Elastic Security Room for Improvement

Don Jarmon - PeerSpot reviewer
Information Security Manager at Huntsville Utilities

With Elastic Security, the challenge arises from the fact that there is a learning curve in relation to queries and understanding the query language provided to extract usable data. You have to understand what kind of queries to create quickly to get the information you need out of the system, as it ingests the information into a database, and then you have to do custom queries to extract the information.

In the future, I would like to see better reporting capabilities provided by Elastic Security. It has the ability to create custom reports, but a lot of it has to do with how the service provider helps generate reports. It may be a challenge if you just want an ad hoc report and stuff.

View full review »
Nikhil-Kumar - PeerSpot reviewer
Assistant Manager - IT Security at Photon inc

The user interface could be simpler. It can be complicated for some who aren't familiar with it.

We'd like better premium support.

View full review »
CC
Cyber Security Engineer II at a healthcare company with 10,001+ employees

It's a little bit of a learning curve to understand the logic of searching for things and trying to find what you're looking for in Elastic Security. You have to understand because it's not all formatted the same. My last SIEM had a whole drop-down where you literally could click on whatever data source you wanted to look at.

It's not like that in Elastic Security. Sometimes, it's a drop-down, and sometimes it's like a specific thing inside something else. You have to get in there and understand your environment to really know where your data is. Trying to find what you're looking for if you don't know the environment is extremely hard in Elastic Security.

View full review »
Buyer's Guide
Elastic Security
March 2024
Learn what your peers think about Elastic Security. Get advice and tips from experienced pros sharing their opinions. Updated: March 2024.
765,386 professionals have used our research since 2012.
Matthew DeGrandis - PeerSpot reviewer
System Administrator at a financial services firm with 11-50 employees

Elastic Security has a steep learning curve, so it takes some time to tune it and set it up for your environment. There are some costs associated with logging things that don't have value. So you need to be cautious to only log things that make sense and keep them around for as long as you need. You shouldn't hold onto things just because you think you might need them.

View full review »
SA
Consultant at a computer software company with 5,001-10,000 employees

There should be a simulation environment to check whether my Elastic implementation is functioning perfectly fine. Other competitors provide a simulation environment so that I can simulate an IT attack and see how my solution is reacting or giving me alerts. I have not found any such feature in Elastic.

Other solutions have their own Android and iOS applications that I can install on my mobile so that I am continuously connected to the SIEM. This is something missing in Elastic. There is no mobile app.

Its documentation should be a bit better. I have to spend at least a couple of hours to find the solution for a simple thing. The documentation should be more precise and much better than what their counterparts are offering.

When we buy Elastic, training is not included for free with Elastic. We have to pay extra for the training. They should include training in the price.

View full review »
Janis Cimins - PeerSpot reviewer
Information Technology Security Specialist at IPro SIA

Presentation-wise, the dashboards are not that pretty from an aesthetic point of view. Regarding usability, you should be familiar with the Elastic syntaxes and how to use them, or else it can be pretty hard. The solution's query building is not that intuitive compared to other solutions.

View full review »
. - PeerSpot reviewer
Governance and Compliance Manager at NBS Bank

We aren't expecting any new features in the next release, We have everything we need. 

Technical support could respond faster.

View full review »
HamadaElewa - PeerSpot reviewer
Technical Sales Manager at Spire Solutions

It would be better if Elastic Security had less storage for data. My customers do not like this. Other vendors have local support in different countries, but Elastic Security doesn't. I would like to have Operational Technology (OT) Security in the next release.

View full review »
KS
Sr Cloud Data Architect at Sun Cloud LLC

We are paying dearly for the guy who is working on the ELK Stack. That knowledge is quite rare and hard to come by. For difficulty and availability of resources, I would rate it a five out of 10.

View full review »
Prasanth Prasad - PeerSpot reviewer
Director of Technology at a tech vendor with 11-50 employees

There is a constant evolution in the product. I think that the solution has a strong roadmap in place. I believe that the tool is going to be a leader in a lot of spaces, considering that it is evolving at a fast rate.

From an improvement perspective, the product should be easier to use for those who don't know query language and have experience with only some basic products in the market.

View full review »
Sinan ŞENGÖR - PeerSpot reviewer
Solutions Consultant at a tech services company with 5,001-10,000 employees

The solution wasn't designed for monitoring at first. It was for search and stack logs and for working with solutions like Kibana. Therefore, they are a bit weak when compared to traditional monitoring tools. 

