Elastic released its integrated security offering, Elastic Security 7.6.0, which builds on the strengths of Elastic Endpoint Security and Elastic SIEM to deliver unparalleled visibility and threat protection through a unified interface.
New features include a SIEM detection engine that automates threat detection and comes with 100+ prebuilt rules aligned with the MITRE ATT&CK framework to identify known and unknown threats.
With Elasticsearch at its core, Elastic Security reduces security investigations from days to minutes with near-real-time security monitoring and incident response capabilities.
According to a report by the SANS Institute, the inability of existing tools to process massive amounts of security data directly affects an analyst’s ability to detect attacks both during a breach and after the fact — when analysts need to conduct forensic investigations and confirm that a threat has been completely remediated.
“Elastic has helped our security team focus on what matters by equipping us with the tools we need to efficiently search millions of logs while reducing the number of alerts to a volume that our security team can manage,” said Maxim Verreault, Security Manager at Skytech Communications.
“With the release of 7.6, out-of-the-box signal detection rules in Elastic SIEM enable us to automate analysis across our observability data and detect and respond to threats the moment they happen.
“Elastic Security 7.6 also provides a great way for the community to connect, as we, the security folks, will be able to share custom signal detection rules so that everyone can benefit from them and detect new emerging threats.”
“Not only do security operations teams need more network access and user data, but they also must collect and correlate that data into usable information to simplify security operations,” said Nate Fick, general manager at Elastic Security.
“The convergence of Elastic Endpoint Security and Elastic SIEM into a single solution enables organizations to prevent targeted attacks in real time, while providing needed visibility into security risks as they develop to fast-track response actions before damage and loss.”
Comprehensive, data-driven analytics
Correlate events and log data from any source to proactively detect threats with machine learning and analytics across server, network, cloud, and endpoint data. Respond at scale to isolate a single compromised endpoint or remediate an attack across an entire environment with a single click.
Fast response with fewer resources
The Elastic Security visualizations can pinpoint the origin, extent, and timeline of an attack with real-time analysis of file, registry, user, process, network, and DNS data. Analysts are empowered to determine root cause in minutes and take immediate action without ever leaving the page.
Automated security operations at scale
Elastic streamlines advanced capabilities such as security analytics, EDR, incident response, and threat hunting with a user experience and workflow that Elastic security researchers have designed to solve real-world SOC use cases.
With a focus on workflow automation driving the most efficient use of an analyst’s time, incident responders and threat hunters will find their day-to-day roles free of repetitive tasks, with more time spent solving critical problems and investigations.