2019-07-09T05:26:00Z

What advice do you have for others considering Elastic Security?

Miriam Tover - PeerSpot reviewer
  • 0
  • 10
PeerSpot user
29

29 Answers

Prasanth Prasad - PeerSpot reviewer
Real User
Top 5
2024-02-15T12:07:00Z
Feb 15, 2024

The product has made amazing developments and has gone miles ahead in a short span of time when it comes to its enhanced threat detection and threat response capabilities. The product has helped manage endpoint security since it serves as a single tool that provides all the functionalities together. After you deploy Elastic Security, you can do everything with it, and there is no need to buy separate products or licenses. Through the setup of Elastic ELK Stack, you can get all the functionalities like SIEM, SOC, threat detection, endpoint detection, user behavior analytics, data analytics, data lake analytics, virtualization, dashboarding, cross-referencing, and threat response. Elastic Security's most beneficial for security needs steps from the tool's openness. The tool is a highly customizable product, allowing you to play with it as much as you want. Speaking about real-time data analytics features in Elastic Security improve security posture, the real-time is not real-time natively. You need real-time streaming capabilities, for which you need something like Apache Kafka to stream data. The analytical power of Elastic Security is extremely high. If you can get me data in real-time, I can analyze data in real time with Elastic Security. The product has introduced generative AI in the tool. The product has covered all technological advancements a person can think of, and it also has a lot of roadmap for the future development of the solution. The tool is strong and capable. Elastic Security offers one of the highest integration capabilities I have seen in any kit in the market. The tool offers a lot of out-of-the-box connectors and a lot of certification from a lot of providers across different areas. From a workflow perspective, if you are a customer using a proprietary tool with proprietary mechanisms to manage how work is done, then the integration offered by Elastic Security wouldn't be great. If you have an enterprise-grade product involving firewall solutions, SOC tools, endpoint tools, privilege access management solutions, or any other cybersecurity tools, Elastic Security's integration capabilities would work and help manage your workflows seamlessly. One of my company's customers told me that the incident response time after the implementation of the product was reduced by half within the first few weeks of the rolling out of the solution in the company. The product is very user-friendly since it offers generative AI in the dashboard. If you don't know how to do something on the dashboard, you can ask a question, and the solution will guide you. From a user perspective, I would say that the person using the product should be knowledgeable and should know what he wants. The product is not for someone who is a novice. The cybersecurity analyst working on the tool should have a fair understanding of what he wants to achieve with the product. It is okay if a cybersecurity analyst does not know how to write a query in the tool since the product offers help through generative AI. You can ask generative AI how to write a query, and it helps you. Elastic Security can be a bit difficult to use if a person only has experience in SMBs with tools like Zoho. The product can also be difficult for those who have never dealt with query language. It would be easy to move to Elastic Security for those who use Splunk, IBM QRadar, or other enterprise-grade tools. I rate the overall tool a ten out of ten.

Search for a product comparison
Don Jarmon - PeerSpot reviewer
Real User
Top 20
2023-10-31T15:23:28Z
Oct 31, 2023

To those who plan to use Elastic Security, I suggest that they seek professional services if available. Elastic Security is not something you download, install, expect to work, and get desired results. I rate the overall product a nine out of ten.

SK
Real User
Top 5
2023-10-03T08:58:22Z
Oct 3, 2023

Overall, I would rate the solution an eight out of ten. We are still evaluating Elastic Security, but we are interested in learning more about its capabilities.

MU
Real User
Top 5
2023-08-23T11:15:43Z
Aug 23, 2023

I am a security engineer and I have a team of security engineers. We are an MSSP that provides security services to different clients. For example, a customer might need us to monitor their infrastructure, so they'd provide us access to their SIEM and monitoring tools. Similarly, one of our clients in UAE approached us to monitor their infrastructure, and I learned that they are using Elastic Security as an SIEM. I wanted to ensure that my team and I were comfortable using this solution to get clients to use this product. I rate Elasticsearch a six-point five out of ten. To anyone planning on choosing Elasticsearch, I advise you to know your infrastructure first and then plan how many instances you'll need. Consider how the number of devices and your business will grow, and plan accordingly. Then, deploy the solution according to the best practices. Once deployed, make sure you organize your integrations so that the solution is easy to manage in the long run because when you have more than 200,000 or 300,000 log sources feeding logs into your ELK, it will be very tough to manage.

Haroon Khand - PeerSpot reviewer
Reseller
Top 20
2023-08-11T11:43:00Z
Aug 11, 2023

I would rate Elastic Security a nine out of ten.

IA
Real User
2023-07-25T09:59:08Z
Jul 25, 2023

I would rate the solution a seven out of ten.

