Elastic Security Other Advice
To those who plan to use Elastic Security, I suggest that they seek professional services if available. Elastic Security is not something you download, install, expect to work, and get desired results.
I rate the overall product a nine out of ten.
For a small organization, this solution works well. It may not be suitable for a bigger organization.
I'd rate the solution seven out of ten. There are a lot of reviews available online. People should go and take a look and learn about the solution themselves.
View full review »CC
reviewer2283003
Cyber Security Engineer II at a healthcare company with 10,001+ employees
The learning curve for Elastic Security is heavy. It becomes easier once you get into it and start using it as a user. We had to hire a separate team to help build the back end. Elastic Security is not an easy product to set up.
Elastic Security has better user usability and intuitiveness. It's hard to build the tool, but it is quick and has easy dashboards. Elastic Security is great once you get it built, but the build is the hardest part.
Overall, I rate Elastic Security a six out of ten.
Buyer's Guide
Elastic Security
April 2024
Learn what your peers think about Elastic Security. Get advice and tips from experienced pros sharing their opinions. Updated: April 2024.
769,065 professionals have used our research since 2012.
I rate Elastic Security nine out of 10. I can't speak to any of the other security features, but it works for logging and SIEM.
View full review »SA
reviewer1393731
Consultant at a computer software company with 5,001-10,000 employees
I would advise going for the latest version, but it may or may not be backward compatible. Nowadays, version 7.12 is the latest version, and I see that it is actually not compatible with the older versions.
I would rate Elastic SIEM a seven out of ten.
View full review »Elastic Security has a pretty easy setup for someone starting a cybersecurity career. You will have a taste of what CM solutions look like, how they work, and the workflow because it's pretty easy to set up. Many cool features exist even in an on-premises, free, open-source version. Using Elastic Security is a pretty nice way to start.
Overall, I rate Elastic Security a seven out of ten.
I'm using the latest version of the solution.
I'd recommend the solution to others.
I'd rate the solution eight out of ten.
View full review »KS
KarthikeyanSrinivasan
Sr Cloud Data Architect at Sun Cloud LLC
It is complex, but you just need to have patience and personnel to develop it. Unless you explore a technology, you won't know what are the pros and cons. I have not seen any cons as of now, but it has miles to go in terms of being equal to Splunk. It is a community-driven technology. So, it will get there.
I would rate this solution a seven out of 10.
View full review »The product has made amazing developments and has gone miles ahead in a short span of time when it comes to its enhanced threat detection and threat response capabilities.
The product has helped manage endpoint security since it serves as a single tool that provides all the functionalities together. After you deploy Elastic Security, you can do everything with it, and there is no need to buy separate products or licenses. Through the setup of Elastic ELK Stack, you can get all the functionalities like SIEM, SOC, threat detection, endpoint detection, user behavior analytics, data analytics, data lake analytics, virtualization, dashboarding, cross-referencing, and threat response.
Elastic Security's most beneficial for security needs steps from the tool's openness. The tool is a highly customizable product, allowing you to play with it as much as you want.
Speaking about real-time data analytics features in Elastic Security improve security posture, the real-time is not real-time natively. You need real-time streaming capabilities, for which you need something like Apache Kafka to stream data. The analytical power of Elastic Security is extremely high. If you can get me data in real-time, I can analyze data in real time with Elastic Security.
The product has introduced generative AI in the tool.
The product has covered all technological advancements a person can think of, and it also has a lot of roadmap for the future development of the solution. The tool is strong and capable.
Elastic Security offers one of the highest integration capabilities I have seen in any kit in the market. The tool offers a lot of out-of-the-box connectors and a lot of certification from a lot of providers across different areas. From a workflow perspective, if you are a customer using a proprietary tool with proprietary mechanisms to manage how work is done, then the integration offered by Elastic Security wouldn't be great. If you have an enterprise-grade product involving firewall solutions, SOC tools, endpoint tools, privilege access management solutions, or any other cybersecurity tools, Elastic Security's integration capabilities would work and help manage your workflows seamlessly.
One of my company's customers told me that the incident response time after the implementation of the product was reduced by half within the first few weeks of the rolling out of the solution in the company.
