Accelerating the SOC with Elastic Security

Accelerating the SOC with Elastic Security

The News: Elastic announces enhancements to its Elastic Security offering, an alternative to traditional security information and event management (SIEM) offerings, at RSA Conference 2024 (RSAC 2024). Learn more on the Elastic website.

Accelerating the SOC with Elastic Security

Analyst Take: At RSAC 2024, The Futurum Group had countless conversations about the fact that the security landscape is more complex and fast-changing than ever before. For security operations centers (SOCs) relying on traditional SIEM tools, the result is a deluge of alerts that is practically impossible to sift through into actionable information. In addition to being time-consuming, the process of sifting through hundreds or thousands of alerts is also error prone. This is a problem because preventing and mitigating the spread of attacks requires security analysts and incident response teams to swiftly identify their organization’s most critical vulnerabilities and to correlate these vulnerabilities for visibility into malicious actors’ movement across their network. Compounding this issue, SOCs face headcount limitations and varying levels of skillsets.

While at the show, The Futurum Group caught up with Elastic about its investments over the past 5 years in bringing its search and analytics capabilities to the SOC to streamline and advance security teams’ abilities in areas such as threat detection, alert summarization, and recommendations on workflow integrations.

Notably, Elastic rolled out a new feature called Attack Discovery that combines the company’s machine learning (ML) and natural language processing (NLP)-powered search capabilities with retrieval augmented generation (RAG) to address the issue of alert fatigue. The capability narrows hundreds of alerts down to the handful of most critical so that they can be prioritized and subsequently addressed by security operations teams. The results are returned in an intuitive interface, which helps allow analysts to quickly digest and understand the information and then take immediate action. Analysis is based on inputs including risk scores for hosts and users and criticality scores for technology assets. Using artificial intelligence (AI), Elastic correlates the alerts for visibility into the attack chain. The utilization of RAG is notable because it allows the large language model (LLM) to add context specific to the customer’s organization for increased accuracy and relevance.

The Futurum Group sees opportunity for Elastic Security to help SOCs to operate more efficiently while supplementing analyst knowledge and helping security teams to better scale their analyst and incident response team. At the same time, it can enhance threat detection, investigation, and response capabilities for organizations that do not operate a traditional SOC.

Disclosure: The Futurum Group is a research and advisory firm that engages or has engaged in research, analysis, and advisory services with many technology companies, including those mentioned in this article. The author does not hold any equity positions with any company mentioned in this article.

Analysis and opinions expressed herein are specific to the analyst individually and data and other information that might have been provided for validation, not those of The Futurum Group as a whole.

Other Insights from The Futurum Group:

Fight Smarter: Accelerate Your SOC with AI – Six Five On the Road

Elastic Reports Strong Q2 Fiscal 2024 Financial Results: A Deep Dive

Making Markets EP51: Elastic’s CEO Ash Kulkarni on Recent Earnings and the Company’s Generative AI Prowess

Author Information

Krista Case

With a focus on data security, protection, and management, Krista has a particular focus on how these strategies play out in multi-cloud environments. She brings approximately 15 years of experience providing research and advisory services and creating thought leadership content. Her vantage point spans technology and vendor portfolio developments; customer buying behavior trends; and vendor ecosystems, go-to-market positioning, and business models. Her work has appeared in major publications including eWeek, TechTarget and The Register.

Prior to joining The Futurum Group, Krista led the data protection practice for Evaluator Group and the data center practice of analyst firm Technology Business Research. She also created articles, product analyses, and blogs on all things storage and data protection and management for analyst firm Storage Switzerland and led market intelligence initiatives for media company TechTarget.

SHARE:

Latest Insights:

Novin Kaihani from Intel joins Six Five hosts to discuss the transformative impact of Intel vPro on IT strategies, backed by real-world examples and comprehensive research from Forrester Consulting.
Messaging Growth and Cost Discipline Drive Twilio’s Q4 FY 2024 Profitability Gains
Keith Kirkpatrick highlights Twilio’s Q4 FY 2024 performance driven by messaging growth, AI innovation, and strong profitability gains.
Strong Demand From Webscale and Enterprise Segments Positions Cisco for Continued AI-Driven Growth
Ron Westfall, Research Director at The Futurum Group, shares insights on Cisco’s Q2 FY 2025 results, focusing on AI infrastructure growth, Splunk’s impact on security, and innovations like AI PODs and HyperFabric driving future opportunities.
Major Partnership Sees Databricks Offered as a First-Party Data Service; Aims to Modernize SAP Data Access and Accelerate AI Adoption Through Business Data Cloud
Nick Patience, AI Practice Lead at The Futurum Group, examines the strategic partnership between SAP and Databricks that combines SAP's enterprise data assets with Databricks' data platform capabilities through SAP Business Data Cloud, marking a significant shift in enterprise data accessibility and AI innovation.

Thank you, we received your request, a member of our team will be in contact with you.