2019-07-09T05:26:00Z

What needs improvement with Elastic Security?

Miriam Tover - PeerSpot reviewer
  • 0
  • 5
PeerSpot user
28

28 Answers

Prasanth Prasad - PeerSpot reviewer
Real User
Top 5
2024-02-15T12:07:00Z
Feb 15, 2024

There is a constant evolution in the product. I think that the solution has a strong roadmap in place. I believe that the tool is going to be a leader in a lot of spaces, considering that it is evolving at a fast rate. From an improvement perspective, the product should be easier to use for those who don't know query language and have experience with only some basic products in the market.

Search for a product comparison
Don Jarmon - PeerSpot reviewer
Real User
Top 20
2023-10-31T15:23:28Z
Oct 31, 2023

With Elastic Security, the challenge arises from the fact that there is a learning curve in relation to queries and understanding the query language provided to extract usable data. You have to understand what kind of queries to create quickly to get the information you need out of the system, as it ingests the information into a database, and then you have to do custom queries to extract the information. In the future, I would like to see better reporting capabilities provided by Elastic Security. It has the ability to create custom reports, but a lot of it has to do with how the service provider helps generate reports. It may be a challenge if you just want an ad hoc report and stuff.

SK
Real User
Top 5
2023-10-03T08:58:22Z
Oct 3, 2023

One limitation of Elastic Security is that it does not have built-in workflows for all tasks. For example, if you need a workflow for compliance, you will need to create a custom workflow. Sometimes, different types of clients require different workflows. And it absolutely varies from context to context. So that is often not available in [Elastic Security]. Additionally, the list of data sources that Elastic Security supports is limited. If you need to collect data from a system or application that is not on the list, you will need to develop a custom integration.

MU
Real User
Top 5
2023-08-23T11:15:43Z
Aug 23, 2023

There are a lot of things that could be improved. For example, if I talk about Sentinel, the automation of the server component is very cool. But when it comes to Elastic, I don't see that. I think we need to come up with other solutions to make it possible to automate the response. This is easier in Azure Sentinel. Then if I come to integration, for example, there is a product from IBM called QRadar. They provide a very managed way to manage your integrated log sources. For example, you will get a list in one pane where you can segregate logs based on their log type. For example, it could be based on Windows or Linux. Even within them, you can segregate them based on their application. You can tag them. But in Elasticsearch, you will get all of these in one place, in a raw form which is not very presentable. You cannot visualize those log sources pretty well. Although you can visualize logs pretty well through dashboards and graphs, when it comes to integrated devices, management for those devices is missing. And wherever I use Elasticsearch, it takes a lot of time to reload or load. It is very time-consuming.

Haroon Khand - PeerSpot reviewer
Reseller
Top 20
2023-08-11T11:43:00Z
Aug 11, 2023

Elastic has one problem. In the past, Elastic Security was free. Now, they currently only offer the basic license or a certain period of time. The platinum and enterprise level features aren't offered in the free version and most organizations use the free version. They don't pay for the paid features. That's a problem in the market from the Elastic side. They should have a way for everybody to be able to benefit from the premium features.

IA
Real User
2023-07-25T09:59:08Z
Jul 25, 2023

The tool should improve its scalability.

Learn what your peers think about Elastic Security. Get advice and tips from experienced pros sharing their opinions. Updated: March 2024.
765,234 professionals have used our research since 2012.
Saad Leghari - PeerSpot reviewer
Real User
Top 20
2023-06-27T14:27:27Z
Jun 27, 2023

The tool needs to integrate with legacy servers. Big companies can have legacy servers that may not always be updated.

AM
Real User
Top 10
2023-05-23T15:32:26Z
May 23, 2023

The setup process is complex. You need a solid working knowledge of networking, operating systems, and a little programming.

