformation on the cloud and then Endgame's automatically removed as an option for them. They wouldn't even know Endgame goes on the cloud, because the company does not market it. 

The solution could also use better dashboards. They need to be more graphical, more matrix-like.

For how long have I used the solution?

I've been using the solution for a few months.

What do I think about the stability of the solution?

The solution is pretty stable.

What do I think about the scalability of the solution?

I don't think I can comment on the scalability, because it wasn't in my use case. I was the only primary user; I was testing it because I was testing it against a competitor.

How are customer service and technical support?

I haven't had to reach out to technical support.

How was the initial setup?

The initial setup was a little complex.

What about the implementation team?

We used a deployment consultant, but I installed it on my own.

What other advice do I have?

It works well offline. It works on the cloud as well, but I doubt that it has 100% capability as it does on-premise. There's a difference. Endgame works very well when it's not connected to the internet as well. For example, if it's installed on a computer and the person's out on the road, it's still going to protect. Go through a good assessment of the Endpoint from an Endpoint security assessment methodology perspective.

I would rate this solution 7.5 out of 10 because I know of a solution that does better.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Prabhanshu Pandit - PeerSpot reviewer
Programmer at a tech services company
Real User
Stable, with good documentation, but needs better email notification
Pros and Cons
  • "ELK documentation is very good, so never needed to contact technical support."
  • "Email notification should be done the same way as Logentries does it."
  • "We set up a cron job to delete old logs so that we wouldn't hit a disk space issue. Such a feature should be available in the UI, where old logs can be deleted automatically. (Don’t know if this feature is already there)."
  • "They don't provide user authentication and authorisation features (Shield) as a part of their open-source version."

What is most valuable?

Documentation is very good, so implementation is fine.

What needs improvement?

Email notification should be done the same way as Logentries does it. Because of the notification issue we moved to Logentries, as it provides a simple way to get notification whenever a server encounters an error or something unexpected happens (which we have defined using Regex).

We set up a cron job to delete old logs so that we wouldn't hit a disk space issue. Such a feature should be available in the UI, where old logs can be deleted automatically. (Don’t know if this feature is already there).

For how long have I used the solution?

One to three years.

What do I think about the stability of the solution?

No issues with stability.

What do I think about the scalability of the solution?

Not really, but we did set up a cron job to delete old logs so that we wouldn't hit a disk space issue.

How are customer service and technical support?

ELK documentation is very good, so never needed to contact technical support.

Which solution did I use previously and why did I switch?

We used Logentries, but because it is open-source we moved to ELK as a part of cost-cutting strategy and evaluation of ELK. But the lack of a notification feature caused us to go back to Logentries.

How was the initial setup?

Slightly complex, especially when you are configuring machines which are on a separate IP rather than on a single machine. In my case Elasticsearch, Kibana, and Logstash were on different machines. Along with that, we added a proxy server (nginx) ahead of the Kibana server. We used the proxy server for user authentication so that only known users should be able to access the Kibana dashboard. ELK didn’t have a free version for user authentication and that made us go for the alternative. We have, in total, four machines.

What other advice do I have?

I give it a seven out of 10. They don't provide user authentication and authorisation features (Shield) as a part of their open-source version.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Yogesh-Sharma - PeerSpot reviewer
DevOps Engineer at a computer software company with 1,001-5,000 employees
Consultant
Central log management helped increase developer productivity
Pros and Cons
    • "Authentication is not a default in Kibana. We need to have another tool to have authentication and authorization. These two should be part of Kibana."
    • "We had issues with scalability. Logstash was not scaling and aggregation was getting delayed. We moved to Fluentd making our stack from ELK to EFK."

    How has it helped my organization?

    In my previous organization, I used this for central log management, increasing developer productivity.

    What is most valuable?

    Elasticsearch Indexing and the Visualize tools of Kibana.

    What needs improvement?

    Authentication is not a default in Kibana. We need to have another tool to have authentication and authorization. These two should be part of Kibana.

    For how long have I used the solution?

    One to three years.

    What do I think about the stability of the solution?

    No issues with stability.

    What do I think about the scalability of the solution?

    We had issues with scalability. Logstash was not scaling and aggregation was getting delayed. We moved to Fluentd making our stack from ELK to EFK.

    How is customer service and technical support?

    We were using the open source version. Community support is good.

    How was the initial setup?

    Complex. We needed to analyze multiple factors, like benchmarking, performance of Logstash.

    What other advice do I have?

    I rate it at eight out of 10. It is scalable (if used properly), durable, and performance tested.

    If you are good to spend money, Splunk is way better for log management. There might be other use cases where you may need ELK.

    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    Buyer's Guide
    Download our free Elastic Security Report and get advice and tips from experienced pros sharing their opinions.
    Updated: July 2022
    Buyer's Guide
    Download our free Elastic Security Report and get advice and tips from experienced pros sharing their opinions.