They should work to improve their integration and graphical interfaces. Their visuals and graphs need to be better. They need better charts. These already exist in Kibana and should be in this solution as well. 

View full review »
MF
Chief Operating Officer / SR. Project Manager at SCS

It is difficult to anticipate and understand the space utilization, so more clarity there would be great.

View full review »
Giuseppe Ragazzini - PeerSpot reviewer
Project Delivery Manager at Spindox

Elastic doesn't have the features like other competitors in SIEM. For example, Dynatrace as a solution for SIEM has features that Elastic actually don't have.

With Elastic, you have to build the use cases for the specific requirement. Other products have a simple integration and more use cases to integrate out-of-the-box solutions for SIEM. That's the improvement I would like to see.

View full review »
Haitham AL-Sarmi - PeerSpot reviewer
Information Security Analyst at a financial services firm with 1,001-5,000 employees

The SIEM modules in Logstash, need more improvement. In the future, the modules could be more advanced as right now there are only very basic modules.

We are facing an issue with the engineers. In the region, there are not many available. Only a few people might be available in our particular region, which is a problem. 

There isn't really a very good user experience. You need a lot of training. There is an interface with limited options. You need to work with the coding and you need to work with the scripts. It's not simple. If you want to configure something, for example, you need to be a proper programmer.

It would ideal if they had a dashboard. Right now, the only way to see what you need to see is to go through all of the logs. 

View full review »
SC
AVP, Site Reliability Engineer at a financial services firm with 10,001+ employees

The troubleshooting or diagnostic tool can be improved to provide a better understanding of internal behavior and how data is stored. It would also be helpful if they were to release the next version as a plugin or an extension, or as a JAR file, for the latest features. When releasing a new version they currently provide a new stack which means everything needs to be removed before the new version is installed. 

View full review »
Vikas Dusa - PeerSpot reviewer
Cyber Security Trainer and Programmer at freelancer

Improvements in Elastic Security could include refining and normalizing queries to make them more user-friendly, enhancing the user experience with better documentation, and addressing any latency issues.

View full review »
Haroon Khand - PeerSpot reviewer
Head of Business Development at Qavi Technologies

Elastic has one problem. In the past, Elastic Security was free. Now, they currently only offer the basic license or a certain period of time. 

The platinum and enterprise level features aren't offered in the free version and most organizations use the free version. They don't pay for the paid features. That's a problem in the market from the Elastic side. They should have a way for everybody to be able to benefit from the premium features. 

View full review »
SK
Executive Cybersecurity at a computer software company with 11-50 employees

One limitation of Elastic Security is that it does not have built-in workflows for all tasks. For example, if you need a workflow for compliance, you will need to create a custom workflow.

Sometimes, different types of clients require different workflows. And it absolutely varies from context to context. So that is often not available in [Elastic Security].

Additionally, the list of data sources that Elastic Security supports is limited. If you need to collect data from a system or application that is not on the list, you will need to develop a custom integration.

View full review »
RI
DevOps Engineer at a tech services company with 51-200 employees

There is an area of improvement in the Logs list. The load list may need to be paginated as there are limits. So if you are looking for logs for a specific application, you may get 50 lines of logs, but then you are lost. You need to add more features to specify your request so you can get the final result. It would be better to have additional features to specify your request and get the complete result.

View full review »
CN
Senior DevOps Engineer at a financial services firm with 10,001+ employees

We're using the open-source edition, for now, I think maybe they can allow their OLED plugin to be open source, as at the moment it is commercialised. We are planning to go into the production to use the enterprise edition, we just wanted to check how this one works first.  I think maybe on the last exercise part, I think the index rotation can be improved. It's something that they need to work on. It can be complex on how the index, all the logs that have been ingested, the index rotation can be challenging, so if they can work on that. In terms of ingestion, I think they should look at incorporating all operating systems. It should be easy to collect logs from different sources without a workaround to push the logs into the system. For example, in AIX, there's no direct log shipper so you do need to do a bit of tweaking there.

View full review »
IA
Head of Platform Development at Patrianna

The tool should improve its scalability. 

View full review »
AM
Intern Cybersecurity at a computer software company with 10,001+ employees

The setup process is complex. You need a solid working knowledge of networking, operating systems, and a little programming. 

