Elastic Security Reviews

We use Elastic Security internally, and we also use it to provide managed services to our corporate customers. So, we have two instances. The first one is on-premises, installed in our own security operations center, and it helps protect our internal network. But we also use a cloud-based instance to provide managed services, SIEM managed services, to our end customers.

Our customers' main use cases for Elastic Security are log analysis, as we use the platform as a SIEM platform, Security Information Event Management system. We collect logs from different sources and identify malicious files. So it's security, first of all. And then, of course, we use the data analytics tool for offense classifications and triggering.

The most useful features I find in Elastic Security are the forensic ones that allow us to carry deeper analysis into the logs for in-depth investigations, and the dashboards, with the reporting dashboard being quite user-friendly.

Elastic Security is quite good at identifying threats, as it is part of the deep investigation tool that I mentioned before. Unless we need to look further into a certain log, we can carry out a deeper analysis and forensics on those particular logs.

I can assess the impact of Elastic Security's real-time data analysis on our threat response efficiency as working pretty good. We are looking for real-time analysis because we have a continuous inflow of logs from different sources: from our cloud, from Active Directory, from our network. So it works pretty well.

I do not have any specific recommendations for improvements in Elastic Security, but I feel that the AI module should get more mature. These machine learning algorithms become better with time; as they ingest a huge volume of data, they become better, which would help decrease our workload for the analysts and provide some automation work in terms of analysis.

I have been working with Elastic Security for at least five years.

So far, I have not faced any kind of issues with its stability.

Elastic Security is quite scalable; once we extend the base of logs, we can add extra sensors. So we can manage even higher volumes of data.

I have not faced any difficulties with Elastic Security, as we have a pretty good support service from them, so we didn't encounter any major issues so far.

Positive

Before choosing Elastic Security, I evaluated tools such as IBM QRadar and Splunk.

The specific benefits in Elastic Security when compared with QRadar or Splunk are its user-friendliness and the fact that it is easy to learn for the analysts, in addition to being more affordable.

For the initial setup of Elastic Security, it was a seamless integration, so it's not very complex or too difficult.

I have not calculated ROI, return on investment, with Elastic Security because we own the platform and we invest in the upgrades. However, I think for the investment that we have made so far, the payback period is about three to four years.

Elastic Security actually has a very good cost-benefit ratio compared to other vendors in the market.

For those considering using Elastic Security, I recommend it as a good option and a good investment because it's affordable and it covers a lot of security needs within a company. The review rating is 10.

Elastic Security is applied within my cyber defense strategy by utilizing many modules such as EDR, GenAI, SOAR module and combines with the SIEM module. It gives all of them on one platform, making it very easy to manage all of the services in one place.

Additionally, search performance and scalability is also a plus.

The integrated endpoint protection has enhanced my security posture by being easy to manage and really effective. I was not expecting this level, so I can give it a nine.

Elastic Security has impacted my overall security costs, first on the financial side. I was not expecting it to have such an effect on the technical side, but after the installation was finished, I saw that it is very effective on the financial side. It works with the SIEM module and SIEM rules and EDR rules combined together, making it very useful and effective on the security side.

For functionalities or features I would want to see in the next release, it would be related to the configuration part or more customization features. It has an AI, but it does not have an NDR module, specifically a network detection and response module.

We are utilizing AI; we implemented the AI assistant in Elastic Security, and our analysts are using the AI assistant to investigate the alarms and some data. It is very useful.

The features that require some improvement in Elastic Security might be related to installation. Installation is a little bit overwhelming, so improvements on the installation site could make it easier.

I have been working with Elastic Security for two years.

It requires some maintenance or technical intervention at the scalability and installation site. After finishing the implementation, it does not require further intervention.

I would rate overall stability an eight.

I would rate the scalability of the solution a nine.

The technical support is responsive and helpful. They were very helpful.

I would rate technical support a 10.

Positive

I worked with Splunk and QRadar before Elastic Security for years. With QRadar, I worked for almost 10 years.

