Elastic Cognitive Search, Insight Engine & Cybersecurity Solutions

Elastic Cognitive Search, Insight Engine and Cybersecurity: Comparisons, Review, Benefits, Use Cases, Pros & Cons

Author: Netify Research Team

If you have questions about Elastic and how their capability is aligned to your needs, email the Netify research team.
UK: uk@netify.co.uk North America: northamerica@netify.com

(Please use the UK email for ROW - Rest of the World - questions or inquiries)

Netify Review

Elastic offers a security (SIEM) and log management platform which is suitable for companies looking for a robust security stack to compliment existing connectivity solutions. The platform is not a SASE and does not offer any network underlay or overlay. 

Elastic Cloud uses SaaS applications to deploy and manage Elastic services from the cloud. Available in SME and Enterprise offerings, as well as being deployable in Kubernetes. The solution is very scalable, allowing clients to modify solutions to suit their business needs. 

The solution does offer a free service tier, however most companies will require paid tiers for more complex feature requirements. Previous customer reviews suggest that log management features are strong, although Elastic support is known to be weaker than other vendors in the market - often available only via email. 

About Elastic

Elastic was founded by Shay Banon, Steven Schuuurman, Uri Boness and Simon Willnauer in Amsterdam, Netherlands in 2012 when it was known as Elasticsearch and is currently headquartered in California, United States. In 2021, Elastic was recognised as a challenger Gartner Magic Quadrant for Insight Engines, as well as a Leader in the Forrester Wave for Q3 Cognitive Search.

The company acquired Swiftype for search and index software, endgame for endpoint security and build.security, a cloud security company with Infrastructure Detection and Response (IDR) and policy and compliance tools. 

What products and services do Elastic offer?

• Elastic Enterprise Search: an open search platform for database search, e-commerce, enterprise system offloading, customer support and workplace content websites or any application.
• Elastic Observability: observability platform built on the Elastic Stack (converges silos and delivers unified visibility and actionable insights).
• Elastic Security: includes SIEM, endpoint security, Extended Detection and Response (XDR), threat hunting and cloud security. 

Elastic (ELK) Stack:

• Elasticsearch: a search and analytics engine designed to store data for improved search speeds. 
• Kibana: allows clients to visualise their Elasticsearch data and offers an interface to navigate the Elastic Stack. 

SaaS:

• Elastic Cloud: managed cloud services deployable in public and multi-clouds (AWS, Azure, Google Cloud Platform).

Orchestration:

• Elastic Cloud Enterprise: scaled up cloud services for enterprise-level deployments.
• Elastic Cloud Kubernetes: run Elastic Cloud and Kibana in Kubernetes. 

What is the Elastic Security Solution?

Elastic Endpoint Detection and Response (EDR) is designed to prevent ransomware and malware attacks on endpoints such as macOS, Windows and Linux. It does this by host-based behaviour analytics and endpoint security, with corroboration to minimise the risk of false positives, with remote response action across distributed endpoints. 

The solution enhances SecOps visibility with dashboards, turnkey data collection and the ability to inspect hosts using Osquery for further context. 

The solution can be deployed in any environment, including hybrid networks and Faraday Cage when connecting to the cloud. Flexible licensing means no per-endpoint pricing, no high-stakes device count predictions and no artificial data caps. 

How does Elastic access cloud vendors?

Elastic Cloud allows clients to deploy Elastic Products in public, private and hybrid clouds and is available from AWS, Azure and Google Cloud. Elastic Cloud comes with built-in security 

Elastic SIEM

Elastic offer unified SIEM which includes threat detection and response capabilities across all IT environments. The solution handles data by pentabyte and includes direct access to years of archives stored in applications such as S3 in order to better understand current attacks. 

The solution uses a single unified agent to block ransomware and malware with uniform analysis from Elastic Common Schema. Behaviour-based rules automate the detection of suspicious activity whilst analysing threat behaviour. This will prioritise threats in alignment with the MITRE ATT&CK framework. Further anomaly detection, built by Machine Learning (ML) detects unknown threats. The solution can integrate with SOAR and ticketing workflow integrations. 

What is the Elastic Security Stack Platform?

The Elastic Security Stack (also known as the ELK Stack) offers:

• Elasticsearch: a distributed JSON-based engine that can search, analyse and store data. 
• Kibana: visualises data using waffle charts and heatmaps, with preconfigured dashboards for diverse data sources, live presentations and the ability to manage the solution from a single UI. 
• Strong capability for integration with Beats and Logstash, amongst others. 

What is the Elastic managed, co-managed and DIY services solution?

Managed Elasticsearch and Kibana for AWS, Azure and Google Cloud is Elastic's managed cloud offering with options to add machine learning features and hot-warm architectures for logging use cases. 

Clients will receive support from from the Elastic engineering team and are able to trial the service for free for 14 days before paying.