Elastic changes the SIEM game with AI-driven security analytics
Elastic (NYSE: ESTC) is revolutionizing the SIEM game with AI-driven security analytics through its Search AI platform. The new Attack Discovery feature prioritizes attacks over alerts, enabling security teams to quickly identify and respond to the most impactful threats. Leveraging rich contextual data, Elastic Security streamlines the investigation process and empowers analysts to focus on threat detection and response rather than sifting through alerts. Attack Discovery will be available with the Elastic 8.14 release, benefiting customers with an Enterprise license.
Elastic introduces AI-driven security analytics solution powered by Search AI platform.
Attack Discovery feature triages alerts to prioritize critical attacks effectively.
Enhanced efficiency in threat detection, investigation, and response for security teams.
Reduction in manual effort with accurate alert evaluation and fast triaging.
Significant advantage for analysts and incident responders in cybersecurity workforce shortage.
Potential challenges in adapting to new AI-driven security analytics processes.
Dependence on continuous data updates and training to maintain accuracy.
Prioritize attacks, not alerts, with new Attack Discovery capability, powered by Search AI
Elastic Attack Discovery (Graphic: Business Wire)
Elastic’s AI-driven security analytics is built on the Search AI platform, which includes RAG powered by the industry's foremost search technology. LLMs are only as accurate and current as the information they leverage: their underlying training data and the context provided with the prompt. As such, they require rich, up-to-date data to deliver accurate, tailored results — and efficiently gathering this confidential knowledge requires search. Search-based RAG delivers this context automatically and eliminates the need to build a bespoke LLM and constantly retrain it on ever-changing internal data.
Attack Discovery uniquely leverages the Search AI platform to sort and identify which alert details should be evaluated by the LLM. By querying the rich context contained within Elastic Security alerts with the hybrid search capabilities of Elasticsearch, the solution retrieves the most relevant data to provide to the LLM and instructs it to identify and prioritize the few attacks accordingly. This includes data such as host and user risk scores, asset criticality scores, alert severities, descriptions and alert reasons.
“As a lean organization, we do not operate a traditional SOC team, so the ability to secure our assets faster using our existing team and generative AI is very exciting,” said Kadir Burak Mavzer, Cloud Security team lead at Bolt. “We've already seen great results with Elastic AI Assistant and are looking forward to using Attack Discovery soon.”
“Attack Discovery is a transformative step towards solving the ongoing cybersecurity workforce shortage. Investigations that would have taken entire teams can now be investigated by a single analyst in less time,” said Ken Buckler, information security research director at EMA. “Attack Discovery will provide analysts and incident responders a significant advantage over existing log analysis focused solutions.”
“The attacks companies face are as constant as they are sophisticated, and with no lever to slow the deluge of signals, most security teams struggle to keep their heads above water,” said Santosh Krishnan, general manager of Security at Elastic. “Nearly
Many SOCs have 1000s of alerts to sift through daily. Much of this work is dull, time-intensive, and error-prone. Elastic Security removes the need for such manual effort. Attack Discovery triages out the false positives and maps the remaining strong signals to discrete attack chains, showing how related alerts are part of an attack chain. Attack Discovery uses LLMs to evaluate alerts, taking into consideration severity, risk scores, asset criticality and more. By delivering this accurate and fast triage, analysts can spend less time sifting through alerts and more time investigating and addressing threats.
Since its release in 2019, Elastic Security has grown to include some of the industry’s most advanced analytics capabilities, including 100+ prebuilt ML-based anomaly detection jobs to detect previously unknown threats. Last year, Elastic introduced Elastic AI Assistant for Security to help SOC analysts with rule authoring, alert summarization, and workflow and integration recommendations.
Availability
Attack Discovery will be available to all customers with an Enterprise license as part of the Elastic 8.14 release.
Additional Resources
- Blog: Elastic Security evolves into the first and only AI-driven security analytics solution
- Blog: Tracing history: The generative AI revolution in SIEM
- Attend “Fight Smarter: Accelerate your SOC with AI-driven Insights” at RSA Conference
About Elastic
Elastic (NYSE: ESTC), the Search AI Company, enables everyone to find the answers they need in real-time using all their data, at scale. Elastic’s solutions for search, observability and security are built on the Elastic Search AI Platform, the development platform used by thousands of companies, including more than
Elastic and associated marks are trademarks or registered trademarks of Elastic N.V. and its subsidiaries. All other company and product names may be trademarks of their respective owners.
View source version on businesswire.com: https://www.businesswire.com/news/home/20240506012000/en/
Alexia Russell
PR-team@elastic.co
Source: Elastic N.V.
FAQ
What is Elastic changing with its AI-driven security analytics?
What is the new feature introduced by Elastic?
When will Attack Discovery be available to customers?
How does Elastic Security streamline the investigation process?
What advantage does Attack Discovery offer for security teams?
