Accelerating the SOC with Elastic Security

Accelerating the SOC with Elastic Security

The News: Elastic announces enhancements to its Elastic Security offering, an alternative to traditional security information and event management (SIEM) offerings, at RSA Conference 2024 (RSAC 2024). Learn more on the Elastic website.

Accelerating the SOC with Elastic Security

Analyst Take: At RSAC 2024, The Futurum Group had countless conversations about the fact that the security landscape is more complex and fast-changing than ever before. For security operations centers (SOCs) relying on traditional SIEM tools, the result is a deluge of alerts that is practically impossible to sift through into actionable information. In addition to being time-consuming, the process of sifting through hundreds or thousands of alerts is also error prone. This is a problem because preventing and mitigating the spread of attacks requires security analysts and incident response teams to swiftly identify their organization’s most critical vulnerabilities and to correlate these vulnerabilities for visibility into malicious actors’ movement across their network. Compounding this issue, SOCs face headcount limitations and varying levels of skillsets.

While at the show, The Futurum Group caught up with Elastic about its investments over the past 5 years in bringing its search and analytics capabilities to the SOC to streamline and advance security teams’ abilities in areas such as threat detection, alert summarization, and recommendations on workflow integrations.

Notably, Elastic rolled out a new feature called Attack Discovery that combines the company’s machine learning (ML) and natural language processing (NLP)-powered search capabilities with retrieval augmented generation (RAG) to address the issue of alert fatigue. The capability narrows hundreds of alerts down to the handful of most critical so that they can be prioritized and subsequently addressed by security operations teams. The results are returned in an intuitive interface, which helps allow analysts to quickly digest and understand the information and then take immediate action. Analysis is based on inputs including risk scores for hosts and users and criticality scores for technology assets. Using artificial intelligence (AI), Elastic correlates the alerts for visibility into the attack chain. The utilization of RAG is notable because it allows the large language model (LLM) to add context specific to the customer’s organization for increased accuracy and relevance.

The Futurum Group sees opportunity for Elastic Security to help SOCs to operate more efficiently while supplementing analyst knowledge and helping security teams to better scale their analyst and incident response team. At the same time, it can enhance threat detection, investigation, and response capabilities for organizations that do not operate a traditional SOC.

Disclosure: The Futurum Group is a research and advisory firm that engages or has engaged in research, analysis, and advisory services with many technology companies, including those mentioned in this article. The author does not hold any equity positions with any company mentioned in this article.

Analysis and opinions expressed herein are specific to the analyst individually and data and other information that might have been provided for validation, not those of The Futurum Group as a whole.

Other Insights from The Futurum Group:

Fight Smarter: Accelerate Your SOC with AI – Six Five On the Road

Elastic Reports Strong Q2 Fiscal 2024 Financial Results: A Deep Dive

Making Markets EP51: Elastic’s CEO Ash Kulkarni on Recent Earnings and the Company’s Generative AI Prowess

Author Information

With a focus on data security, protection, and management, Krista has a particular focus on how these strategies play out in multi-cloud environments. She brings approximately a decade of experience providing research and advisory services and creating thought leadership content, with a focus on IT infrastructure and data management and protection. Her vantage point spans technology and vendor portfolio developments; customer buying behavior trends; and vendor ecosystems, go-to-market positioning, and business models. Her work has appeared in major publications including eWeek, TechTarget and The Register.

Prior to joining The Futurum Group, Krista led the data center practice for Evaluator Group and the data center practice of analyst firm Technology Business Research. She also created articles, product analyses, and blogs on all things storage and data protection and management for analyst firm Storage Switzerland and led market intelligence initiatives for media company TechTarget.

Krista holds a Bachelor of Arts in English Journalism with a minor in Business Administration from the University of New Hampshire.


Latest Insights:

The Six Five team discusses Oracle Q4FY24 earnings.
The Six Five team discusses enterprise SaaS reset or pause
The Six Five team discusses Six Five Summit 2024 wrap.
The Six Five team discusses Apple WWDC 2024.