Elastic N.V., no doubt encouraged by the rapid growth in enterprise cybersecurity spending, has over the last few quarters beefed up its software portfolio with new threat detection and mitigation tools. The company today released a major upgrade to its flagship Elastic Stack suite that strengthens its capabilities in this area.

The Elastic Stack is a family of tools built around the software maker’s popular Elasticsearch open-source search engine. The most significant enhancements introduced as part of today’s release, officially version 7.6, are rolling out for Elastic SIEM, the suite’s security information and event management system.

The system is getting a new rule-based threat detection engine that automatically flags suspicious activity in a company’s network. It lends itself to monitoring Windows, macOS and Linux endpoints as well as backend infrastructure. Administrators can define what kind of malicious behaviors Engine SIEM should look out for and, when a positive match is found, they receive an alert complete with a severity score indicating the urgency of the issue.

Elastic is shipping the detection engine with close to 100 ready-made security policies created by its engineers. This rule set facilitates the detection of attacker tactics and tools detailed in ATT&CK, a knowledge base of hacker techniques developed by the U.S. government-funded MITRE research institute.

In addition to boosting Elastic SIEM’s detection capabilities, Elastic is expanding the number of places where it can spot threats. New integrations introduced with the release enable the system to pull security data from the CloudTrail logging tool in Amazon Web Services Inc., plus virtual machines running on Google Cloud and any service connected to the search giant’s Stackdriver monitoring system.

The new Elastic Stack release also brings enhancements to several other components of the suite. Endpoint Security, an endpoint protection platform based on the company’s $234 million acquisition of Endgame Inc. last year, now provides better threat monitoring on Windows machines. Meanwhile, Elastic App Search has received a “meta engines” feature that will enable users to run search queries across multiple applications. 

Photo: Elastic