The product is very user-friendly since it offers generative AI in the dashboard. If you don't know how to do something on the dashboard, you can ask a question, and the solution will guide you. From a user perspective, I would say that the person using the product should be knowledgeable and should know what he wants. The product is not for someone who is a novice. The cybersecurity analyst working on the tool should have a fair understanding of what he wants to achieve with the product. It is okay if a cybersecurity analyst does not know how to write a query in the tool since the product offers help through generative AI. You can ask generative AI how to write a query, and it helps you. Elastic Security can be a bit difficult to use if a person only has experience in SMBs with tools like Zoho. The product can also be difficult for those who have never dealt with query language. It would be easy to move to Elastic Security for those who use Splunk, IBM QRadar, or other enterprise-grade tools.
I rate the overall tool a ten out of ten.
I'm a partner.
I'd advise others to take advantage of the documentation of the solution in order to get the most out of the product.
In general, I'd rate the solution eight out of ten.
View full review »MF
Maria Foss
Chief Operating Officer / SR. Project Manager at SCS
There's a lot of fine-tuning involved with this solution. When you go to a diner, and the menu has everything on it, and you can't figure out which part to look at first, it's a double-edged sword. You can do everything with this solution, which means you have to figure out which part of "everything" makes sense for your company to do.
I would rate this solution as an eight out of ten. It's a good value for money and a reliable solution, but it's heavily reliant on appropriate configuration.
View full review »I would rate this solution 7 out of 10.
It's a good solution and I would recommend it, but there are other products that have more features that Elastic doesn't have.
View full review »We are a partner.
I'd advise others considering the solution that ELK is a good solution, however, it requires skills and capability. You need to be properly trained with it to get the most out of it.
I would rate the solution at a five out of ten.
View full review »SC
reviewer1602072
AVP, Site Reliability Engineer at a financial services firm with 10,001+ employees
I would recommend this solution for an organization that doesn't require a highly secured environment, because they'll have to deal with the issues of VM upgrades and installations. If it's a highly secured environment like a bank, then I suggest ELK cloud instead of on-prem.
I rate this solution a seven out of 10.
I rate the overall product an eight out of ten.
I would rate Elastic Security a nine out of ten.
View full review »SK
reviewer2285439
Executive Cybersecurity at a computer software company with 11-50 employees
Overall, I would rate the solution an eight out of ten. We are still evaluating Elastic Security, but we are interested in learning more about its capabilities.
View full review »RI
reviewer2198715
DevOps Engineer at a tech services company with 51-200 employees
I would recommend using it, especially if you have a microservice architecture. I also have a friend who has been using it for some big data projects, so I would recommend it for that as well.
Overall, I would rate the solution a nine out of ten.
View full review »CN
CharlesNetshivhera
Senior DevOps Engineer at a financial services firm with 10,001+ employees
Do a POC first. They should compare solutions and also look at different log formats they're trying to ingest. See how it really fits with the use case. This goes for ELK and Graylog. You can trial the enterprise version. In terms of lessons learned it does need some time and resources. It also needs adequate planning. You need to follow the documentation clearly and properly. I would give this solution 8 out of 10.
IA
Igor Azarny
Head of Platform Development at Patrianna
I would rate the solution a seven out of ten.
View full review »AM
reviewer2125281
Intern Cybersecurity at a computer software company with 10,001+ employees
I rate Elastic Search seven out of 10. I would recommend it for people who are using it to learn about solutions, but I don't think it's capable of doing the work on an enterprise level.
View full review »This product is better suited for large enterprises. It's one of the best options in the marketplace. I would tell potential users to use all the features because they are already collecting all the logs and data in one place.
On a scale from one to ten, I would give Elastic Security an eight.
View full review »I would rate the tool a seven out of ten. The solution has a very active community with troubleshooting cases. You need to consider the growth rate and environmental complexity when buying the product. If you need to use a multi-node or cluster version, then install it during initiation itself. So that you don't need to do the same procedure in the next three to six months.
View full review »PC
PH Chiu
Consultant at RIPEN
I've had customers for Elastic Security in the last twelve months.
