We’re excited to debut the major advancements we have made to our integrated threat prevention, collection, detection, and response solution — Elastic Security — at RSA Conference 2020 in San Francisco this week.
Earlier this month, we released Elastic Security 7.6.0 — a landmark toward providing a comprehensive, unified threat protection and security analytics solution.
At the core of our solution is open source Elasticsearch — which itself went through several improvement upgrades in version 7.6. In Elastic SIEM, Elasticsearch powers a new SIEM detection engine that automates threat detection and comes equipped with prebuilt rules aligned with the MITRE ATT&CK™ framework to identify both known and unknown threats. The detection engine makes everything you may surface immediately actionable, with signals, alerts, timelines, and a newsfeed all guiding your security team to prioritize tasks.
Anyone who has worked on a legacy SIEM knows running a simple query can be an arduous task, taking hours or even days. We want to reduce your mean time to detect (MTTD) to zero. Elastic Security provides your organization with the most advanced enterprise protection technology alongside the ability to surface threats that would otherwise be missed. With Elastic SIEM, you can find threats in near real-time and remediate them with a single click.
In addition to automating the centralized detection of threats in Elastic SIEM, we will be showcasing our protection capabilities on Windows, macOS, and Linux. New out-of-the-box detections leverage deep visibility into Windows hosts, and at a level that surpasses even Microsoft’s own visibility, to detect attempts to capture keyboard inputs, load malicious code into other processes, and more. Practitioners can pair events generated by detection rules with automated responses (e.g., kill a process) to achieve layered prevention.
Our General Manager and head of Elastic Security, Nate Fick, describes it best: “Not only do security operations teams need more network access and user data, but they also must collect and correlate that data into usable information to simplify security operations. The convergence of Elastic Endpoint Security and Elastic SIEM into a single solution enables organizations to prevent targeted attacks in real time, while providing needed visibility into security risks as they develop to fast-track response actions before damage and loss.”
Key features that Elastic will demonstrate at RSA include:
Comprehensive, data-driven analytics
Correlate events and log data from any source to detect threats proactively with machine learning and analytics across server, network, cloud, and endpoint data. Respond at scale to isolate a single compromised endpoint or remediate an attack across an entire environment with a single click.
Faster response with fewer resources
Elastic Security visualizations can pinpoint the origin, extent, and timeline of an attack with real-time analysis of file, registry, user, process, network, DNS data, and more. Analysts are empowered to determine root cause in minutes and take immediate action without ever leaving the page.
Automated security operations at scale
Elastic streamlines advanced capabilities such as security analytics, EDR, incident response, and threat hunting with a user experience and workflow that Elastic security researchers have designed precisely to solve real-world SOC use cases. With a focus on workflow automation driving the most efficient use of an analyst's time, incident responders and threat hunters will find their day-to-day roles free of repetitive tasks — with more time spent solving critical problems and investigations.
If you are attending RSA, come find us. Stop by the Elastic booths — #1427 and #2227 — to say “heya” and learn more about how we can help your security team work towards entirely new levels of collaboration and protection. If you can't make it to RSA, you can still give our Elastic SIEM demo a try, or register for our Elastic Endpoint Security early access program.