2020-04-28T08:50:45Z

What advice do you have for others considering Elastic SIEM?


If you were talking to someone whose organization is considering Elastic SIEM, what would you say?

How would you rate it and why? Any other tips or advice?

Guest
44 Answers

author avatar
Top 5Real User

I would say "Elastic is more a platform rather than a tool". For SIEM, Elastic is quite flexible, however you will have to create Use cases yourself (e.g. Threat hunting). Elastic nodes sizing is key in ensuring performance is not impacted. 

2020-07-03T04:02:35Z
author avatar
Top 10Real User

You have to decide to what level you're trying to go. Is it an SMB or larger enterprise? Because if it is a bigger enterprise there might be a lot of other cybersecurity products that are already installed on their premises. You need to check the compatibility and how it's going to integrate. Make sure it is easy to use and check to see what level you want to track. If there are incidents like unknown IPs and if you look at the logs and find there is no harm in the IPs there will be scrutiny on the endpoints. Consider what kind of team you're going to have and what their ability is to customize things, to connect to different logs. They should look at the operation and see how to customize it and connect it. Finally, consider your budget and how much you want to spend. I would rate it an eight out of ten. It is evolving every day on the security front but there are still certain areas that can be improved more. In the next release, I'd like to see more improvements so that we can do more automation and have more automatic responses. That would be more helpful so that we don't have to delay the manual sources.

2020-05-18T07:50:00Z
author avatar
Top 5LeaderboardReal User

This solution is complex and cannot be used by just anybody. That said, for people who don't want to buy a product or who want to do everything themselves, I would recommend it. The real problem is that its complexity means that it takes a lot of time to set up and learn to use. There is a lot of configuration and hard work. I would rate this solution an eight out of ten.

2020-04-28T08:50:48Z
author avatar
Top 10Real User

My advice to anybody who is implementing Elastic SIEM is to understand how the data works first. It is really different from other types of products. Overall, the product is very stable and it is well-liked. I think that everybody should consider using it. I would rate this solution an eight out of ten.

2020-04-28T08:50:45Z
Find out what your peers are saying about Elastic, Splunk, Fortinet and others in Security Information and Event Management (SIEM). Updated: October 2020.
442,141 professionals have used our research since 2012.