Elastic Security Reviews

We want to track and to respond to our security incidents. That's the main reason we use it, to analyze and see like what all the incidents that are happening. We also deploy it for some of our clients.

The most valuable features are the speed, detail, and visualization. It has the latest standards.

In the case of DNS traffic or identification logs, you can actually use it on nondiscrimination laws. It has a good speed in which we can analyze the logs and the net flow.

The signature security needs improvement. 

If you compare this with CrowdStrike or Carbon Black, they can improve. 

I have been using Elastic SIEM for one year. 

It is stable.

Scaling is not a problem. Most of these products are cloud-native so we were able to scale it easily.

We are to implement it for smaller, medium, and bigger clients. I have done a few implementations with small and medium businesses and I've done a couple on the bigger side with bigger clients and we don't see much of a difference, but one of them can move down the fabric. With smaller and medium-sized businesses there is only one point of contact whereas with larger businesses there is a whole team that gets involved. 

There were a couple of instances where we were in touch with the Elastic support team. The DevOps team was primarily in touch with them. We were able to close all of the issues. There We didn't need to continuously have calls with support. We were able to close it on all forums.

Because I come from a technical background, I find the setup to be easy. It would also be easy for admins, like a manager or somebody who is on DevOps. But somebody without a background could find it complex. Overall, if you asked me to describe it is easy.

If we have to customizations, we can close it in a week's time, max, okay. So as he said to whatever that is, they're magnificent customizations that they want to do and internally what they want. But if we want to add certain rules or connection with the rules. 

I have expertise with Dell and I moved from it to Elastic because I had different projects and this was a natural extension. 

You have to decide to what level you're trying to go. Is it an SMB or larger enterprise? Because if it is a bigger enterprise there might be a lot of other cybersecurity products that are already installed on their premises. You need to check the compatibility and how it's going to integrate. 

Make sure it is easy to use and check to see what level you want to track. If there are incidents like unknown IPs and if you look at the logs and find there is no harm in the IPs there will be scrutiny on the endpoints. 

Consider what kind of team you're going to have and what their ability is to customize things, to connect to different logs. They should look at the operation and see how to customize it and connect it.  

Finally, consider your budget and how much you want to spend. 

I would rate it an eight out of ten. It is evolving every day on the security front but there are still certain areas that can be improved more.

In the next release, I'd like to see more improvements so that we can do more automation and have more automatic responses. That would be more helpful so that we don't have to delay the manual sources.

The intelligence of the system has been very impressive. It's not quite AI, but the technical bit where it correlates information, based on the attacks within an organization is good. The intelligence bit that it gathers from within itself is really good. It's pretty accurate and gives you good details to create an intelligence report and present that to your C-level management. 

I think user interface could be improved. They should introduce a hybrid model, because for now, Endgame is purely on premises. They do not have a full-blown model. They don't market themselves that way, which is why customers lose out on a lot of information. They don't know if the product is worth the trial or not because it's an organization that is going completely in the direction of digital transformation on the cloud and then Endgame's automatically removed as an option for them. They wouldn't even know Endgame goes on the cloud, because the company does not market it. 

The solution could also use better dashboards. They need to be more graphical, more matrix-like.

The solution is pretty stable.

I don't think I can comment on the scalability, because it wasn't in my use case. I was the only primary user; I was testing it because I was testing it against a competitor.

I haven't had to reach out to technical support.

The initial setup was a little complex.

We used a deployment consultant, but I installed it on my own.

It works well offline. It works on the cloud as well, but I doubt that it has 100% capability as it does on-premise. There's a difference. Endgame works very well when it's not connected to the internet as well. For example, if it's installed on a computer and the person's out on the road, it's still going to protect. Go through a good assessment of the Endpoint from an Endpoint security assessment methodology perspective.

I would rate this solution 7.5 out of 10 because I know of a solution that does better.