Learn what your peers think about Elastic Security. Get advice and tips from experienced pros sharing their opinions. Updated: March 2024.
765,386 professionals have used our research since 2012.
Saad Leghari - PeerSpot reviewer
Real User
Top 20
2023-06-27T14:27:27Z
Jun 27, 2023

I would rate the product an eight out of ten. You should use the solution if you want to have a very detailed machine-learning artificial intelligence. However, for certain production licenses, you need to prepare. It is open to different configurations and can just fit according to your requirements. This is one of the solution's good parts.

AM
Real User
Top 10
2023-05-23T15:32:26Z
May 23, 2023

I rate Elastic Search seven out of 10. I would recommend it for people who are using it to learn about solutions, but I don't think it's capable of doing the work on an enterprise level.

RJ
Real User
Top 20
2023-04-06T12:14:00Z
Apr 6, 2023

I would say you don't spend too much time evaluating and comparing it with other products. Just start with it because you can begin for free and gain knowledge. It's the best approach. It's also a good idea to run it next to other solutions, like Splunk or QRadar, or something else, and compare how you can use this platform. We have also done some migration projects from these platforms to Elastic Security. Initially, some expectations were that it could not be as good for the price because it's free or cheaper, but surprisingly, we found it valuable and easy to use. Overall, I rate it a seven out of ten because some features are still missing. However, it's a developing platform and technology that is a good investment for the future. Every release adds new features, and the platform fits future requests and changing IT landscapes, like cloud environments. There are no limits, and it's an open platform that can serve all needs.

Matthew DeGrandis - PeerSpot reviewer
Real User
Top 10
2023-03-09T22:03:32Z
Mar 9, 2023

I rate Elastic Security nine out of 10. I can't speak to any of the other security features, but it works for logging and SIEM.

. - PeerSpot reviewer
Real User
Top 10
2023-02-13T20:28:04Z
Feb 13, 2023

I'm using the latest version of the solution. I'd recommend the solution to others. I'd rate the solution eight out of ten.

Sinan ŞENGÖR - PeerSpot reviewer
MSP
Top 10
2022-12-13T16:25:00Z
Dec 13, 2022

I'm a partner. I'd advise others to take advantage of the documentation of the solution in order to get the most out of the product. In general, I'd rate the solution eight out of ten.

Tiodor Jovovic - PeerSpot reviewer
Real User
Top 5
2022-11-24T11:00:58Z
Nov 24, 2022

For new customers, this is a perfect choice. For older customers, it's very difficult to change solutions. I'd rate the solution eight out of ten.

PC
Real User
Top 5
2022-10-03T10:41:11Z
Oct 3, 2022

I've had customers for Elastic Security in the last twelve months. Elastic Security requires maintenance, especially in a scaled-up environment, because you have multiple machines that work in a cluster environment, so you'll need some advanced skills to maintain that cluster. The solution becomes harder to maintain once it's scaled up. Elastic Security is a pretty straightforward solution I'd recommend to others, though you'd need a person who'll pick up the query or search language because Elastic Security requires a lot of query language, so you can search for data on it. There's a special search query pattern you have to remember before you can do the search or for you to do a better search. You can always do a normal search on Elastic Security, but if you want to have better search results or more accurate results, you need to learn the query language first. My rating for Elastic Security is eight out of ten because of its good performance and scalability. Its good search feature is very important for the use cases of my customers, but I deducted two points because the pricing for Elastic Security could still be improved.

KF
Real User
Top 20
2022-07-01T05:07:16Z
Jul 1, 2022

We are just customers. I'd rate the solution an eight out of ten.

WI
Real User
Top 20
2022-06-21T06:05:00Z
Jun 21, 2022

I would rate this solution as a seven out of ten.

MF
Real User
Top 20
2022-05-20T17:40:00Z
May 20, 2022

There's a lot of fine-tuning involved with this solution. When you go to a diner, and the menu has everything on it, and you can't figure out which part to look at first, it's a double-edged sword. You can do everything with this solution, which means you have to figure out which part of "everything" makes sense for your company to do. I would rate this solution as an eight out of ten. It's a good value for money and a reliable solution, but it's heavily reliant on appropriate configuration.

Giuseppe Ragazzini - PeerSpot reviewer
Real User
Top 20
2022-04-06T19:47:30Z
Apr 6, 2022

I would rate this solution 7 out of 10. It's a good solution and I would recommend it, but there are other products that have more features that Elastic doesn't have.

SN
Real User
2020-07-03T04:02:35Z
Jul 3, 2020

I would say "Elastic is more a platform rather than a tool". For SIEM, Elastic is quite flexible, however you will have to create Use cases yourself (e.g. Threat hunting). Elastic nodes sizing is key in ensuring performance is not impacted. 

