Elastic announces Elastic Security for Cloud, delivering new posture management and workload protection capabilities


Elastic Security for Cloud is a new way to manage your cloud posture and ensure the security of cloud workloads. Elastic Security for Cloud expands the capabilities of the Elastic Security solution, extending visibility of the Elastic Security solution from endpoints to the cloud and building on the open and integrated approach and the rich security analytics capabilities already baked into Elastic.

With more than 85% of organizations moving to a cloud-first model and 95% of new digital workloads deployed on cloud-native platforms, according to Gartner, securing cloud environments is crucial to ensure sustained business innovation and growth. Whether it’s financial organizations moving to branchless banking or retailers improving customer experience via an omni-channel strategy, extending visibility into cloud environments to ensure availability and security of critical business applications and services is a key priority for businesses.

Introducing Elastic Security for Cloud

Elastic Security for Cloud expands the capabilities of Elastic Security into the cloud with the addition of new capabilities for risk and posture management as well as threat monitoring and workload protection — built from our acquisitions of Cmd and build.security. Customers can now use Elastic Security to monitor their cloud-native environments — from deploy-time to run-time — all in one unified platform.

This new functionality builds on the core security analytics and endpoint capabilities within Elastic Security. It leverages the integrations, detection rules, and machine learning models and extends them by offering native capabilities to monitor cloud environments for compliance with security benchmarks, as well as assessing runtime risk in cloud workloads. The new capability also complements the integrations that enable customers to ingest data from multiple cloud providers, such as cloudtrail, firewall logs, and other sources to observe, monitor, and secure the cloud.

Securing cloud workloads 

As new cloud-native architectures grow, they also introduce more complexities and dependencies on internal and third-party elements. This can result in a fragmented environment that’s difficult to secure, as many elements need to come together cohesively to ensure security. Additionally, hybrid lift-and-shift architectures are also common in many customer environments, while yet others prefer selective refactoring. Securing cloud environments must enable all these types of deployments, while also integrating into existing security workflows to minimize process gaps and enable faster cloud adoption.

Elastic secures hybrid cloud workloads and cloud-native applications with a lightweight agent powered by eBPF technology. This capability automates the identification of cloud threats with out-of-the-box MITRE ATT&CK®-aligned detection rules and machine learning models. These built-in rules can also be customized for customer-specific deployments. 

Detection is only the start. Investigation is one of the most time-consuming activities performed by security analysts. In recent research by Enterprise Strategy Group (ESG), it was revealed that 89% of organizations experience a negative outcome in the time between detection and investigation in cloud environments. The slower response times give attackers a competitive advantage in moving laterally, accessing unauthorized information, and data exfiltration. 

The new workload protection capability also includes a familiar terminal-like view integrated with contextual insights to speed up investigations. This view, called Session View, allows analysts to introspect process activity and better understand user and service behavior. It’s important to have this visibility so that you know exactly what actions were taken or attempted at the time of the incident. And the built-in response actions, integrated case management, and workflow integrations with security orchestration platforms automate and further accelerate the time-to-respond.

Manage cloud posture

According to a recent Elastic study, almost half (49%) of the organizations adopting cloud-native technologies anticipate that misconfigurations will be the root cause of breaches over the next two years. Elastic enables organizations to enforce cloud security posture for their Kubernetes assets (KSPM) and align deployments with industry benchmarks like Center for Information Security (CIS) controls.

The CIS Kubernetes benchmarks is a key first-step to hardening production Kubernetes environments and minimizing the exposed attack surface. The 300+ page guide documents a broad set of recommendations on securing control plane components (control plane node configuration files, API server, and more), worker nodes (worker node configuration files, kubelets), policies (RBAC, pod security, secrets, and more), and several other key elements.

This new multi-cloud capability enables customers to identify insecure configurations in kubernetes, the de facto standard for container orchestration, along with recommendations to fix any issues. It also provides customers with executive dashboards to help organizations gain near real-time visibility into their cloud risk. 

Elastic Security for Cloud accelerates innovation

Cloud-native architectures accelerate application scale and speed of innovation, but also introduce complexities and dependencies. A fragmented approach to security, with the ensuing tool sprawl and lack of integrated security workflows, further exacerbates the lack of skilled staff. Elastic Security includes cloud security as an integral part of the overall security solution, with a single pane of glass to manage the overall deployment — enabling customers to simplify their security operations and minimize the time to protection.

As the migration to cloud grows unabated, so does the business need to monitor and observe the availability and performance of cloud applications and services, while also securing them against attacks. Elastic provides this combined capability within a single platform that delivers both Elastic Observability and Elastic Security solutions. 

Getting started with Elastic 

Existing Elastic Cloud customers can access many of these features directly from the Elastic Cloud console. Enable the new cloud workload protection capability today by following steps outlined in this article. If you’re new to Elastic Cloud, get started with a free 14-day trial of Elastic Cloud. To guide your process, take a look at our Quick Start guides or our free fundamentals training courses.