RJ
Real User
Top 20
2023-04-06T12:14:00Z
Apr 6, 2023

In terms of improvement, there could be more automation in responding to and evaluating detections. Additionally, there could be some sort of intelligent database checking for better effects. Overall, I think there could be more automation.

Matthew DeGrandis - PeerSpot reviewer
Real User
Top 10
2023-03-09T22:03:32Z
Mar 9, 2023

Elastic Security has a steep learning curve, so it takes some time to tune it and set it up for your environment. There are some costs associated with logging things that don't have value. So you need to be cautious to only log things that make sense and keep them around for as long as you need. You shouldn't hold onto things just because you think you might need them.

. - PeerSpot reviewer
Real User
Top 10
2023-02-13T20:28:04Z
Feb 13, 2023

We aren't expecting any new features in the next release, We have everything we need. Technical support could respond faster.

Sinan ŞENGÖR - PeerSpot reviewer
MSP
Top 10
2022-12-13T16:25:00Z
Dec 13, 2022

The solution wasn't designed for monitoring at first. It was for search and stack logs and for working with solutions like Kibana. Therefore, they are a bit weak when compared to traditional monitoring tools. They should work to improve their integration and graphical interfaces. Their visuals and graphs need to be better. They need better charts. These already exist in Kibana and should be in this solution as well.

Tiodor Jovovic - PeerSpot reviewer
Real User
Top 5
2022-11-24T11:00:58Z
Nov 24, 2022

The solution isn't really recognized in the market. They need to do a better job when they are marketing the solution. We'd like customers to have more visibility of it, and we'd like them to see how secure and highly effective it is. There needs to be more brand awareness. We have faced some obstacles when handling the implementation process. There are no templates available when integrating with other products. We sometimes need to find some workarounds. We'd like to see some more artificial intelligence capabilities.

PC
Real User
Top 5
2022-10-03T10:41:11Z
Oct 3, 2022

An area for improvement in Elastic Security is the pricing. It could be better. Right now, when you increase the volume of logs to be collected, the price also increases a lot.

KF
Real User
Top 20
2022-07-01T05:07:16Z
Jul 1, 2022

It's a pretty solid product. It's pretty easy to use as it's not a full endpoint protection suite. We're actually dependent on using Windows Defender for a firewall and traditional antivirus when it's required. It could use maybe a little more on the Linux side. Now that the product line is getting picked up by Elastic, they're going to continue to build out and make the Linux feature set more robust. However, I would say that right now the Linux feature set is a little limited.

WI
Real User
Top 20
2022-06-21T06:05:00Z
Jun 21, 2022

There is room for improvement in the Kibana dashboard and in the asset management for the program.

MF
Real User
Top 20
2022-05-20T17:40:00Z
May 20, 2022

It is difficult to anticipate and understand the space utilization, so more clarity there would be great.

Giuseppe Ragazzini - PeerSpot reviewer
Real User
Top 20
2022-04-06T19:47:30Z
Apr 6, 2022

Elastic doesn't have the features like other competitors in SIEM. For example, Dynatrace as a solution for SIEM has features that Elastic actually don't have. With Elastic, you have to build the use cases for the specific requirement. Other products have a simple integration and more use cases to integrate out-of-the-box solutions for SIEM. That's the improvement I would like to see.

Haitham AL-Sarmi - PeerSpot reviewer
Real User
2022-02-06T07:24:04Z
Feb 6, 2022

The SIEM modules in Logstash, need more improvement. In the future, the modules could be more advanced as right now there are only very basic modules. We are facing an issue with the engineers. In the region, there are not many available. Only a few people might be available in our particular region, which is a problem. There isn't really a very good user experience. You need a lot of training. There is an interface with limited options. You need to work with the coding and you need to work with the scripts. It's not simple. If you want to configure something, for example, you need to be a proper programmer. It would ideal if they had a dashboard. Right now, the only way to see what you need to see is to go through all of the logs.