Haitham AL-Sarmi - PeerSpot reviewer
Real User
2022-02-06T07:24:04Z
Feb 6, 2022

We are a partner. I'd advise others considering the solution that ELK is a good solution, however, it requires skills and capability. You need to be properly trained with it to get the most out of it. I would rate the solution at a five out of ten.

TB
Real User
Top 10
2022-01-05T07:23:09Z
Jan 5, 2022

I rate Elastic SIEM eight out of 10. Elastic is easy, lightweight, and highly scalable, but you need to be skilled at scripting to use it. If you're going to use the product, you need to ensure your engineers have the scripting ability.

SA
Real User
2021-05-21T09:52:37Z
May 21, 2021

I would advise going for the latest version, but it may or may not be backward compatible. Nowadays, version 7.12 is the latest version, and I see that it is actually not compatible with the older versions. I would rate Elastic SIEM a seven out of ten.

TW
Real User
2020-10-01T09:58:00Z
Oct 1, 2020

In our case, being a medium-sized business, it takes a lot of resources to learn how to properly use and implement it — you need to have a good understanding. They give you a very good framework and a very good solution to work with, but there's a lot of intuition that's required to actually make it work well. It requires a lot more effort than they would lead you to believe or that you would even expect. On a scale from one to ten, I would give this solution a rating of eight. This is based on my experiences from the past as we're still implementing it.

SA
Real User
2020-07-29T07:45:59Z
Jul 29, 2020

My advice to anybody who is considering this product is that it is a very competitive tool that is very new in the market and the vendor is doing their best to improve services. I highly recommend it and suggest that people choose it without a second thought. I would rate this solution an eight out of ten.

JM
Real User
2020-05-18T07:50:00Z
May 18, 2020

You have to decide to what level you're trying to go. Is it an SMB or larger enterprise? Because if it is a bigger enterprise there might be a lot of other cybersecurity products that are already installed on their premises. You need to check the compatibility and how it's going to integrate. Make sure it is easy to use and check to see what level you want to track. If there are incidents like unknown IPs and if you look at the logs and find there is no harm in the IPs there will be scrutiny on the endpoints. Consider what kind of team you're going to have and what their ability is to customize things, to connect to different logs. They should look at the operation and see how to customize it and connect it. Finally, consider your budget and how much you want to spend. I would rate it an eight out of ten. It is evolving every day on the security front but there are still certain areas that can be improved more. In the next release, I'd like to see more improvements so that we can do more automation and have more automatic responses. That would be more helpful so that we don't have to delay the manual sources.

it_user1247235 - PeerSpot reviewer
Real User
2020-04-28T08:50:48Z
Apr 28, 2020

This solution is complex and cannot be used by just anybody. That said, for people who don't want to buy a product or who want to do everything themselves, I would recommend it. The real problem is that its complexity means that it takes a lot of time to set up and learn to use. There is a lot of configuration and hard work. I would rate this solution an eight out of ten.

JJ
Real User
2020-04-28T08:50:45Z
Apr 28, 2020

My advice to anybody who is implementing Elastic SIEM is to understand how the data works first. It is really different from other types of products. Overall, the product is very stable and it is well-liked. I think that everybody should consider using it. I would rate this solution an eight out of ten.

TV
Real User
2019-11-13T05:29:00Z
Nov 13, 2019

I'd advise others to definitely do a POC, and have a plan for at least a couple of months, to see the benefits of it and then decide if it's the right solution for them. You would need some kind of technical knowhow, not on the product, but on the kinds of incidents which you could face. You need some hands-on knowledge. I'd rate the solution eight out of ten. The solution is effective. They even offer Mac versions now.

it_user1071018 - PeerSpot reviewer
Real User
2019-07-09T05:26:00Z
Jul 9, 2019

It works well offline. It works on the cloud as well, but I doubt that it has 100% capability as it does on-premise. There's a difference. Endgame works very well when it's not connected to the internet as well. For example, if it's installed on a computer and the person's out on the road, it's still going to protect. Go through a good assessment of the Endpoint from an Endpoint security assessment methodology perspective. I would rate this solution 7.5 out of 10 because I know of a solution that does better.

Elastic Security is a robust, open-source security solution designed to offer integrated threat prevention, detection, and response capabilities across an organization's entire digital estate. Part of the Elastic Stack (which includes Elasticsearch, Logstash, and Kibana), Elastic Security leverages the power of search, analytics, and data aggregation to provide real-time insight into threats and vulnerabilities. It is a comprehensive platform that supports a wide range of security needs, from...
Download Elastic Security ReportRead more

Related Q&As

Related articles