Ricoh searches terabytes of global IT logs in real time with Elasticsearch

Ricoh is operationalizing the Elastic Stack to visualize and monitor two terabytes of logging data a day to watch for and react quickly to security threats across its global IT infrastructure.

Prior to implementing the Elastic Stack, Ricoh’s infrastructure surveillance system wasn’t able to instantly link and detect anomalous events from the Internet all the way through to the endpoint. This was exposed during the WannaCry ransomware attack, which prompted Ricoh to issue several security patches for its product and to leverage the Elastic Stack as the foundation of its new Security Control Department. This included Ricoh building a security analytics solution using Elastic’s open source products (Elasticsearch, Kibana, Beats, Logstash), Elastic’s proprietary features like monitoring and alerting, and support from Elastic engineers.

Today, logs from nearly all of Ricoh’s IT devices are monitored and visualized in real time with Kibana on a large screen in Ricoh’s Security Control Department, which is responsible for securing Ricoh’s operational infrastructure.

“After introducing the Elastic Stack, our Security Control Department was able to better prevent, detect and respond promptly to the ever-changing landscape of global security threats, both internally and externally,” said Mr. Tomotake Wakuri, Senior Specialist, ICT Business Group, Ricoh. “We look forward to working with Elastic as they continue to build new and more powerful features and solutions for the security analytics use case.”

“It is humbling to see that Ricoh has adopted the Elastic Stack to visualize, search and alert for security threats across their global IT infrastructure,” said Shay Banon, CEO and founder of Elastic. “The security use case is a global phenomenon that cuts across networks from Tokyo, to New York, to London. We are excited that Ricoh has decided to partner with us to create a security solution that spans the globe.”