Elastic N.V. (NYSE: ESTC) (“Elastic”), the company behind Elasticsearch and the Elastic Stack, today announced it will showcase its integrated threat prevention, collection, detection, and response solution at the 2020 RSA conference in San Francisco, February 24-28, 2020.
Earlier this month, Elastic released its integrated security offering, Elastic Security 7.6.0, which builds on the strengths of Elastic Endpoint Security and Elastic SIEM to deliver unparalleled visibility and threat protection through a unified interface. New features include a SIEM detection engine that automates threat detection and comes with 100+ prebuilt rules aligned with the MITRE ATT&CK framework to identify known and unknown threats. With Elasticsearch at its core, Elastic Security reduces security investigations from days to minutes with near-real-time security monitoring and incident response capabilities.
According to a report1 by the SANS Institute, the inability of existing tools to process massive amounts of security data directly affects an analyst’s ability to detect attacks both during a breach and after the fact — when analysts need to conduct forensic investigations and confirm that a threat has been completely remediated.
“Elastic has helped our security team focus on what matters by equipping us with the tools we need to efficiently search millions of logs while reducing the number of alerts to a volume that our security team can manage,” said Maxim Verreault, Security Manager at Skytech Communications. “With the release of 7.6, out-of-the-box signal detection rules in Elastic SIEM enable us to automate analysis across our observability data and detect and respond to threats the moment they happen. Elastic Security 7.6 also provides a great way for the community to connect, as we, the security folks, will be able to share custom signal detection rules so that everyone can benefit from them and detect new emerging threats.”
“Not only do security operations teams need more network access and user data, but they also must collect and correlate that data into usable information to simplify security operations,” said Nate Fick, general manager at Elastic Security. “The convergence of Elastic Endpoint Security and Elastic SIEM into a single solution enables organizations to prevent targeted attacks in real time, while providing needed visibility into security risks as they develop to fast-track response actions before damage and loss.”
Key features that Elastic will demonstrate at RSA include:
Comprehensive, Data-Driven Analytics
Correlate events and log data from any source to proactively detect threats with machine learning and analytics across server, network, cloud, and endpoint data. Respond at scale to isolate a single compromised endpoint or remediate an attack across an entire environment with a single click.
Fast Response With Fewer Resources
The Elastic Security visualizations can pinpoint the origin, extent, and timeline of an attack with real-time analysis of file, registry, user, process, network, and DNS data. Analysts are empowered to determine root cause in minutes and take immediate action without ever leaving the page.
Automated Security Operations at Scale
Elastic streamlines advanced capabilities such as security analytics, EDR, incident response, and threat hunting with a user experience and workflow that Elastic security researchers have designed to solve real-world SOC use cases. With a focus on workflow automation driving the most efficient use of an analyst’s time, incident responders and threat hunters will find their day-to-day roles free of repetitive tasks, with more time spent solving critical problems and investigations.
Elastic security experts will be delivering valuable security insights on some of the top challenges facing cybersecurity professionals today in booths #1427 and #2227. Session presentations include:
Advanced Autonomous Protections on the Endpoint
Stop advanced attacks no matter where your endpoints are, connected or disconnected.
Global Attack Protection from the SIEM
Find embedded attackers across your environment with deep data analysis and detection across all your security data.
Fully Integrated Workflow for Complete Remediation
Reduce your time to respond and remediate the full attack with vertical integration between Elastic Endpoint and SIEM.
1 Endpoint Protection and Response: A SANS Survey, SANS Institute, June 20, 2018
Elastic is a search company that powers enterprise search, observability, and security solutions built on one technology stack that can be deployed anywhere. From finding documents to monitoring infrastructure to hunting for threats, Elastic makes data usable in real time and at scale. Founded in 2012, Elastic is a distributed company with Elasticians around the globe. Learn more at elastic.co.
Elastic and associated marks are trademarks or registered trademarks of Elastic N.V. and its subsidiaries. All other company and product names may be trademarks of their respective owners.