Elastic Security requires maintenance, especially in a scaled-up environment, because you have multiple machines that work in a cluster environment, so you'll need some advanced skills to maintain that cluster. The solution becomes harder to maintain once it's scaled up.
Elastic Security is a pretty straightforward solution I'd recommend to others, though you'd need a person who'll pick up the query or search language because Elastic Security requires a lot of query language, so you can search for data on it. There's a special search query pattern you have to remember before you can do the search or for you to do a better search. You can always do a normal search on Elastic Security, but if you want to have better search results or more accurate results, you need to learn the query language first.
My rating for Elastic Security is eight out of ten because of its good performance and scalability. Its good search feature is very important for the use cases of my customers, but I deducted two points because the pricing for Elastic Security could still be improved.
View full review »LM
reviewer1569672
Devops/SRE tech lead at a transportation company with 201-500 employees
We are a customer and an end-user. We do not have a business relationship with ELK.
The solution is deployed on Kubernetes in Azure.
I would advise other companies and users not to mix monitoring and logging. It's not the same purpose. Many people do monitoring by scanning logs. It's not a good idea. The good idea is to monitor separately. In case of incidents, you have to monitor metrics and logins for the root cause. It's important to separate this, and not treat them as the same thing.
I'd rate the solution at an eight out of ten.
View full review »SA
reviewer1393731
Consultant at a computer software company with 5,001-10,000 employees
My advice to anybody who is considering this product is that it is a very competitive tool that is very new in the market and the vendor is doing their best to improve services. I highly recommend it and suggest that people choose it without a second thought.
I would rate this solution an eight out of ten.
View full review »I would rate the product an eight out of ten. You should use the solution if you want to have a very detailed machine-learning artificial intelligence. However, for certain production licenses, you need to prepare. It is open to different configurations and can just fit according to your requirements. This is one of the solution's good parts.
View full review »For new customers, this is a perfect choice. For older customers, it's very difficult to change solutions.
I'd rate the solution eight out of ten.
View full review »I rate Elastic Security nine out of 10.
View full review »SD
Steve Drill
VP Platform Engineering at Hydrogen
We're just customers and end-users. We don't have a business relationship with the company.
We're using the latest version of the solution.
The product in general has come very far. It's gotten a lot better over the years.
I'd recommend the solution to other organizations. I'd advise anyone to try it out.
Overall, I would rate it at an eight out of ten. We've largely been very pleased with the product.
Our company uses Logstash for gathering the data, and Kibana for searching. The two are used together.
This is a solution that I recommend. It is the best open-source product for people working in SO, managing and analyzing logs.
I would rate this solution an eight out of ten.
View full review »MU
reviewer2263155
Lead Security Engineer at a tech services company with 201-500 employees
I am a security engineer and I have a team of security engineers. We are an MSSP that provides security services to different clients. For example, a customer might need us to monitor their infrastructure, so they'd provide us access to their SIEM and monitoring tools. Similarly, one of our clients in UAE approached us to monitor their infrastructure, and I learned that they are using Elastic Security as an SIEM. I wanted to ensure that my team and I were comfortable using this solution to get clients to use this product.
I rate Elasticsearch a six-point five out of ten.
To anyone planning on choosing Elasticsearch, I advise you to know your infrastructure first and then plan how many instances you'll need. Consider how the number of devices and your business will grow, and plan accordingly. Then, deploy the solution according to the best practices. Once deployed, make sure you organize your integrations so that the solution is easy to manage in the long run because when you have more than 200,000 or 300,000 log sources feeding logs into your ELK, it will be very tough to manage.
View full review »RJ
reviewer1411278
Big Data Team Leader at a tech services company with 51-200 employees
I would say you don't spend too much time evaluating and comparing it with other products. Just start with it because you can begin for free and gain knowledge. It's the best approach.
It's also a good idea to run it next to other solutions, like Splunk or QRadar, or something else, and compare how you can use this platform. We have also done some migration projects from these platforms to Elastic Security. Initially, some expectations were that it could not be as good for the price because it's free or cheaper, but surprisingly, we found it valuable and easy to use.
