Elastic

Elastic, based on an open-source platform, leverages AI mechanisms to provide advanced capabilities in search, visibility, data analysis, and security. The platform offers a single, centralized repository that receives and stores any type of logs, which are then processed by the powerful Elasticsearch search and analytics engine. For data visualization and reporting, the Kibana management console is used. Complementing these is the Security module, which provides, among other features, a next-generation SIEM and an EDR agent to protect against advanced threats.

The platform is available in a paid and free version.

Elastic enables automatic migration from other vendors’ SIEM solutions.

The solution is available both in the cloud (Cloud Serverless, Cloud Hosted) and on-premises (Self-managed, including environments without Internet access).

https://www.elastic.co/

Описание на технологията

Endpoint security

Endpoint Security - The EDR agent, which protects endpoints and servers from known and unknown threats, is one of the key components of the platform. The Security module also includes a Next-gen SIEM solution that uses AI mechanisms to quickly detect threats in environments of any scale. Based on data from the Elasticsearch engine, the system detects attacks using detection rules, anomaly and event correlation, UEBA (User and Entity Behavior Analytics), Attack Discovery, and then responds through SOAR. The module also provides digital forensics mechanisms for analyzing events and security incidents.

SIEM

SIEM - The Elasticsearch module collects, normalizes, and stores logs, metrics, synthetic data, APM (Application Performance Monitoring) data, user experience data, uptime data, and public cloud data. It can be used in very large environments due to its scalability. Through advanced data normalization methods (ECS – Elastic Common Schema), it allows correlation of different parameters, increasing platform efficiency. The system also includes various mechanisms and methods for efficient data searching. Kibana, the management console, operates on logs provided by Elasticsearch. It uses advanced views and charts to visually present data. The system enables monitoring of applications, infrastructure, cloud environments, and assesses network conditions (Real User Monitoring). Another component is the AI agent, which intelligently searches data and provides answers to user queries. Elastic allows integration with multiple AI models (e.g., Azure OpenAI, OpenAI, LM Studio). The EDR agent, which protects endpoints and servers from known and unknown threats, is one of the key components of the platform. The Security module also includes a Next-gen SIEM solution that uses AI mechanisms to quickly detect threats in environments of any scale. Based on data from the Elasticsearch engine, the system detects attacks using detection rules, anomaly and event correlation, UEBA (User and Entity Behavior Analytics), Attack Discovery, and then responds through SOAR. The module also provides digital forensics mechanisms for analyzing events and security incidents.

Полезни файлове