TB
Real User
Top 10
2022-01-05T07:23:09Z
Jan 5, 2022

The Integration module could be improved. It is a pain to build integration with any product. We have to do parking and so on. It's not like other commercial solutions that use profile integration. I would also see more detection features on the SIEM side.

SA
Real User
2021-05-21T09:52:37Z
May 21, 2021

There should be a simulation environment to check whether my Elastic implementation is functioning perfectly fine. Other competitors provide a simulation environment so that I can simulate an IT attack and see how my solution is reacting or giving me alerts. I have not found any such feature in Elastic. Other solutions have their own Android and iOS applications that I can install on my mobile so that I am continuously connected to the SIEM. This is something missing in Elastic. There is no mobile app. Its documentation should be a bit better. I have to spend at least a couple of hours to find the solution for a simple thing. The documentation should be more precise and much better than what their counterparts are offering. When we buy Elastic, training is not included for free with Elastic. We have to pay extra for the training. They should include training in the price.

TW
Real User
2020-10-01T09:58:00Z
Oct 1, 2020

The biggest challenge has been related to the implementation. It's a very complex product which, without a lot of knowledge or a lot of training, it's very difficult to get into and make use of. They try and make a lot of the general features very simple to access; a lot of the dashboards are very simple to use and so forth, but a lot of the refined capabilities take serious skills. They're not necessarily the easiest to implement.

SA
Real User
2020-07-29T07:45:59Z
Jul 29, 2020

There are sensors called beats that have to be installed on all of the client machines, and there are seven or eight of them. As it is now, each beat needs to be configured separately, which can be quite hectic if my client has 1000+ machines. It would take a considerable period of time for us to complete the installation. They have begun working on this in the form of agents, which is a centralized management tool wherein all beats will be installed in a single stroke. The training that is offered for Elastic is in need of improvement because there is no depth to it. It hardly takes 15 or 20 minutes to complete a training session that they say will take two hours to finish. Clearly, something is missing. If a new engineer wants to work with Elastic then it is really very hard for them to understand the technology.

JM
Real User
2020-05-18T07:50:00Z
May 18, 2020

The signature security needs improvement. If you compare this with CrowdStrike or Carbon Black, they can improve.

it_user1247235 - PeerSpot reviewer
Real User
2020-04-28T08:50:48Z
Apr 28, 2020

The interface could be more user friendly because it is sometimes hard to deal with. The initial setup can be made easier.

JJ
Real User
2020-04-28T08:50:45Z
Apr 28, 2020

This solution is very hard to implement. It is not a simple product but rather, it has many features and we need to understand all of them. For example, there is the analytics, the parser, and the visualizer, and setting them all up is a little bit complex. In the next release of this product, I would like to see SOAR automation features, similar to what Splunk Phantom has.

TV
Real User
2019-11-13T05:29:00Z
Nov 13, 2019

The solution could offer better reporting features.

it_user1071018 - PeerSpot reviewer
Real User
2019-07-09T05:26:00Z
Jul 9, 2019

I think user interface could be improved. They should introduce a hybrid model, because for now, Endgame is purely on premises. They do not have a full-blown model. They don't market themselves that way, which is why customers lose out on a lot of information. They don't know if the product is worth the trial or not because it's an organization that is going completely in the direction of digital transformation on the cloud and then Endgame's automatically removed as an option for them. They wouldn't even know Endgame goes on the cloud, because the company does not market it. The solution could also use better dashboards. They need to be more graphical, more matrix-like.

Elastic Security is a robust, open-source security solution designed to offer integrated threat prevention, detection, and response capabilities across an organization's entire digital estate. Part of the Elastic Stack (which includes Elasticsearch, Logstash, and Kibana), Elastic Security leverages the power of search, analytics, and data aggregation to provide real-time insight into threats and vulnerabilities. It is a comprehensive platform that supports a wide range of security needs, from...
Download Elastic Security ReportRead more

Related Q&As

Related articles