Name: Elastic Security
Rating: 8.6 (13 reviews)
Author: Elastic

Help Desk

Web and Video Conferencing

Customer Support

Bug  Tracking

Flowchart

Development

Higher Education

Education

Association Management

Business Intelligence (BI)

Collaboration

Data Extraction

Embedded Business Intelligence (BI)

File Sync

Risk Management

Streaming Analytics

Visual Collaboration

Enterprise

Accounting

Budgeting and Forecasting

Crypto Accounting

Loan Origination

Payment Gateway

Payment Orchestration

Finance and Accounting

Applicant Tracking

Background Check

Contractor Management

Corporate Learning Management

Diversity, Equity, and Inclusion (DEI)

HR Compliance

HR Management

Payroll

Recruitment Agency

Talent Intelligence

Talent Management

Workforce Analytics

Workforce Management

Human Resources

Authorization

C/C++ Integrated Development Environments

Cloud Storage

Container Management

Distributed Denial of Service (DDoS) Protection

Fraud Detection

Incident Response

Integration Platform as a Service (iPaaS)

Managed Private Cloud

Network Performance Monitoring

Relational Database Management Systems

Remote Monitoring and Management

Tower Servers

Information Technology

A/B Testing

AI Image Generation

Ad Serving & Retargeting

All-in-One Marketing

Content Management

Conversion Rate Optimization

Email Marketing

Event Registration

Heatmap and Session Recording

Landing Page

Marketing Automation

Personalization Engines

Public Relations (PR)

Retail Media Advertising

SMS Marketing

Sales and Marketing Automation

Social Media Management

Survey & Forms Building

Video

Video Editing

Web Analytics

Marketing

Project Management

Prototyping

Professional Services

Customer Relationship Management (CRM)

Sales Pipeline

Sales

Antivirus

Security

Automotive

Forestry

Vertical-Specific

Find top rated software and services based on in-depth reviews from verified users. 400+ software categories including PaaS, NoSQL, BI, HR, and more.

CrowdStrike Falcon

CrowdStrike

Splunk User Behavior Analytics (UBA)

Splunk

Microsoft Defender for Endpoint

Microsoft

SentinelOne Singularity

SentinelOne

Splunk Enterprise Security (ES)

Darktrace

Kaspersky Endpoint Security

Kaspersky Lab

Palo Alto Networks Cortex XDR

Palo Alto Networks

Trellix Endpoint Security ENS

Trellix (FireEye + McAfee)

Microsoft Sentinel

### Log Management
Users consistently praise Elastic Security's log management capabilities, especially when integrated with Logstash and Kibana. The tool's adaptability and scalability are highlighted as valuable features, allowing for the creation of various scenarios and the collection of logs from diverse sources. However, some users have expressed concerns about the lack of backward version compatibility with Elasticsearch and the challenge of editing data within the platform. Despite these drawbacks, the overall sentiment towards Elastic Security's log management remains positive, with users commending its performance and ease of use.

### User Activity Monitoring
Users appreciate Elastic Security's user activity monitoring capabilities for efficiently processing network-related log files with millions of records. The tool enables them to identify errors, track user activity, and extract valuable insights from the data. By leveraging Elasticsearch, users have been able to visualize data effectively through graphs and charts, leading to the development of automated alerting systems for network anomalies.

### Monitoring and Alerts
Users generally find that Elastic Security excels in monitoring and alert capabilities, especially when integrated with ELK stacks. The product is praised for its speed and ease of use in monitoring cloud services logs. It is considered a reliable method for gathering authentication data from service providers. Additionally, users appreciate its efficiency in log compliance and monitoring.

### Configuration and Maintenance
Users appreciate Elastic Security for its user-friendly configuration and maintenance features, highlighting the ease of setup and minimal configurations required to start utilizing the platform effectively. While some users acknowledge that configuring the system may take a bit of time, the majority agree that the comprehensive documentation and community support available make the process manageable. Additionally, the ability to integrate with various programming languages, such as Java, further enhances the platform's appeal for users seeking a versatile and efficient solution for their monitoring and security needs.

### Integration and Modules
Users generally appreciate Elastic Security's integration capabilities, noting its ease of setup and the availability of supporting tools like Filebeats, Logstash, and Kibana. However, there are concerns raised about the complexity of building integrations with other software and the lack of profile integration features. While some find it easy to integrate with programming languages like Java, others feel that there is room for improvement in enhancing the overall integration experience. The platform's ability to process large volumes of data quickly and its robust documentation and community support are acknowledged strengths, but there is a consensus that further enhancements could be made to streamline the integration process and improve user experience.

### Installation and Setup
Users consistently praise Elastic Security for its straightforward installation and setup process. They find it to be reliable and easy to configure, with excellent documentation and forum support available. The software's speed and efficiency during installation are highlighted as key advantages, making it a preferred choice for IT monitoring. Additionally, users appreciate the automation capabilities for installation and the smooth integration with AWS for archiving. The scalability of resources to match varying needs is also noted as a strong point, ensuring a smooth and efficient setup process for users.

Reliability and effectiveness: Many users have consistently found Elastic security to be reliable and effective in protecting their sensitive data. They have praised its ability to detect and prevent threats, providing peace of mind for organizations dealing with valuable information.

Ease of setup and configuration: Reviewers appreciate the straightforward setup process of Elastic. The software offers clear documentation and forum support that guides users through the installation and configuration steps. This ease of use helps save time and allows users to quickly start leveraging Elastic's security features.

Visual aspect as a key feature: The visual aspect of Elastic is highly regarded by many users. Its intuitive interface makes it easy to navigate through different features, visualize data, and gain insights. The visually appealing design enhances the user experience, making it enjoyable to work with Elastic on a daily basis.