View full review »
SoheylNorozi - PeerSpot reviewer
IT Consultant at a tech services company with 51-200 employees

Elastic Security's maintenance is hard and its scalability is a challenge. There are complications in scaling and upgrading. The solution needs to also provide periodic upgrade checks. 

View full review »
PC
Consultant at RIPEN

An area for improvement in Elastic Security is the pricing. It could be better. Right now, when you increase the volume of logs to be collected, the price also increases a lot.

View full review »
LM
Devops/SRE tech lead at a transportation company with 201-500 employees

Using ELK the first time there was a lack of security. We had to buy the paid version due to the fact that we needed to secure access to Kubernetes.

The problem with ELK is it's difficult to administer. When you have a problem, it can be very, very difficult to rebuild indexes. In fact, you have to monitor the stack and it's very, very difficult. Sometimes we lose indexes or we have nothing on the dashboard.

View full review »
SA
Consultant at a computer software company with 5,001-10,000 employees

There are sensors called beats that have to be installed on all of the client machines, and there are seven or eight of them. As it is now, each beat needs to be configured separately, which can be quite hectic if my client has 1000+ machines. It would take a considerable period of time for us to complete the installation. They have begun working on this in the form of agents, which is a centralized management tool wherein all beats will be installed in a single stroke.

The training that is offered for Elastic is in need of improvement because there is no depth to it. It hardly takes 15 or 20 minutes to complete a training session that they say will take two hours to finish. Clearly, something is missing. If a new engineer wants to work with Elastic then it is really very hard for them to understand the technology. 

View full review »
Saad Leghari - PeerSpot reviewer
Lead Enterprise Architect at a tech consulting company with 51-200 employees

The tool needs to integrate with legacy servers. Big companies can have legacy servers that may not always be updated. 

View full review »
Tiodor Jovovic - PeerSpot reviewer
Chief Business Officer at Sky Express

The solution isn't really recognized in the market. They need to do a better job when they are marketing the solution. We'd like customers to have more visibility of it, and we'd like them to see how secure and highly effective it is. There needs to be more brand awareness. 

We have faced some obstacles when handling the implementation process. 

There are no templates available when integrating with other products. We sometimes need to find some workarounds. 

We'd like to see some more artificial intelligence capabilities.

View full review »
Sudeera Mudugamuwa - PeerSpot reviewer
Co-Founder at a tech vendor with 51-200 employees

I would like more ways to manage permissions and restrict access to certain users. 

View full review »
SD
VP Platform Engineering at Hydrogen

Sometimes, the solution isn't the easiest to use.

The solution probably doesn't have all of the advanced machine learning like some other SIEM providers have right now. It's something that could be improved upon.

View full review »
it_user782697 - PeerSpot reviewer
Security Operation Center Analyst at Sadad

The documentation for this solution is very important, and more needs to be developed. It was not as good as we expected, and because of that, we prefer to work on commercial solutions such as Splunk or ArcSight. If the documentation were improved and made more clear for beginners, or even professionals, then we would be more attracted to this solution.

As you gather more and more data, and the data continues to grow, I think it is difficult to handle, administer, and perform declustering.

I would like to see support for machine learning, where it can make predictions based on the data that it has learned from our environment.

View full review »
MU
Lead Security Engineer at a tech services company with 201-500 employees

There are a lot of things that could be improved. For example, if I talk about Sentinel, the automation of the server component is very cool. But when it comes to Elastic, I don't see that. I think we need to come up with other solutions to make it possible to automate the response. This is easier in Azure Sentinel.

Then if I come to integration, for example, there is a product from IBM called QRadar. They provide a very managed way to manage your integrated log sources. For example, you will get a list in one pane where you can segregate logs based on their log type. For example, it could be based on Windows or Linux. Even within them, you can segregate them based on their application. You can tag them. But in Elasticsearch, you will get all of these in one place, in a raw form which is not very presentable. You cannot visualize those log sources pretty well. Although you can visualize logs pretty well through dashboards and graphs, when it comes to integrated devices, management for those devices is missing. And wherever I use Elasticsearch, it takes a lot of time to reload or load. It is very time-consuming.