I still use QRadar but discontinued Splunk because of the price point.

It takes about a week to deploy the product.

I took part in the process of deployment.

My colleague and I were involved in installation. We are actually a deployment team of about 13 people. We are an integrator.

Elastic Security has impacted my overall security costs, first on the financial side. I was not expecting it to have such an effect on the technical side, but after the installation was finished, I saw that it is very effective on the financial side. It works with the SIEM module and SIEM rules and EDR rules combined together, making it very useful and effective on the security side.

I am satisfied with the pricing, setup cost, and licensing cost. It is a pure 10.

I worked with Splunk and QRadar before Elastic Security for years. With QRadar, I worked for almost 10 years.

I totally recommend Elastic Security to other organizations. I would recommend it because it combines almost all the security products in one platform, and it works very well. Scalability is also a plus.

On a scale of one to ten, I rate Elastic Security a nine.

Neutral

Currently, I am using QRadar, which I consider legacy and outdated compared to Elastic Security and Splunk. I also explored Elastic Security yet haven't implemented it in production.

Elastic Security offers advanced features such as machine learning and integration with ChatGPT. It can be used on-premises without an internet connection, making it versatile. The platform provides more visibility and requires less effort in monitoring. It is cost-effective and offers a good price compared to other solutions.

Elastic Security consumes a lot of resources, requiring a substantial deployment setup. The initial configuration and setup are complicated and not straightforward.

I did not contact Elastic Support directly. However, I worked alongside a local vendor during the proof of concept, who helped with setup.

Neutral

I evaluated Elastic Security and found it to be successful in the proof of concept, however, it has not been put into production.

The setup for Elastic Security is complicated and requires significant resources.

I used additional local vendors who were very capable in handling the setup and deployment.

Elastic Security is considered cost-effective, especially at lower EPS levels. However, a direct comparison was not made due to different pricing structures.

I explored Elastic Security alongside QRadar and Splunk.

I would recommend Elastic Security to others. I rate it eight out of ten for its features, despite its complexity in deployment.

Elastic Security has developed its security capabilities and is currently in the early stages. It provides observability, security, and SIEM (Security Information and Event Management). It's an integrated security solution for enterprise-level organizations, offering visibility through Kibana. Additionally, it offers insights regarding alerts, reports, and cases, and the ability to create whitelisting and rules.

Elastic Security offers good insight regarding alerts, reports, and cases. Users can create whitelisting and rules; creating rules in Elastic is user-friendly and doesn't necessarily require an expert to manage it. A large portion of their knowledge base is available online. Additionally, Elastic Security is as flexible and configurable as Microsoft Sentinel.

Elastic sometimes does not correctly identify threats or anomalies. It might not classify an issue as malicious or critical accurately. CrowdStrike and Defender have more established threat intelligence integration due to having a larger client base.

I have been using Elastic Security for two years.

In terms of stability, I would rate Elastic a solid eight out of ten. It is generally stable but could benefit from improvements.

Scalability is rated at nine. Elastic Security offers sufficient scalability to meet the needs of its users.

Technical support from Elastic is rated eight out of ten. Support is prompt and helpful, providing necessary assistance efficiently.

Positive

I have previously worked with Microsoft Defender and CrowdStrike.

The initial setup of Elastic Security is straightforward, similar to the ease of deploying a solution like Trend Micro. For those already using Elastic Observability, the setup is even smoother. Elastic provides support quickly and ensures the process is user-friendly.

Elastic Security is cost-effective compared to Defender and CrowdStrike. The pricing is reasonable, especially for Small Medium Enterprises (SMEs), making it a viable option for businesses building their security infrastructure.

Microsoft Defender and CrowdStrike have been evaluated.

Elastic Security is recommended for SMEs due to its cost-effectiveness and video user-friendliness. Large corporations might want to consider budget availability before adoption. On a scale of one to ten, I rate Elastic Security an eight.

I use Elastic Security to aggregate all logs from different devices in one place. It works pretty well and provides one overview of everything.

