Elastic introduces platform enhancements to protect customers against advanced cyber threats

Elastic announced enhancements across the Elastic Search Platform and its solutions. New enhancements enable customers to stop advanced cyber threats with new prebuilt detections and data source integrations, and accelerate application development with deeper visibility into serverless architectures and continuous integration and continuous delivery (CI/CD) pipelines.

Preventing sophisticated cyber attacks and extending visibility across organizations

New prebuilt detections and host-based malicious behavior protections, both generally available, automate protection against sophisticated attacks, such as Log4j and the Blister malware campaign, to help customers streamline security investigations and mitigate risk without diminishing visibility.

Customers can also now leverage Elastic Agent to collect and normalize network activity from an unlimited number of Windows, macOS, and Linux systems, helping security practitioners monitor for suspicious activity and gather valuable forensic insights within and beyond the network perimeter.

In addition, Elastic added new data source integrations with Recorded Future, ThreatQuotient ThreatQ, and Cybersixgill to streamline the ingestion of threat intelligence and help analysts automate detections, improve prioritization, and accelerate threat analysis.

Accelerating application development with deeper visibility into AWS Lambda and CI/CD pipelines

With enhanced end-to-end application performance monitoring visibility, customers can now collect traces from AWS Lambda, in beta, and correlate those traces with other Elastic Observability data—including from CI/CD environments—for faster and more comprehensive root cause analysis.

Additionally, support for OpenTelemetry logs, also in beta, enables organizations that use OpenTelemetry for traces and metrics to standardize data collection across all data types. The ability to ingest OpenTelemetry logs provides customers an opportunity to deploy a standardized, vendor-neutral observability architecture without losing correlation between signal types and layers.

Delivering faster time to insights and improved storage efficiency

Now generally available, the ability to enable doc-value-only fields gives customers the flexibility to index data faster while improving storage efficiency. With this new capability, customers can benefit from up to 20% faster indexing speeds and 20% lower data storage requirements, ultimately helping them accelerate time to insights while balancing cost and performance.

Customers can also leverage several new ad hoc analytics capabilities in Kibana Lens to enhance data exploration, including three new visualization types—gauge, waffle, and mosaic—and a new drag-and-drop capability to combine and compare multiple fields.

“The technology behind Citadel Group’s go-to-market strategy, and our drive to expand globally, significantly leverages Elastic’s Observability and Security solutions,” said Mark McConnell, CEO and Managing Director, The Citadel Group. “Elastic Security is crucial for the SecOps team to function properly and fulfill its role of protecting Citadel and its customers from cyber threats. Elastic Observability capabilities are crucial for us to provide quality managed services to our customers.”

“As data volumes continue to grow and become more dispersed, cyber threats continue to rise,” said Santosh Krishnan, General Manager of Elastic Security, Elastic. “As the world’s leading platform for search-powered solutions, Elastic offers faster indexing speeds, new prebuilt detections, and even more data source integrations to help analysts automate detection, improve prioritization, and accelerate threat analysis. These enhanced capabilities extend user visibility across digital ecosystems—including serverless architectures—and protect against advanced adversaries, while giving customers the flexibility to balance cost and performance.”