View full review »
RJ
Big Data Team Leader at a tech services company with 51-200 employees

In terms of improvement, there could be more automation in responding to and evaluating detections. Additionally, there could be some sort of intelligent database checking for better effects. Overall, I think there could be more automation.

View full review »
KF
Engineer at a tech services company with 501-1,000 employees

It's a pretty solid product. It's pretty easy to use as it's not a full endpoint protection suite. We're actually dependent on using Windows Defender for a firewall and traditional antivirus when it's required. It could use maybe a little more on the Linux side. Now that the product line is getting picked up by Elastic, they're going to continue to build out and make the Linux feature set more robust. However, I would say that right now the Linux feature set is a little limited.

View full review »
WI
Principal Cyber Security Manager at Ask4key

There is room for improvement in the Kibana dashboard and in the asset management for the program.

View full review »
ER
IT at a tech vendor with 10,001+ employees

The solution is lacking some features of AI and machine learning. There may be a feature out there we are not using or maybe it's on a different solution, however, having more AI would be so helpful for us.

The solution needs to be more reactive to investigations. We need to be able to detect and prevent any attacks before it can damage our infrastructure. Currently, this solution doesn't offer that.

I know there are some features which are coming, and which is already available. To be honest, I haven't had any time to play around and check what could be the advantages of them. Compared to other products, already the features available - and there are lots of things which are provided - are quite useful. We are not managing it. We're only using it. For us, if we had the technical skills to manage the solution, we might be able to see and understand a few features that we're not already taking advantage of.

View full review »
TV
Manager- Information Security at a tech services company with 51-200 employees

The solution could offer better reporting features.

View full review »
GA
Presales Solutions Architect (Cyber Security) at a tech services company with 11-50 employees

I think because we are a cybersecurity company, the thing that can be improved is the prebuilt tools, especially quality. Compared to its competitor, they still have fewer prebuilt security rules. Elastic Security, in terms of generating alerts, cannot group the same products into one another. Even though the alerts are the same, they still generate them one by one. So, it is very noisy in our dashboard. I would like the Elastic Security admin to group all the same alarms into one alarm so that our dashboard is not noisy.

View full review »
TW
I.T. Manager at a healthcare company with 51-200 employees

The biggest challenge has been related to the implementation. It's a very complex product which, without a lot of knowledge or a lot of training, it's very difficult to get into and make use of. They try and make a lot of the general features very simple to access; a lot of the dashboards are very simple to use and so forth, but a lot of the refined capabilities take serious skills. They're not necessarily the easiest to implement.

View full review »
FB
Technical Team Lead at Quester

I would like the process of retrieving archived data and viewing it in Kibana to be simplified.

We ran into trouble once or twice regarding problems with timestamps that came about because of issues with memory. Consequently, the correct data was not logged and it had to be done again.

View full review »
MA
Junior System Engineer at Efficom-lille

Our system architect has noticed a slowdown of the solution, but I don't see a slowdown.

One thing they could add is a quick step to enable users who don't have a solid background to build a dashboard and quickly search, without difficulty.

View full review »
MR
Cloud Engineer at GARR

Configuring the server is difficult and can be improved.

I would like to have a high availability set up that is easy to configure. Anything that supports high availability or ease of deployment in a highly available environment would help to improve this solution.

View full review »
Mustafa Husny - PeerSpot reviewer
Senior System Engineer at Techline-eg

Elastic Security could improve the documentation. It would help if they were more simple and clean.

View full review »
YS
DevOps Engineer at a computer software company with 1,001-5,000 employees

Authentication is not a default in Kibana. We need to have another tool to have authentication and authorization. These two should be part of Kibana.

View full review »
PP
Programmer at a tech services company

Email notification should be done the same way as Logentries does it. Because of the notification issue we moved to Logentries, as it provides a simple way to get notification whenever a server encounters an error or something unexpected happens (which we have defined using Regex).

We set up a cron job to delete old logs so that we wouldn't hit a disk space issue. Such a feature should be available in the UI, where old logs can be deleted automatically. (Don’t know if this feature is already there).

View full review »
RG
Desarrollador Java Senior Full Stack at Optimissa Capital Markets Consulting

The price of this product could be improved, especially the additional costs. I would also like to see better-quality graphics.

View full review »
JC
Senior Tech Engineer at a tech services company with 1,001-5,000 employees

This type of monitoring is not very mature just yet. We need more real-time information in a way that's easier to manage.