The solution's most valuable features are anomaly detection and connectivity reporting. Elastic Security also has many automation capabilities, which can feed some information to other systems.

The solution's basic setup takes time, and a lot of effort is required from the beginning to make it actually work.

I have been using Elastic Security for more than four years.

The solution's technical support is really amazing. They help a lot by explaining everything and helping with some setup and configuration. They went way beyond the support and did much more.

Positive

We previously used Splunk but switched to Elastic Security because Splunk was more expensive. Feature-wise, both tools are pretty much the same. They have almost the same functions. Elastic Security has a much better AI assistant that allows you to ask questions like a normal person.

With Elastic Security, I can also predict the price and how much it will cost. Splunks's pricing depends on how much data we use and the different add-ons I have to add. The pricing is much better with Elastic Security.

We took six months to deploy the solution.

If we go with the solution the firewall vendor provides, it would be double the price of what we pay for Elastic Security.

Compared to other tools, Elastic Security is a cheaper solution.

Elastic Security uses AI capabilities to detect anomalies and discover unknown traffic patterns. It also has an AI assistant that you can use to ask questions, which is a really powerful tool.

Overall, I rate the solution an eight out of ten.

We use Elastic Security for basic SIEM reporting.

The most valuable feature of Elastic Security is that you can install agents, and they are not separately licensed. You can also directly install integrations onto those agents. The solution's user interface is good.

Presentation-wise, the dashboards are not that pretty from an aesthetic point of view. Regarding usability, you should be familiar with the Elastic syntaxes and how to use them, or else it can be pretty hard. The solution's query building is not that intuitive compared to other solutions.

I have been using Elastic Security for one year.

Elastic Security needs a lot of configuration from the architecture point of view, but other than that, it's pretty stable. Suppose you are doing small deployments and reaching the limit of the deployments. At some point, if there is a lack of resources and you have not configured the automatic scaling, it might freeze up, and you need to restart it.

Elastic Security's initial setup is easy.

Elastic Security is free to use.

Elastic Security has a pretty easy setup for someone starting a cybersecurity career. You will have a taste of what CM solutions look like, how they work, and the workflow because it's pretty easy to set up. Many cool features exist even in an on-premises, free, open-source version. Using Elastic Security is a pretty nice way to start.

Overall, I rate Elastic Security a seven out of ten.

Elastic Security is very customizable, and the dashboards are very easy to build. It's a very, very, very fast tool. If I click on something on my other SIEM to drill down into that thing, it only drills down a little, but Elastic Security will filter everything that's on the screen.

It's a little bit of a learning curve to understand the logic of searching for things and trying to find what you're looking for in Elastic Security. You have to understand because it's not all formatted the same. My last SIEM had a whole drop-down where you literally could click on whatever data source you wanted to look at.

It's not like that in Elastic Security. Sometimes, it's a drop-down, and sometimes it's like a specific thing inside something else. You have to get in there and understand your environment to really know where your data is. Trying to find what you're looking for if you don't know the environment is extremely hard in Elastic Security.

Elastic Security's scalability is pretty easy. Since it's in the cloud, you have to watch your throughput to ensure you're staying within what you've bought. That being said, they have had to build scripts to understand that throughput because there is no easy way to see how much data you're actually pushing to the cloud. If you go over your cap, they'll bite you in the bill, and you wouldn't even know it.

Elastic Security's initial setup is not easy. We've had to hire an entire team, and it's taken over a year and a half to set up the solution.

Before choosing Elastic Security, we evaluated Microsoft Sentinel.

The learning curve for Elastic Security is heavy. It becomes easier once you get into it and start using it as a user. We had to hire a separate team to help build the back end. Elastic Security is not an easy product to set up.

Elastic Security has better user usability and intuitiveness. It's hard to build the tool, but it is quick and has easy dashboards. Elastic Security is great once you get it built, but the build is the hardest part.

Overall, I rate Elastic Security a six out of ten.

We primarily use the solution for log management. We use its basic functionality.