Overall, I rate it a seven out of ten because some features are still missing. However, it's a developing platform and technology that is a good investment for the future. Every release adds new features, and the platform fits future requests and changing IT landscapes, like cloud environments. There are no limits, and it's an open platform that can serve all needs.
View full review »KF
reviewer1596219
Engineer at a tech services company with 501-1,000 employees
WI
Wan Ikbal Ismat W.
Principal Cyber Security Manager at Ask4key
I would rate this solution as a seven out of ten.
View full review »ER
reviewer1363986
IT at a tech vendor with 10,001+ employees
We're ELK customers. Mostly I'm a specialist on the infrastructure of the solution.
The solution is perfect as long as you are using it for forensics. In terms of threat detection, it could be better. There could be another product that is more appropriate for that aspect.
I'd rate the solution eight out of ten.
View full review »TV
reviewer1222155
Manager- Information Security at a tech services company with 51-200 employees
I'd advise others to definitely do a POC, and have a plan for at least a couple of months, to see the benefits of it and then decide if it's the right solution for them.
You would need some kind of technical knowhow, not on the product, but on the kinds of incidents which you could face. You need some hands-on knowledge.
I'd rate the solution eight out of ten. The solution is effective. They even offer Mac versions now.
View full review »GA
reviewer2227065
Presales Solutions Architect (Cyber Security) at a tech services company with 11-50 employees
I think they are doing a pretty good job in terms of the user interface and also the user experience. I think in terms of the basic features and also the user experience, it is enough for us to support our daily operations.
Overall, I would rate the solution a seven out of ten.
TW
reviewer1269834
I.T. Manager at a healthcare company with 51-200 employees
In our case, being a medium-sized business, it takes a lot of resources to learn how to properly use and implement it — you need to have a good understanding. They give you a very good framework and a very good solution to work with, but there's a lot of intuition that's required to actually make it work well. It requires a lot more effort than they would lead you to believe or that you would even expect.
On a scale from one to ten, I would give this solution a rating of eight. This is based on my experiences from the past as we're still implementing it.
View full review »FB
Fazil BasheerSyed
Technical Team Lead at Quester
When my colleague set up this application, it was configured such that every seven days, the data is archived into long-term storage. When I needed something from the archived logs, it was easy to retrieve and I could look through them again. This is something that I would suggest doing.
My suggestion for anybody who is implementing ELK Logstash is to make sure that the entire team knows how to use it. If only one person knows it and takes care of it, then it is not a very productive experience. On the other hand, if everybody is familiar with it, the experience will be much better.
This is definitely a product that I recommend using.
I would rate this solution an eight out of ten.
View full review »MA
Maxime AGARIM
Junior System Engineer at Efficom-lille
Think carefully about how you will build the solution so that it is a high-availability solution. That is the trick when using Elastic Stack. Examine what your needs are.
I would rate Logstash at eight out of 10. I think the solution is really complete, with the components it has. It is a good solution.
View full review »MR
MarioReale
Cloud Engineer at GARR
My advice for anybody who is implementing this system is to set it up so that you can manage it remotely.
Overall, this product does what it is supposed to do, although there is always room for improvement.
I would rate this solution a nine out of ten.
View full review »The solution can take up to 20 minutes to maintain when needed.
I rate Elastic Security a seven out of ten.
View full review »YS
Yogesh-Sharma
DevOps Engineer at a computer software company with 1,001-5,000 employees
I rate it at eight out of 10. It is scalable (if used properly), durable, and performance tested.
If you are good to spend money, Splunk is way better for log management. There might be other use cases where you may need ELK.
View full review »PP
Prabhanshu Pandit
Programmer at a tech services company
I give it a seven out of 10. They don't provide user authentication and authorisation features (Shield) as a part of their open-source version.
View full review »RG
Rubén García
Desarrollador Java Senior Full Stack at Optimissa Capital Markets Consulting
I would rate this solution eight out of ten.
View full review »SM
reviewer1433385
Associate Director - Solutions at a comms service provider with 1,001-5,000 employees
My advice is that this is a good product to use if you are financially contained, and you want to start with something small. Later, if you need to scale then you can look at other options.
