We just raised a $30M Series A: Read our story
2020-04-28T08:50:45Z

What advice do you have for others considering Elastic SIEM?

18

If you were talking to someone whose organization is considering Elastic SIEM, what would you say?

How would you rate it and why? Any other tips or advice?

ITCS user
Guest
77 Answers

author avatar
Top 20Real User

I would say "Elastic is more a platform rather than a tool". For SIEM, Elastic is quite flexible, however you will have to create Use cases yourself (e.g. Threat hunting). Elastic nodes sizing is key in ensuring performance is not impacted. 

2020-07-03T04:02:35Z
author avatar
Top 5Real User

I would advise going for the latest version, but it may or may not be backward compatible. Nowadays, version 7.12 is the latest version, and I see that it is actually not compatible with the older versions. I would rate Elastic SIEM a seven out of ten.

2021-05-21T09:52:37Z
author avatar
Top 5Real User

In our case, being a medium-sized business, it takes a lot of resources to learn how to properly use and implement it — you need to have a good understanding. They give you a very good framework and a very good solution to work with, but there's a lot of intuition that's required to actually make it work well. It requires a lot more effort than they would lead you to believe or that you would even expect. On a scale from one to ten, I would give this solution a rating of eight. This is based on my experiences from the past as we're still implementing it.

2020-10-01T09:58:00Z
author avatar
Top 5Real User

My advice to anybody who is considering this product is that it is a very competitive tool that is very new in the market and the vendor is doing their best to improve services. I highly recommend it and suggest that people choose it without a second thought. I would rate this solution an eight out of ten.

2020-07-29T07:45:59Z
author avatar
Top 20Real User

You have to decide to what level you're trying to go. Is it an SMB or larger enterprise? Because if it is a bigger enterprise there might be a lot of other cybersecurity products that are already installed on their premises. You need to check the compatibility and how it's going to integrate. Make sure it is easy to use and check to see what level you want to track. If there are incidents like unknown IPs and if you look at the logs and find there is no harm in the IPs there will be scrutiny on the endpoints. Consider what kind of team you're going to have and what their ability is to customize things, to connect to different logs. They should look at the operation and see how to customize it and connect it. Finally, consider your budget and how much you want to spend. I would rate it an eight out of ten. It is evolving every day on the security front but there are still certain areas that can be improved more. In the next release, I'd like to see more improvements so that we can do more automation and have more automatic responses. That would be more helpful so that we don't have to delay the manual sources.

2020-05-18T07:50:00Z
author avatar
Top 5LeaderboardReal User

This solution is complex and cannot be used by just anybody. That said, for people who don't want to buy a product or who want to do everything themselves, I would recommend it. The real problem is that its complexity means that it takes a lot of time to set up and learn to use. There is a lot of configuration and hard work. I would rate this solution an eight out of ten.

2020-04-28T08:50:48Z
author avatar
Top 20Real User

My advice to anybody who is implementing Elastic SIEM is to understand how the data works first. It is really different from other types of products. Overall, the product is very stable and it is well-liked. I think that everybody should consider using it. I would rate this solution an eight out of ten.

2020-04-28T08:50:45Z
Learn what your peers think about Elastic SIEM. Get advice and tips from experienced pros sharing their opinions. Updated: November 2021.
553,954 professionals have used our research since 2012.