Elastic Stack Goes Into Cyber Security

September 11, 2019

The open source search company Elasticsearch has augmented its offerings with new security technology. ZDNet delves into Elasticsearch’s new endeavor in the article, “Elastic Takes the First Steps Toward Building Out Its SIEM Solution.” Elastic Stack is Elasticsearch’s open source analytics tool and it received a new update: Elastic NV. Elastic NV is a data model and UI for Security information and Event Management (SIEM).

Elasticsearch has a lot of competition, so the company decided that making its log, search, and analytics stack more utilitarian would expand its client base. The SIEM update is an appealing security solution:

“The SIEM features lay the foundations for a more fleshed-out solution going forward with the new Elastic Common Schema, an open source specification for field naming conventions and data types; think of the new common schema as a Rosetta Stone for the different types of logs, metrics, and other contextual data that is used for analyzing security events. Additionally, the 7.2 release adds a dedicated user interface for security events, featuring a timeline viewer to store evidence of an attack, pin and annotate relevant events, and provide query filtering capabilities.”

While appealing the Elastic SIEM offerings are still skeletal, but Elastic acquired Endgame-a company that designs endpoint security solutions. Elastic will probably include it in a future SIEM update.

Search is also more powerful in Elastic NV. Search used to be limited to the Elastic cloud, but it can now be used on-site end systems. Elastic is extending its services also to make a scalable search-based solution to provide insights into detecting potential threats.

Will other enterprise search vendors follow Elastic?

Whitney Grace, September 11, 2019

Comments

Got something to say?





  • Archives

  • Recent Posts

  • Meta