Deloitte's Cyber Intelligence Centre adopts the Elastic Stack for cyber data lake and threat hunting

Much like our user community, Elastic’s partner community is always finding new and innovative ways to use the Elastic Stack. Over the last 18 months we’ve been working with the Deloitte Asia Pacific team on cybersecurity use cases for Elastic in their multitenant cloud-based Managed Security Service Provider (MSSP) platform. Many companies know Deloitte for having one of the world’s leading security practices. They’ve been helping their clients address security issues for years on a global scale, and work hard to continually create the best solutions that protect the data and interests of their clients. It’s been interesting to see how Deloitte discovers more and more places where the Elastic Stack turns out to be just the right solution for their internal and client needs.

The journey with Deloitte started in 2013 when a few of their practice members began using Elasticsearch 0.9. Over the past six years, this has evolved to a significant investment at the Asia Pacific level with Deloitte’s network of Cyber Intelligence Centres (CICs). In 2018, Deloitte’s CIC teams became increasingly interested in how Elasticsearch could address their needs to find a more scalable, open, and flexible data platform for cybersecurity. The CIC team in Australia wanted to use the Elastic Stack to extend their cloud-based threat detection and response platform, which protects Deloitte’s managed service customers. In order to provide long-term access to Elastic commercial features and enterprise-level support for the platform, Deloitte and Elastic signed a multi-year Managed Service Provider (MSP) Agreement in February 2019. The solution harnesses Elastic machine learning features to detect new and unknown threats.

Evan Carvouni, Deloitte Cyber Managed Services Leader, Asia Pacific, spoke about the partnership: “Deloitte’s global network of 31 Cyber Intelligence Centres (CICs) has been running for more than 10 years and we’re continuously investing in new cyber innovations to deliver value to our managed service clients. In 2018, we moved to Elasticsearch for the cyber data lake function within our cloud based threat monitoring platform in Australia. Elastic is at the heart of our multi-tenant technology stack and is fully integrated with our ecosystem of detection and response capabilities including SIEM, Threat Intelligence, vulnerability management, endpoint detection and response (EDR), and security orchestration and automated response (SOAR) services.”

Over the last 18 months the alliance between Deloitte and Elastic has gained a lot of momentum with collaboration between the two organisations to really demonstrate the value of Elastic as a cyber analytics platform at the managed service provider level.

Elastic recently announced the intent to acquire Endgame for endpoint security, released Elastic SIEM as part of the 7.2 release, and continued with a drumbeat of new security features available on both our Elasticsearch Service in Elastic Cloud and our self-managed downloads.

Going forward, Deloitte CIC intends to use the Elastic Stack as a threat analytics platform across multiple global customers to provide long-term data retention and analysis, as well as building next-generation SOC solutions that minimise time to detection and focus on threat prediction.

“We’re continuing to work on the expansion of our Cyber Monitoring and Analytics managed service by leveraging the open Elastic Stack to develop new and exciting machine learning use cases,” continued Carvouni, “that combine data from multiple domains, including cyber and financial crime, to deliver new insights and keep pace with the attackers.”

We love relationships that start with a strong technical foundation and evolve naturally based on seeking the best solution. Our alliance partners combine their unique expertise with the Elastic Stack to deliver innovative new solutions. The end result in this case is reducing cyber risk for Deloitte’s managed service clients and our users.

Learn More

About Deloitte’s Cyber Intelligence Centre