- Accelerating threat hunting and investigation workflows with analyst-driven correlation powered by Event Query Language (EQL).
- Adding a new layer of ransomware prevention with behavioral analysis in the Elastic Agent.
- Leaving cyber threats nowhere to hide by making more data available to security analysts through schema on read, searchable snapshots, and enhanced search.
Elastic Public Relations
Elastic (NYSE: ESTC) (“Elastic”), the company behind Elasticsearch and the Elastic Stack, recently announced new updates across the Elastic Security solution in the 7.12 release to accelerate threat hunting and investigation workflows, prevent ransomware, and eliminate blind spots. Enhanced capabilities include analyst-driven correlation, behavioral ransomware prevention, and unmatched data lookback with schema on read, searchable snapshots, and cross-cluster search.
Elastic Security streamlines security operation workflows and helps practitioners maximize data insights with analyst-driven correlation. Driven by Event Query Language (EQL) — the technology behind advanced correlation in the Elastic Security detection engine — analyst-driven correlation provides more targeted threat hunting and investigation with higher-fidelity detections derived from the findings that analysts uncover during those investigations. Security teams benefit from multiple detection and investigative methods that cover a broad range of security use cases. Combining EQL-based correlations with machine learning-based detections, indicator match type detection rules, and third-party context at cloud scale enables a more comprehensive security strategy.
Behavioral analysis with the Elastic Agent was also introduced to add a new layer of ransomware prevention in Elastic Security. Complementing the signatureless anti-malware first introduced in Elastic Security 7.9, behavioral ransomware prevention on the Elastic Agent detects and stops ransomware attacks on Windows systems by analyzing data from low-level system processes. It is effective across an array of widespread ransomware families, including those targeting the system’s master boot record.
Elastic Security is also expanding its data integrations and making it simple to migrate data from existing Splunk Enterprise environments with a connector that makes specific data sources available for rapid analysis, and added support for Cisco Advanced Malware Protection to analyze valuable endpoint data within Elastic Security. The Elastic Agent now collects several data sources that previously required Filebeat, including Sophos XG, Microsoft Defender ATP, and Google Cloud.
For more information read the Elastic blog about what’s new in Elastic Security 7.12.
Elastic is a search company built on a free and open heritage. Anyone can use Elastic products and solutions to get started quickly and frictionlessly. Elastic offers three solutions for enterprise search, observability, and security, built on one technology stack that can be deployed anywhere. From finding documents to monitoring infrastructure to hunting for threats, Elastic makes data usable in real time and at scale. Thousands of organizations worldwide, including Cisco, eBay, Goldman Sachs, Microsoft, The Mayo Clinic, NASA, The New York Times, Wikipedia, and Verizon, use Elastic to power mission-critical systems. Founded in 2012, Elastic is a distributed company with Elasticians around the globe and is publicly traded on the NYSE under the symbol ESTC. Learn more at elastic.co.
The release and timing of any features or functionality described in this document remain at Elastic’s sole discretion. Any features or functionality not currently available may not be delivered on time or at all.
Elastic and associated marks are trademarks or registered trademarks of Elastic N.V. and its subsidiaries. All other company and product names may be trademarks of their respective owners.