Login

Accelerating the SOC with Elastic Security

Accelerating the SOC with Elastic Security

The News: Elastic announces enhancements to its Elastic Security offering, an alternative to traditional security information and event management (SIEM) offerings, at RSA Conference 2024 (RSAC 2024). Learn more on the Elastic website.

Accelerating the SOC with Elastic Security

Analyst Take: At RSAC 2024, The Futurum Group had countless conversations about the fact that the security landscape is more complex and fast-changing than ever before. For security operations centers (SOCs) relying on traditional SIEM tools, the result is a deluge of alerts that is practically impossible to sift through into actionable information. In addition to being time-consuming, the process of sifting through hundreds or thousands of alerts is also error prone. This is a problem because preventing and mitigating the spread of attacks requires security analysts and incident response teams to swiftly identify their organization’s most critical vulnerabilities and to correlate these vulnerabilities for visibility into malicious actors’ movement across their network. Compounding this issue, SOCs face headcount limitations and varying levels of skillsets.

While at the show, The Futurum Group caught up with Elastic about its investments over the past 5 years in bringing its search and analytics capabilities to the SOC to streamline and advance security teams’ abilities in areas such as threat detection, alert summarization, and recommendations on workflow integrations.

Notably, Elastic rolled out a new feature called Attack Discovery that combines the company’s machine learning (ML) and natural language processing (NLP)-powered search capabilities with retrieval augmented generation (RAG) to address the issue of alert fatigue. The capability narrows hundreds of alerts down to the handful of most critical so that they can be prioritized and subsequently addressed by security operations teams. The results are returned in an intuitive interface, which helps allow analysts to quickly digest and understand the information and then take immediate action. Analysis is based on inputs including risk scores for hosts and users and criticality scores for technology assets. Using artificial intelligence (AI), Elastic correlates the alerts for visibility into the attack chain. The utilization of RAG is notable because it allows the large language model (LLM) to add context specific to the customer’s organization for increased accuracy and relevance.

The Futurum Group sees opportunity for Elastic Security to help SOCs to operate more efficiently while supplementing analyst knowledge and helping security teams to better scale their analyst and incident response team. At the same time, it can enhance threat detection, investigation, and response capabilities for organizations that do not operate a traditional SOC.

Disclosure: The Futurum Group is a research and advisory firm that engages or has engaged in research, analysis, and advisory services with many technology companies, including those mentioned in this article. The author does not hold any equity positions with any company mentioned in this article.

Analysis and opinions expressed herein are specific to the analyst individually and data and other information that might have been provided for validation, not those of The Futurum Group as a whole.

Other Insights from The Futurum Group:

Fight Smarter: Accelerate Your SOC with AI – Six Five On the Road

Elastic Reports Strong Q2 Fiscal 2024 Financial Results: A Deep Dive

Making Markets EP51: Elastic’s CEO Ash Kulkarni on Recent Earnings and the Company’s Generative AI Prowess

Author Information

Krista Case

With a focus on data security, protection, and management, Krista has a particular focus on how these strategies play out in multi-cloud environments. She brings approximately 15 years of experience providing research and advisory services and creating thought leadership content. Her vantage point spans technology and vendor portfolio developments; customer buying behavior trends; and vendor ecosystems, go-to-market positioning, and business models. Her work has appeared in major publications including eWeek, TechTarget and The Register.

Prior to joining The Futurum Group, Krista led the data protection practice for Evaluator Group and the data center practice of analyst firm Technology Business Research. She also created articles, product analyses, and blogs on all things storage and data protection and management for analyst firm Storage Switzerland and led market intelligence initiatives for media company TechTarget.

SHARE:

Latest Insights:

Can Arm’s Zena CSS Reshape Automotive AI Development Timelines
Olivier Blanchard
Olivier Blanchard
,

Can Arm’s Zena CSS Reshape Automotive AI Development Timelines?

Focus on Accelerating Software-Defined Vehicle Development with Standardized Compute Subsystems
Olivier Blanchard, Research Director at Futurum, shares insights on Arm’s Zena Compute Subsystems, which help automakers cut vehicle launch time by a year and scale AI capabilities across software-defined vehicles.
AMD Extends AM4 Lifespan With Latin America-Only Ryzen 5 5500X3D
Olivier Blanchard
Olivier Blanchard
,

AMD Extends AM4 Lifespan With Latin America-Only Ryzen 5 5500X3D

AMD Introduces the Ryzen 5 5500X3D, a 6-Core Zen 3 CPU With 3D V-Cache, Designed Exclusively for the Latin American Market To Serve Budget-Conscious PC Gamers
Olivier Blanchard, Research Director at Futurum, shares insights on AMD’s Latin America-exclusive Ryzen 5 5500X3D and what the move says about the company’s long-term support for the aging AM4 platform.
Lenovo Targets Hybrid Productivity with New Workstation and Device Management Solutions
Olivier Blanchard
Olivier Blanchard
,

Lenovo Targets Hybrid Productivity with New Workstation and Device Management Solutions

Lenovo Unveils Workstation, ThinkStation, and Services Portfolio Updates at NXT BLD 2025
Olivier Blanchard, Research Director at Futurum, shares his insights on Lenovo’s new workstation offerings and ThinkStation upgrades designed to optimize remote performance, AI development, and spatial computing workflows.
AMD Expands Telecom Role as Nokia Selects EPYC for 5G Cloud Platform
Olivier Blanchard
Olivier Blanchard
,

AMD Expands Telecom Role as Nokia Selects EPYC for 5G Cloud Platform

Nokia Expands Its Cloud Platform Capabilities With AMD’s 5th Gen EPYC Processors, Boosting Performance and Energy Efficiency for Next-Gen Telecom Networks
Olivier Blanchard, Research Director at Futurum, shares insights on how Nokia’s adoption of AMD’s 5th Gen EPYC processors strengthens 5G cloud infrastructure with improved performance and energy efficiency.
Become a Client

The Futurum Group

(833) 722-5337

501 West Ave., Suite 2102
Austin TX 78701

Linkedin Youtube Facebook

Welcome to The Futurum Group

Login to The Futurum Group
Login to Futurum Intelligence Platform
Login to Futurum Labs Research Library

Book a Demo

Thank you, we received your request, a member of our team will be in contact with you.