We need to be able to monitor from any location in the world and any location in the company. We find that solutions such as Dynatrace and Datadog offer much more functionality, perhaps due to the fact that they are more mature.

The solution needs to integrate more AI capabilities, specifically to assist in anomaly detection.

The instrumentation of APM can be enhanced; can be better. It's not automated. It's a very manual process. This ends up being more costly for us. Dynatrace and Datadog are better in this area.

The support on offer could be much better.

View full review »
it_user771693 - PeerSpot reviewer
Works at a comms service provider with 51-200 employees

There are connectors to gather logs for Windows PCs and Linux PCs, but if we have to get the logs from Syslog then we have to do it manually, and this should be automated.

It would be good if I could get technical support for specific devices. I think that Windows should have some specific connectors. When we implemented a new product, we had to create it manually.

View full review »
SA
Senior Manager Analytics at a financial services firm with 501-1,000 employees

This solution cannot do predictive maintenance, so we have to build our own modules for doing it.

It doesn't do advanced analytics. They should have some advance analytics in this solution.

With Kibana, we wanted it to be easier to use. The data visualization is there but it should be easier to use.

Also, they should start proving APIs for doing ML and AI.

View full review »
TB
Professional Services Manager at PT Korelasi Persada Indonesia

The Integration module could be improved. It is a pain to build integration with any product. We have to do parking and so on. It's not like other commercial solutions that use profile integration. I would also see more detection features on the SIEM side.

View full review »
AR
Founder & Chief Executive Officer at a consultancy with 11-50 employees

The process of designing dashboards is a little cumbersome in Kibana. Unless you are an expert, you will not be able to use it. The process should be pretty straightforward. 

The authentication feature is what we are looking for. We would love to have a central authentication system in the open-source edition without the need for a license or an enterprise license. If they can give at least a simple authentication system within a company. In a large organization, authentication is very essential for security because logs can contain a lot of confidential data. Therefore, an authentication feature for who accesses it should be there.

View full review »
it_user1247235 - PeerSpot reviewer
Cyber Security Consultant at a tech services company with 51-200 employees

The interface could be more user friendly because it is sometimes hard to deal with.

The initial setup can be made easier.

View full review »
JJ
CEO at a tech services company with 51-200 employees

This solution is very hard to implement. It is not a simple product but rather, it has many features and we need to understand all of them. For example, there is the analytics, the parser, and the visualizer, and setting them all up is a little bit complex.

In the next release of this product, I would like to see SOAR automation features, similar to what Splunk Phantom has.

View full review »
KL
DevOps Manager at a tech services company with 11-50 employees

The solution does not have a UI and this is one of the reasons we are looking for another solution.

When setting up some of the pipelines we are receiving different types of log messages with different patterns. When I try to force a certain pattern I need to restart the solution causing a huge inconvenience for us.

View full review »
SN
Associate Delivery Lead at a tech services company with 1,001-5,000 employees

In terms of what could be improved with Elastic, in some use cases, especially on the advanced level, they are not ready-made, so you'll have to write some scripts. This is the case, especially with a trade. If you are comparing it with a SIEM tool, you don't have ready-made use cases.

I would say that to have a better place in the market they should have more built-in use cases so that rather than people creating them, the prime uses had inbuilt use cases. It could even include more templates or automation.

View full review »
JM
Director of Engineering at a tech services company with 201-500 employees

The signature security needs improvement. 

If you compare this with CrowdStrike or Carbon Black, they can improve. 

View full review »
it_user1071018 - PeerSpot reviewer
Former CISO | Cyber Security Enthusiast at a tech services company with 51-200 employees

I think user interface could be improved. They should introduce a hybrid model, because for now, Endgame is purely on premises. They do not have a full-blown model. They don't market themselves that way, which is why customers lose out on a lot of information. They don't know if the product is worth the trial or not because it's an organization that is going completely in the direction of digital transformation on the cloud and then Endgame's automatically removed as an option for them. They wouldn't even know Endgame goes on the cloud, because the company does not market it. 

The solution could also use better dashboards. They need to be more graphical, more matrix-like.

View full review »
Buyer's Guide
Elastic Security
March 2024
Learn what your peers think about Elastic Security. Get advice and tips from experienced pros sharing their opinions. Updated: March 2024.
765,386 professionals have used our research since 2012.