2020-04-28T08:50:45Z
Julia Frohwein - PeerSpot reviewer
Senior Director of Delivery at PeerSpot (formerly IT Central Station)
  • 0
  • 4

What needs improvement with Elastic SIEM?

Please share with the community what you think needs improvement with Elastic SIEM.

What are its weaknesses? What would you like to see changed in a future version?

14
PeerSpot user
14 Answers
PC
Consultant at RIPEN
Real User
Top 5
2022-10-03T10:41:11Z
Oct 3, 2022

An area for improvement in Elastic Security is the pricing. It could be better. Right now, when you increase the volume of logs to be collected, the price also increases a lot.

Search for a product comparison
Omar Mezrag - PeerSpot reviewer
CyberSecurity Specialist at a security firm with 11-50 employees
Real User
Top 10
2022-08-12T16:29:59Z
Aug 12, 2022

Elastic Security is no scale, which creates some limitations in joining diagrams without duplicated information and costs the customer in additional storage. This is made more problematic because Elastic Security provides a huge amount of searchable data, which is a great advantage in itself but is costly in terms of the number of servers used. These costs may surprise customers when comparing Elastic Security to other solutions, although it is worth the extra cost.

KF
Engineer at a tech services company with 501-1,000 employees
Real User
2022-07-01T05:07:16Z
Jul 1, 2022

It's a pretty solid product. It's pretty easy to use as it's not a full endpoint protection suite. We're actually dependent on using Windows Defender for a firewall and traditional antivirus when it's required. It could use maybe a little more on the Linux side. Now that the product line is getting picked up by Elastic, they're going to continue to build out and make the Linux feature set more robust. However, I would say that right now the Linux feature set is a little limited.

WI
Principal Cyber Security Manager at Ask4key
Real User
Top 20
2022-06-21T06:05:00Z
Jun 21, 2022

There is room for improvement in the Kibana dashboard and in the asset management for the program.

MF
Chief Operating Officer / SR. Project Manager at SCS
Real User
Top 20
2022-05-20T17:40:00Z
May 20, 2022

It is difficult to anticipate and understand the space utilization, so more clarity there would be great.

Giuseppe Ragazzini - PeerSpot reviewer
Project Delivery Manager at Spindox
Real User
Top 20
2022-04-06T19:47:30Z
Apr 6, 2022

Elastic doesn't have the features like other competitors in SIEM. For example, Dynatrace as a solution for SIEM has features that Elastic actually don't have. With Elastic, you have to build the use cases for the specific requirement. Other products have a simple integration and more use cases to integrate out-of-the-box solutions for SIEM. That's the improvement I would like to see.

Learn what your peers think about Elastic Security. Get advice and tips from experienced pros sharing their opinions. Updated: November 2022.
653,584 professionals have used our research since 2012.
Haitham AL-Sarmi - PeerSpot reviewer
Information Security Analyst at a financial services firm with 1,001-5,000 employees
Real User
Top 5
2022-02-06T07:24:04Z
Feb 6, 2022

The SIEM modules in Logstash, need more improvement. In the future, the modules could be more advanced as right now there are only very basic modules. We are facing an issue with the engineers. In the region, there are not many available. Only a few people might be available in our particular region, which is a problem. There isn't really a very good user experience. You need a lot of training. There is an interface with limited options. You need to work with the coding and you need to work with the scripts. It's not simple. If you want to configure something, for example, you need to be a proper programmer. It would ideal if they had a dashboard. Right now, the only way to see what you need to see is to go through all of the logs.

TeguhBudyantara - PeerSpot reviewer
Professional Services Manager at PT Korelasi Persada Indonesia
Real User
Top 5Leaderboard
2022-01-05T07:23:09Z
Jan 5, 2022

The Integration module could be improved. It is a pain to build integration with any product. We have to do parking and so on. It's not like other commercial solutions that use profile integration. I would also see more detection features on the SIEM side.

SA
Consultant at a computer software company with 5,001-10,000 employees
Real User
Top 5
2021-05-21T09:52:37Z
May 21, 2021

There should be a simulation environment to check whether my Elastic implementation is functioning perfectly fine. Other competitors provide a simulation environment so that I can simulate an IT attack and see how my solution is reacting or giving me alerts. I have not found any such feature in Elastic. Other solutions have their own Android and iOS applications that I can install on my mobile so that I am continuously connected to the SIEM. This is something missing in Elastic. There is no mobile app. Its documentation should be a bit better. I have to spend at least a couple of hours to find the solution for a simple thing. The documentation should be more precise and much better than what their counterparts are offering. When we buy Elastic, training is not included for free with Elastic. We have to pay extra for the training. They should include training in the price.

TW
I.T. Manager at a healthcare company with 51-200 employees
Real User
Top 10
2020-10-01T09:58:00Z
Oct 1, 2020

The biggest challenge has been related to the implementation. It's a very complex product which, without a lot of knowledge or a lot of training, it's very difficult to get into and make use of. They try and make a lot of the general features very simple to access; a lot of the dashboards are very simple to use and so forth, but a lot of the refined capabilities take serious skills. They're not necessarily the easiest to implement.

