The News: Elastic announces enhancements to its Elastic Security offering, an alternative to traditional security information and event management (SIEM) offerings, at RSA Conference 2024 (RSAC 2024). Learn more on the Elastic website.
Accelerating the SOC with Elastic Security
Analyst Take: At RSAC 2024, The Futurum Group had countless conversations about the fact that the security landscape is more complex and fast-changing than ever before. For security operations centers (SOCs) relying on traditional SIEM tools, the result is a deluge of alerts that is practically impossible to sift through into actionable information. In addition to being time-consuming, the process of sifting through hundreds or thousands of alerts is also error prone. This is a problem because preventing and mitigating the spread of attacks requires security analysts and incident response teams to swiftly identify their organization’s most critical vulnerabilities and to correlate these vulnerabilities for visibility into malicious actors’ movement across their network. Compounding this issue, SOCs face headcount limitations and varying levels of skillsets.
While at the show, The Futurum Group caught up with Elastic about its investments over the past 5 years in bringing its search and analytics capabilities to the SOC to streamline and advance security teams’ abilities in areas such as threat detection, alert summarization, and recommendations on workflow integrations.
Notably, Elastic rolled out a new feature called Attack Discovery that combines the company’s machine learning (ML) and natural language processing (NLP)-powered search capabilities with retrieval augmented generation (RAG) to address the issue of alert fatigue. The capability narrows hundreds of alerts down to the handful of most critical so that they can be prioritized and subsequently addressed by security operations teams. The results are returned in an intuitive interface, which helps allow analysts to quickly digest and understand the information and then take immediate action. Analysis is based on inputs including risk scores for hosts and users and criticality scores for technology assets. Using artificial intelligence (AI), Elastic correlates the alerts for visibility into the attack chain. The utilization of RAG is notable because it allows the large language model (LLM) to add context specific to the customer’s organization for increased accuracy and relevance.
The Futurum Group sees opportunity for Elastic Security to help SOCs to operate more efficiently while supplementing analyst knowledge and helping security teams to better scale their analyst and incident response team. At the same time, it can enhance threat detection, investigation, and response capabilities for organizations that do not operate a traditional SOC.
Disclosure: The Futurum Group is a research and advisory firm that engages or has engaged in research, analysis, and advisory services with many technology companies, including those mentioned in this article. The author does not hold any equity positions with any company mentioned in this article.
Analysis and opinions expressed herein are specific to the analyst individually and data and other information that might have been provided for validation, not those of The Futurum Group as a whole.
Other Insights from The Futurum Group:
Fight Smarter: Accelerate Your SOC with AI – Six Five On the Road
Elastic Reports Strong Q2 Fiscal 2024 Financial Results: A Deep Dive
Author Information
Krista Case brings over 15 years of experience providing research and advisory services and creating thought leadership content. Her vantage point spans technology and vendor portfolio developments; customer buying behavior trends; and vendor ecosystems, go-to-market positioning, and business models. Her work has appeared in major publications including eWeek, TechTarget and The Register.