The dashboards are great.

It's very customizable, which is quite helpful. 

It's mostly stable. 

The solution can scale.

It is a reasonably priced product that is open-source and can be free to use. 

The user interface could be simpler. It can be complicated for some who aren't familiar with it.

We'd like better premium support.

The company has used the solution for a long time. I just joined the organization.

Once you upgrade or do anything on the server there may initially be some issues, however, mostly it is stable. I'd rate the stability six or seven out of ten. 

There are no issues with scalability. It can extend well. 

We have a separate team that deals with the solution directly.

We plan to migrate to a new solution and do not intend to extend usage. 

We have premium support, and it is not good. They are not helpful or responsive at all. We could not get a hold of them. 

We also make use of Wazuh.

I've used Rapid7 a long time ago in a previous organization. This solution is much more basic and does not have as many features. 

The initial setup can be complex if you don't have technical knowledge. However, once it is deployed, it works well. 

I'm not sure how long it took to deploy. I wasn't there when it was set up and configured. 

We have an internal team that handles deployment and maintenance. It doesn't require too many people to deploy. Five or six people would be enough. However, for 24/7 monitoring, you need to have someone always on it. 

I was not in the organization when the organization was launched. My understanding is that it can be done in-house. 

The tool is fine. However, their premium support is bad.

This is an open-source solution. It's free to those who would like to take advantage of its capabilities. 

There are options for yearly or monthly subscriptions. It's based on how many logs you deal with every month. If it increases beyond your tier, you would pay extra for the solution. 

The price can be low, however, their support is lacking - even the premium option. 

I'd rate it eight out of ten in terms of affordability.

For a small organization, this solution works well. It may not be suitable for a bigger organization.

I'd rate the solution seven out of ten. There are a lot of reviews available online. People should go and take a look and learn about the solution themselves.

I use the tool for security operations.

Elastic Security is not good for my company. I also use Splunk. Splunk is better than Elastic Security. Elastic Security is used in our main security systems, and now we also use NetFlow. SPL is better than Elastic Security. SPL is better for creating dashboards. It is very good for creating dashboards.

I want to find an automatic security system in the tool, like a SOAR solution. I am looking forward to seeing a SOAR system in the tool.

I have been using Elastic Security for three years. I use Elastic Security 8.0. I am a customer of the tool.

I am a Splunk customer, but its usage is shrinking in our company. I have hands-on experience with Splunk for five to six years. As a basic enterprise system, Splunk is very good, and it also has many applications, making it a very useful tool. I am trying to find a managed security system. Splunk helps our organization monitor multiple cloud environments. It is not so easy to monitor multiple cloud environments with Splunk Enterprise Security's dashboards. With Splunk, it is very easy to find Azure and Azure API connections, but the versions vary. If the tool's version varies, the system won't work. Once we are able to set up the system, the tool will work fine.

Some application tools should be provided by the maker as they can be very beneficial to us.

Splunk's visibility into multiple environments is to manage the tool in the cloud. I have used the tool, and it has the capability to detect threats.

The product's initial setup phase was done two years ago, and the whole process was not so good, even though it was created with the support team from the project team. My company has a number of servers in the system, but it is not good enough or easy to implement the tool.

I just had one requirement with the product and had to send it across to the tool vendors.

The solution is deployed with the help of Azure.

The product's implementation phase was managed by IIJ, which is a system integrator. The help for Elasticsearch 7.0, but not so good for Elasticsearch 8.0.

The price of Elastic Security is not so bad compared to Splunk. I can say that the product is cheaply priced.

In cyber security operations, I use the tool only for troubleshooting or checking the network traffic. I really didn't really use it for security operations.

I am facing trouble creating a security system using Elastic Search. I am also considering other solutions, like Splunk, but I know that small and medium firms don't contact IBM.

The tool's functionality is good for overall security and incident response times.

I have heard from people that the tool generates results.

I would not recommend the product to others. I would recommend Splunk to others.

I rate the tool a six to seven out of ten.