SA
Consultant at a computer software company with 5,001-10,000 employees
Real User
Top 5
2020-07-29T07:45:59Z
Jul 29, 2020

There are sensors called beats that have to be installed on all of the client machines, and there are seven or eight of them. As it is now, each beat needs to be configured separately, which can be quite hectic if my client has 1000+ machines. It would take a considerable period of time for us to complete the installation. They have begun working on this in the form of agents, which is a centralized management tool wherein all beats will be installed in a single stroke. The training that is offered for Elastic is in need of improvement because there is no depth to it. It hardly takes 15 or 20 minutes to complete a training session that they say will take two hours to finish. Clearly, something is missing. If a new engineer wants to work with Elastic then it is really very hard for them to understand the technology.

JM
Director of Engineering at a tech services company with 201-500 employees
Real User
2020-05-18T07:50:00Z
May 18, 2020

The signature security needs improvement. If you compare this with CrowdStrike or Carbon Black, they can improve.

KE
Cyber Security Consultant at a tech services company with 51-200 employees
Real User
2020-04-28T08:50:48Z
Apr 28, 2020

The interface could be more user friendly because it is sometimes hard to deal with. The initial setup can be made easier.

JJ
CEO at a tech services company with 51-200 employees
Real User
2020-04-28T08:50:45Z
Apr 28, 2020

This solution is very hard to implement. It is not a simple product but rather, it has many features and we need to understand all of them. For example, there is the analytics, the parser, and the visualizer, and setting them all up is a little bit complex. In the next release of this product, I would like to see SOAR automation features, similar to what Splunk Phantom has.

Related Questions
Faustine Chisasa - PeerSpot reviewer
Engineering Supervisor- Corporate Data Solutions and Services at TZ Telecoms. Corporation
Oct 2, 2021
Hi community, Grafana observability has Grafana for visualization and analytics, Loki for logs, Tempo for traces and Prometheus for metrics while ELK stack has tools like Elasticsearch for search, Logistash for logs and Kibana for visualization.  Which of these 2 platforms would you choose and why? Thank you.
See 1 answer
SC
AVP, Site Reliability Engineer at a financial services firm with 10,001+ employees
Oct 2, 2021
Hi @Faustine Chisasa,  I will go with ELK + Grafana. Elasticsearch is highly distributed, scalable and fast. You got power of storage. Logstash is highly pluggable and rich in plugins. You can use any buffer or streaming platform in Logstash pipeline example: RabbitMQ, Kafka, redis, etc. ELK has watchers alerts. S3 searchable snapshot is the best thing in the latest version of ELK which gives you long retention capabilities and search directly from S3 without restore to Elasticsearch.  Grafana can be used to connect to Elasticsearch and you can use all dashboard templates for monitoring. Metricbeat gives you metrics from On-premise, EC2, Pivotal, cloudfoundry, cloudwatch.  Functionbeat gives you cloudwatch logs.  Grafana needs a separate license and native agents. So all in all, a premium ELK license with open-source Grafana is the best stack for observability.  Cheers, Sunil. 
HAPPY BHALLA - PeerSpot reviewer
Senior Software Engineer at a tech services company with 501-1,000 employees
Sep 29, 2022
Dear community members,  I've been exploring Datadog vs ELK and I need your opinion about both of them in terms of performance, cost, and efficiency? Which one would you recommend?
2 out of 7 answers
TA
Cyber Security Consultant at a tech services company with 11-50 employees
Jun 21, 2021
Dear, Unfortunately, I can't say much about Datadog but I have used ELK for a short period.  And I can tell you not everything works the way it should. For example, I noticed heavy CPU usage for a Windows client on MS AD servers. I advise you to consider this if it's important to you. Good luck!
Shibu Babuchandran - PeerSpot reviewer
Regional Manager/ Service Delivery Manager at ASPL INFO Services
Jun 22, 2021
Datadog: Unify logs, metrics, and traces from across your distributed infrastructure. Datadog is the leading service for cloud-scale monitoring. It is used by IT, operations, and development teams who build and operate applications that run on dynamic or hybrid cloud infrastructure. Start monitoring in minutes with Datadog! Datadog features offered are:200+ turn-key integrations for data aggregationClean graphs of StatsD and other integrations Elasticsearch: Open Source, Distributed, RESTful Search Engine. Elasticsearch is a distributed, RESTful search and analytics engine capable of storing data and searching it in near real time. Elasticsearch, Kibana, Beats and Logstash are the Elastic Stack (sometimes called the ELK Stack). Elasticsearch provides the following key features:Distributed and Highly Available Search Engine.Multi Tenant with Multi Types.Various set of APIs including RESTful
Related Articles
Netanya Carmi - PeerSpot reviewer
Content Manager at PeerSpot (formerly IT Central Station)
May 2, 2022
PeerSpot’s crowdsourced user review platform helps technology decision-makers around the world to better connect with peers and other independent experts who provide advice without vendor bias. Our users have ranked these solutions according to their valuable features, and discuss which features they like most and why. You can read user reviews for the Top 8 Log Management Tools to help you d...
Related Articles
Netanya Carmi - PeerSpot reviewer
Content Manager at PeerSpot (formerly IT Central Station)
May 2, 2022
Top 8 Log Management Tools 2022
PeerSpot’s crowdsourced user review platform helps technology decision-makers around the world to...
Download Free Report
Download our free Elastic Security Report and get advice and tips from experienced pros sharing their opinions. Updated: November 2022.
DOWNLOAD NOW
653,584 professionals have used our research since 2012.