At RSA Conference 2022, Elastic launched Elastic Security for Cloud featuring new capabilities for cloud risk and posture management, and cloud workload protection.
Elastic Security for Cloud expands the capabilities of Elastic Security by bringing together the ability to enforce security posture for cloud-native and hybrid environments with infrastructure detection and response (IDR) to give customers deep visibility into cloud workloads and perform expert prevention, detection and response. Customers can monitor for deployment time risks and run-time threats in the unified Elastic Search Platform.
Elastic Security also delivers out-of-the-box rules and machine learning models to identify known and unknown threats with insights derived from Elastic Security Labs, the company’s threat research, malware analysis, and detection engineering team.
Providing a unified view across cloud-native and hybrid environments
According to Gartner, over 85% of organizations will move to a cloud-first model with 95% of new digital workloads deployed on cloud-native platforms by 2025. However, a recent study by Elastic found that nearly half (49%) of organizations adopting cloud-native technologies anticipate that misconfigurations will increase as a root cause of breaches over the next two years.
“While cloud security is key to business, it introduces more dependencies on various internal and third-party elements and increases complexity. The result is an environment with fragmented visibility, and you can’t secure what you can’t see. Such an environment can be difficult to secure, since many elements need to come together cohesively,” said Ken Buckler, Research Analyst – Security and Risk Management, Enterprise Management Associates. “Elastic aims to reduce this complexity and improve attack surface visibility by delivering Elastic Security for Cloud on a single platform that enables customers to secure their cloud risks while integrating it within their broader security operations.”
Key capabilities of Elastic Security for Cloud include:
- Integrating cloud security into a unified platform for endpoint security, cloud security, SIEM, and XDR to deliver broad visibility and security while eliminating the overhead of deploying, managing, and integrating disparate security operations, monitoring, and compliance tools.
- Securing cloud workloads and cloud native applications with a lightweight agent powered by eBPF technology to automate the identification of cloud threats with out-of-the-box detection rules and machine learning (ML) models.
- Enabling analysts to accelerate workflows with integrated case management, built-in response actions, and native integrations with security orchestration platforms.
- Accelerating the investigation experience for cloud-native and hybrid workloads across multiple clouds through a unified alert management console. The console features a terminal-like experience providing rich visibility and context into commands executed in cloud workloads, coupled with runtime intelligence integrations, OS and infrastructure analytics powered by osquery, and automation and integrations with IT and security orchestration platforms.
- Enabling organizations to enforce cloud security posture for their Kubernetes deployments and aligning deployments with security benchmarks such as CIS controls. With this new capability, customers can identify misconfigurations and insecure configurations in their Kubernetes deployments and gain near real-time visibility into their cloud risk.
We have been using Elastic for security analytics for years as a cost-effective and flexible way to secure our enterprise,” said Wes Connell, Cyber Defense Platform Lead, Uber. “We’ve migrated more of our workloads to the cloud over the years so expanding our visibility into those providers is a top priority. The ability to monitor and secure an entire cloud inventory of assets, scale dynamically to deliver best-in-class customer experiences, and reduce risk without increasing the operational burden of multiple solutions is a game-changer for the security industry.”
“One of the big benefits of Elastic Security is that they are constantly innovating to provide truly connected visibility, better detection and response capabilities, and comprehensive protection across our large and diverse environment,” said Andrew Stokes, Information Security Officer, Texas A&M Engineering. “Bringing CWPP and KSPM capabilities into Elastic’s single, unified platform helps automate the identification of cloud threats while reducing tool sprawl and streamlining security operations.”
“To protect applications and workloads in the cloud, security operations teams require deep visibility across their organizations’ underlying infrastructure and application data,” said Santosh Krishnan, General Manager of Elastic Security, Elastic. “Elastic Security for Cloud provides customers with a single platform to monitor their cloud deployments, manage their cloud posture, and secure their cloud workloads – giving them the visibility they need to prevent, detect, and respond to threats faster.”