SECURITY
SECURITY
SECURITY
With new release, Elastic enhances its threat detection capabilities
Elastic N.V., no doubt encouraged by the rapid growth in enterprise cybersecurity spending, has over the last few quarters beefed up its software portfolio with new threat detection and mitigation tools. The company today released a major upgrade to its flagship Elastic Stack suite that strengthens its capabilities in this area.
The Elastic Stack is a family of tools built around the software maker’s popular Elasticsearch open-source search engine. The most significant enhancements introduced as part of today’s release, officially version 7.6, are rolling out for Elastic SIEM, the suite’s security information and event management system.
The system is getting a new rule-based threat detection engine that automatically flags suspicious activity in a company’s network. It lends itself to monitoring Windows, macOS and Linux endpoints as well as backend infrastructure. Administrators can define what kind of malicious behaviors Engine SIEM should look out for and, when a positive match is found, they receive an alert complete with a severity score indicating the urgency of the issue.
Elastic is shipping the detection engine with close to 100 ready-made security policies created by its engineers. This rule set facilitates the detection of attacker tactics and tools detailed in ATT&CK, a knowledge base of hacker techniques developed by the U.S. government-funded MITRE research institute.
In addition to boosting Elastic SIEM’s detection capabilities, Elastic is expanding the number of places where it can spot threats. New integrations introduced with the release enable the system to pull security data from the CloudTrail logging tool in Amazon Web Services Inc., plus virtual machines running on Google Cloud and any service connected to the search giant’s Stackdriver monitoring system.
The new Elastic Stack release also brings enhancements to several other components of the suite. Endpoint Security, an endpoint protection platform based on the company’s $234 million acquisition of Endgame Inc. last year, now provides better threat monitoring on Windows machines. Meanwhile, Elastic App Search has received a “meta engines” feature that will enable users to run search queries across multiple applications.
Photo: Elastic
A message from John Furrier, co-founder of SiliconANGLE:
Support our mission to keep content open and free by engaging with theCUBE community. Join theCUBE’s Alumni Trust Network, where technology leaders connect, share intelligence and create opportunities.
- 15M+ viewers of theCUBE videos, powering conversations across AI, cloud, cybersecurity and more
- 11.4k+ theCUBE alumni — Connect with more than 11,400 tech and business leaders shaping the future through a unique trusted-based network.
About SiliconANGLE Media
SiliconANGLE Media is a recognized leader in digital media innovation, uniting breakthrough technology, strategic insights and real-time audience engagement. As the parent company of SiliconANGLE, theCUBE Network, theCUBE Research, CUBE365, theCUBE AI and theCUBE SuperStudios — with flagship locations in Silicon Valley and the New York Stock Exchange — SiliconANGLE Media operates at the intersection of media, technology and AI.
Founded by tech visionaries John Furrier and Dave Vellante, SiliconANGLE Media has built a dynamic ecosystem of industry-leading digital media brands that reach 15+ million elite tech professionals. Our new proprietary theCUBE AI Video Cloud is breaking ground in audience interaction, leveraging theCUBEai.com neural network to help technology companies make data-driven decisions and stay at the forefront of industry conversations.
