How Elastic AI Assistant for Security and Amazon Bedrock can empower security analysts for enhanced performance

Elastic Cloud enables users to search, solve, and succeed with one platform, three search-powered solutions, built on a single technology stack. It is designed for any type of data — deployable anywhere — to solve your search, observability, and security challenges. Elastic® users benefit from a unified data analytics platform, which dramatically reduces the cost and complexity of data collection, storage, and analysis. 

The integration of Elastic with advanced AI models elevates its capabilities to new heights. By harnessing Elasticsearch®’s retrieval capabilities, LLMs gain access to the most pertinent documents, enabling them to furnish accurate responses. This collaboration between Elasticsearch and Amazon Bedrock ensures users receive answers that are contextually relevant and factually accurate, setting a benchmark for information retrieval and AI-driven assistance.

Elastic stands as a top notch search engine with a plethora of features designed to guarantee exceptional search performance. It supports conventional keyword and text-based searches using the Elasticsearch Relevance Engine™ (ESRE) and Elastic Learned Sparse EncodeR (ELSER) algorithm, alongside AI-ready vector search capabilities with exact match and approximate kNN (k-Nearest Neighbor) search functionalities. These advanced features empower Elasticsearch to retrieve highly pertinent results for queries expressed in natural language. By combining traditional, vector, or hybrid search approaches, Elasticsearch delivers pinpoint accuracy, simplifying the process for users to locate the information they seek.

The Elasticsearch platform seamlessly integrates robust machine learning and artificial intelligence capabilities directly into Elastic solutions like the Elastic AI Assistant for Security, providing the tools to create highly sought-after applications and execute tasks with remarkable efficiency. By leveraging these advanced technologies, users unlock the full potential of Elasticsearch, delivering unparalleled user experiences and streamlining workflows.

Elastic Security combines security information and event management (SIEM) threat detection features with endpoint prevention and response capabilities in one solution. These analytical and protection capabilities, leveraged by the speed and extensibility of Elasticsearch, enable analysts to defend their organization from threats before damage and loss occur.

Below are some of the common tasks performed by a cybersecurity operations team.

Alert investigation: Security analysts investigate alerts to determine their validity and severity. They review the information provided in the alert, such as source IP, destination IP, timestamps, and the nature of the event. Based on the investigation, analysts can decide whether the alert represents a legitimate security incident or a false positive. If it's a real threat, they proceed to incident response. 

Incident response: Once an alert is confirmed as a security incident, incident response teams take steps to mitigate the threat. This may involve isolating affected systems, collecting evidence, and coordinating with relevant stakeholders to resolve the incident. The goal is to contain and remediate the incident, minimize damage, and prevent it from escalating.

Query generation: Security analysts create custom queries using a SIEM tool's query language or interface to search for specific events or patterns of interest. For example, they might query for all failed login attempts within a specific time frame. Query results provide valuable insights into historical data, helping analysts identify potential threats, vulnerabilities, or patterns of suspicious activity.

Elastic AI Assistant’s open framework enables users to adapt to the rapidly shifting LLM landscape — easily connecting to new models to facilitate comparison and the adoption of domain-specific models for different applications. Now Elastic users will be able to use large language models through Amazon Bedrock starting with Anthropic Claude 2. 

Amazon Bedrock offers an easy-to-use developer experience to work with a broad range of high-performing foundation models (FMs) from leading AI companies like Anthropic, AI21 Labs, Cohere, Meta, Stability AI, and Amazon. Users can quickly experiment with a variety of FMs in the playground and use a single API for inference regardless of the models they choose, giving them the flexibility to use FMs from different providers and keep up to date with the latest model versions with minimal code changes.

Claude 2 is a general-purpose LLM and the most capable system released by Anthropic to date. Claude is based on Anthropic’s research into creating reliable, interpretable, and steerable AI systems. Claude can be used for sophisticated dialogue, creative content generation, complex reasoning, coding, and detailed instruction. It can edit, rewrite, summarize, classify, extract structured data, do Q&A based on the content, and more. Claude is based on Anthropic’s leading safety research and is built with techniques including Constitutional AI. Designed to reduce brand risk, Claude aims to be helpful, honest, and harmless.

This means Claude 2 can read through prolonged log records and surface answers to related security questions.

Large language models are astonishing, almost magical. However, to provide an answer that applies well to a specific organization, the LLM needs relevant context. Without this context, a user receives generic information derived from publicly trained models. ESRE helps customers overcome these challenges by providing organizational context, grounding each answer in data that is unique to their organization.

The power of the Elastic AI Assistant lies in its ability to offer specific context, incorporating organization-specific information to address unique challenges. This personalized context ensures that the generated responses are not only accurate but also directly applicable to a team's needs.

Navigating the generative AI landscape is simplified with Elastic AI Assistant's user-friendly interface and one-click prebuilt prompts. Whether a user is seeking quick insights or addressing intricate security issues, the Elastic AI Assistant is designed to enhance efficiency and effectiveness in their daily task.

Next, we’ll take you through the process to get all of this set up.

Prerequisites

1. Create an account on Elastic Cloud by following the steps provided.

2. Log in to your Elastic Cloud on AWS deployment.

The Elastic AI Assistant is a superb complement to any Security Operations team. Coupled with Anthropic’s Claude model via Amazon Bedrock, organizations that avail of AWS services can get started with the Assistant in a matter of minutes, elevating a security team’s posture and eliminating mundane tasks.

Learn more about the AI Assistant or watch an end-to-end demo.