I would rate this solution an eight out of ten.
View full review »JC
reviewer1187142
Senior Tech Engineer at a tech services company with 1,001-5,000 employees
We are just customers and end-users.
I would advise others to use this solution. It's relatively low cost and the implementation is quick, giving you results faster.
I would rate the solution at an eight out of ten overall.
View full review »We are interested in learning more about plugins for specific firewalls or other products.
The only problem with this solution is the development part, where we have to do it manually.
I would rate this solution a six out of ten.
SA
reviewer1269303
Senior Manager Analytics at a financial services firm with 501-1,000 employees
Anyone who wants to do IT log monitoring, realtime and who wants to do the anomaly detection, should go with this solution.
So far from what we have seen, I would rate this solution a nine out of ten.
View full review »TB
TeguhBudyantara
Professional Services Manager at PT Korelasi Persada Indonesia
I rate Elastic SIEM eight out of 10. Elastic is easy, lightweight, and highly scalable, but you need to be skilled at scripting to use it. If you're going to use the product, you need to ensure your engineers have the scripting ability.
View full review »AR
reviewer991806
Founder & Chief Executive Officer at a consultancy with 11-50 employees
You should know this solution pretty well. You need to be clear beforehand for what you are going to use this product. This is not something that you can use generally for anything and everything. You should be really clear in terms of your requirements.
I would rate ELK Logstash a nine out of ten.
View full review »This solution is complex and cannot be used by just anybody. That said, for people who don't want to buy a product or who want to do everything themselves, I would recommend it. The real problem is that its complexity means that it takes a lot of time to set up and learn to use. There is a lot of configuration and hard work.
I would rate this solution an eight out of ten.
View full review »JJ
reviewer1331592
CEO at a tech services company with 51-200 employees
My advice to anybody who is implementing Elastic SIEM is to understand how the data works first. It is really different from other types of products.
Overall, the product is very stable and it is well-liked. I think that everybody should consider using it.
I would rate this solution an eight out of ten.
View full review »KL
reviewer1536138
DevOps Manager at a tech services company with 11-50 employees
SN
reviewer1174176
Associate Delivery Lead at a tech services company with 1,001-5,000 employees
Based on my experience, it's quite easy and manageable with small scale implementations, and the time to market is quite fast. I can have good monitoring with a couple of use cases set up in less than four weeks.
In terms of other advice, it depends what I am looking for. Am I looking at this as a platform or for a specific use case? If I see it as a platform, I would definitely say it's a good platform to work on. In that case, I would rate it an eight on a scale of one to ten.
View full review »JM
reviewer1341687
Director of Engineering at a tech services company with 201-500 employees
You have to decide to what level you're trying to go. Is it an SMB or larger enterprise? Because if it is a bigger enterprise there might be a lot of other cybersecurity products that are already installed on their premises. You need to check the compatibility and how it's going to integrate.
Make sure it is easy to use and check to see what level you want to track. If there are incidents like unknown IPs and if you look at the logs and find there is no harm in the IPs there will be scrutiny on the endpoints.
Consider what kind of team you're going to have and what their ability is to customize things, to connect to different logs. They should look at the operation and see how to customize it and connect it.
Finally, consider your budget and how much you want to spend.
I would rate it an eight out of ten. It is evolving every day on the security front but there are still certain areas that can be improved more.
In the next release, I'd like to see more improvements so that we can do more automation and have more automatic responses. That would be more helpful so that we don't have to delay the manual sources.
View full review »It works well offline. It works on the cloud as well, but I doubt that it has 100% capability as it does on-premise. There's a difference. Endgame works very well when it's not connected to the internet as well. For example, if it's installed on a computer and the person's out on the road, it's still going to protect. Go through a good assessment of the Endpoint from an Endpoint security assessment methodology perspective.
I would rate this solution 7.5 out of 10 because I know of a solution that does better.
View full review »Buyer's Guide
Elastic Security
April 2024
Learn what your peers think about Elastic Security. Get advice and tips from experienced pros sharing their opinions. Updated: April 2024.
769,065 professionals have used our research since 2012.