Elastic expands cybersecurity push in new version of software suite
Data search powerhouse Elastic NV is moving deeper into the cybersecurity market today with the launch of Elastic SIEM, a new product for hunting threats in enterprise networks.
The offering, whose acronym stands for Security Information and Event Management, is becoming available in beta test mode as part of a new version of the company’s Elastic Stack. It’s a product bundle comprised of the software maker’s open-source data management and analytics tools.
At the core of the suite is the widely used Elasticsearch search engine, which enterprises use to help their workers navigate internal information repositories. The suite’s extensive data processing features have also made it a popular threat analysis tool. Organizations such as Slack Technologies Inc. and Cisco Systems Inc.’s Talos group, which tracks emerging cyber threats, have built their entire security infrastructure atop the toolkit.
Elastic SIEM expands upon the suite’s core capabilities with additional features designed to make network protection teams’ work easier. The product is accessible through a new dashboard in Kibana, a data visualization tool that ships with the Elastic Stack. The dashboard is split up into three views each focused on a different part of the threat hunting workflow.
Timeline Event Viewer, the first view, is a workbench for investigating potential breaches. Security professionals can use a search bar to look up objects of interest, say misbehaving applications, and then drag them into a query builder to start searching for suspicious activity. The tool enables users to save breach evidence, add in related information and attach notes for colleagues.
Data surfaced via Timeline Event Viewer is also accessible via the two other views in the interface. The first, Hosts, tracks server activity, while the second is available under the “Network” tab and allows users to monitor network metrics such as how much data is leaving the corporate network.
Elastic plans to significantly expand the product’s feature set over time. The company will add tools for analyzing end-user behavior, a rule-based detection feature to flag suspicious activity automatically and integrations with threat intelligence feeds.
In the long term, Elastic will likely also seek to make the tool work better with Endgame, the endpoint protection platform that it acquired for $234 million earlier this month. Endpoint Inc., the startup behind the offering, had $21.8 million in annual revenue as of 2018 and counted the U.S. Department of Defense among its customers.
Elastic faces strong competition in the security market. Some of the other players out there, such as recently funded startup Logz.io Inc., have also built their solutions atop Elasticsearch and Kibana.
Photo: Elastic
A message from John Furrier, co-founder of SiliconANGLE:
Your vote of support is important to us and it helps us keep the content FREE.
One click below supports our mission to provide free, deep, and relevant content.
Join our community on YouTube
Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.
THANK YOU