Confusing User Interface: Some users have mentioned that the user interface can be confusing, making it difficult to find everything in the menu. They feel that the organization of the menu could be improved for better navigation.

Steep Learning Curve: Several reviewers have expressed that the platform's constant changes and new features make it hard to grasp, requiring users to constantly relearn how to use it. This steep learning curve can be a challenge for those who are not tech-savvy or do not have much experience with similar software.

Integration Module Needs Improvement: Users have stated that the integration module needs improvement in order to make it easier to integrate with other software. They feel that streamlining the integration process would save time and effort for users trying to connect different systems.

Elastic Security provides insights and analytics on network hosts, alerting users when action is needed to maintain host security. Users recommend integrating Elastic Security with Elasticsearch, Logstash, and Kibana for monitoring cloud service logs. The product is known for its simplicity, ease of use, and reliability in gathering authentication data from service providers. Elasticsearch is a vital tool for searching a parameterized database, ingesting product updates, and analyzing user activity. It has enabled the processing and visualization of large network-related log files, enabling the creation of automated alerting systems. Elastic Security is widely used for threat hunting and as a SIEM solution for SOC teams. Users rely on it for log compliance and monitoring purposes. Logstash is praised for its performance and cost-effectiveness as an open-source tool for creating data pipelines to Elasticsearch and other output destinations. The ELK stack, which consists of Elasticsearch, Logstash, and Kibana, forms the foundation of the audit process. Users appreciate the ability to quickly search SIEM logs using Elasticsearch. It is also valuable for analyzing access logs in ETL workloads. The product helps track and analyze logs to understand user activities. Elasticsearch provides a centralized view of system and client behavior by analyzing Windows and Linux log files. The ELK stack offers easy log search and analysis capabilities, enhancing threat visibility and resolving recurring build system problems.

Elastic Security equips analysts to prevent, detect, and respond to threats. The free and open solution delivers SIEM, endpoint security, threat hunting, and cloud monitoring. The solution encompasses Elastic SIEM, which brings Elasticsearch to SIEM and threat hunting. The Elastic Agent (or Elastic Endpoint Security based on the former Endgame security product acquired by Elastic in late 2019) brings signatureless malware prevention to endpoints, as well as security data collection for analytics.

In addition to their incident response service, Rapid7 offers InsightIDR, a combined XDR and SIEM that provides user behavior and threat analytics.

InsightIDR Advanced

Rapid7 InsightIDR

Elastic Security

Security Information and Event Management Tools and Software (often shortened to SIEM) analyze security-related events and log data from network hardware and applications in real-time, performing event correlation and alerting managers to configuration changes of interest, vulnerabilities and potential threats.

Security Information and Event Management (SIEM)

Likelihood to Recommend

Support Rating

Eastic (NYSE: ESTC) is a search company. As the creators of the Elastic Stack (Elasticsearch, Kibana, Beats, and Logstash), Elastic builds self-managed and SaaS offerings that make data usable in real time and at scale for use cases like application search, site search, enterprise search, logging, APM, metrics, security, business analytics.

Elastic

Security Information and Event Management is a category of security software that allows security analysts to look at a more comprehensive view of security logs and events than would be possible by looking at the log files of individual, point security tools

Centralized event and log data collection

Effectiveness of real-time centralized event and log data collection

Correlation

Correlation of logs and events to pinpoint significant threats

Event and log normalization/management

Ability to normalize event syntax so that logs can be compared and are machine-understandable

Deployment flexibility

Ability to tune system to maximize threat detection and minimize false positives

Integration with Identity and Access Management Tools

Integration with access control tools like Active Directory and LDAP

Custom dashboards and workspaces

dashboards that can be customized to meet the needs of specific groups

Host and network-based intrusion detection

Ability to detect both endpoint intrusion and network ingress detection

Log retention

Length and quality of log storage and archiving over time

Data integration/API management

Ease and quality of data integrations between SIEM and other systems

Behavioral analytics and baselining

How effectively activity and behavior baselines are established and maintained

Rules-based and algorithmic detection thresholds

Effectiveness of manually-established rules and algorithmically-determined detection thresholds

Response orchestration and automation

Quality of built-in response orchestration and automation in Next-Gen SIEM

Reporting and compliance management

Ease and quality of reporting and compliance functions

Incident indexing/searching

Effectiveness of searching across structured and unstructured events and incidents within SIEM

McAfee Total Protection (discontinued)

McAfee Endpoint Security (now part of Trellix Endpoint Security)

Symantec Client Management Suite

Falcon

Cisco Secure Endpoint

Endgame 2019-11-10 08:43:00

TrustRadius is a technology and business research firm based in Austin, Texas. The company is known as a review platform for verified B2B technology and software reviews through a proprietary algorithm and human verification.

TrustRadius

Able to edit

Automation features

Easy to administer

Home

Security Information and Event Management (SIEM) Software

It's being used across the entire organization and helps create threat visibility.

Identify 0-day malware.
Provides a few forensic details on endpoints.
Very easy to administer.

I would love that it provided more memory analysis details.
Being able to edit sensor profiles after creating them.
I would love it if it provided more automation features.

Being able to identify threats we couldn't identify before.
Easier management of endpoints.
Being able to immediately isolate endpoints remotely that have high severity threats.

Cybereason Endpoint Detection & Response (EDR) and CrowdStrike Falcon Endpoint Protection

Cisco Advanced Malware Protection (AMP) for Endpoints, McAfee Endpoint Security, Symantec Client Management Suite

Elastic Security
Formerly Endgame

Overview

What is Elastic Security?