NEW! Elastic Security 8.12: AI Assistant alert insights, onboard major CSPs

security-release-blog.jpg

With the new year in swing, we’re excited to announce that Elastic® 8.12 is now available! This release supports Elastic Security’s mission to redefine security operations by pushing the boundaries of what constitutes a SIEM. Our team is prioritized on elevating your SOC with intelligent, AI powered analytics and the 8.12 release is another step toward this reality.

What truly distinguishes Elastic is its all encompassing security analytics solution. When it comes to hosts, we're geared to offer value-added analytics and incident response workflows, regardless of the EDR in use. Furthermore, we are focused on delivering an unparalleled contextualized analyst experience for cloud security and establishing new benchmarks in fortifying cloud environments.

Some major features of this release include: 

  • Real-time alert insights from the Elastic AI Assistant

  • Effortless onboarding for the largest three cloud service providers into the CSPM integration

  • The ability to orchestrate endpoint responses with leading vendors

Elastic Security 8.12 is available now on Elastic Cloud — the only hosted Elasticsearch® offering to include all of the new features in this latest release. You can also download the Elastic Stack and our cloud orchestration products, Elastic Cloud Enterprise and Elastic Cloud for Kubernetes, for a self-managed experience.

What else is new? Check out the Elastic 8.12 announcement post to learn more.

Get intuitive, real-time alert insights with natural language interactions from the Elastic AI Assistant for Security

With the 8.12 release, Elastic AI Assistant can provide real-time, personalized alert insights — empowering security teams to stay one step ahead in the ever-evolving threat landscape. With the power of large language models (LLMs), the AI Assistant can process multiple alerts simultaneously, offering an unprecedented level of insight and customization. You can interact with your data by asking complex questions and receiving context-aware responses tailored to your needs. You can now ask the AI Assistant questions like:

  • “How many alerts are currently open?"

  • “Which alerts should I look at first?”

  • “Did we have any alerts with suspicious activity on Windows machines?”

This new capability enhances the way security analysts approach alert triaging. By engaging with your data using natural language, teams can get a straightforward answer on which alerts are the most critical. This results in a more efficient, effective security operation that is adept at navigating the complex cybersecurity environment.

videoImage

Unlock unified cloud security posture management across AWS, Google Cloud, and Azure

With Elastic Security’s 8.12 release, we’re excited to announce that our cloud security posture management (CSPM) capability can now seamlessly integrate with all three major cloud providers: AWS, Google Cloud, and the newly added Microsoft Azure. This integration streamlines the management of your security posture across these platforms, eliminating the need to navigate multiple tools. 

Deployment has been simplified dramatically, thanks to our integration with cloud-native Infrastructure as Code (IaC) tools like AWS CloudFormation templates, Google Cloud Shell scripts, and Azure Resource Manager (ARM) templates. Setting up your CSPM is now straightforward, requiring just a few clicks for a complete setup. This integration not only eases deployment but also ensures precise and efficient management of your cloud security. 

Furthermore, CSPM extends its capabilities beyond individual cloud accounts. It now enables the onboarding of entire CSP organizations across AWS, Google Cloud, and Azure, offering a comprehensive and consistent overview of your security posture across your multi-cloud landscape. This capability assures a robust and uniform view of your security posture across all environments, providing both peace of mind and unparalleled control — after all, you can’t protect what you don’t know about.

videoImage

Orchestrate response across endpoint vendors with Elastic Security

8.12 unveils a groundbreaking two-way integration with SentinelOne, empowering security analysts to seamlessly interact with the functionalities of a leading EDR provider. With our bidirectional response capability, users can take swift, proactive measures by isolating hosts directly from the Elastic platform in response to SentinelOne alerts. This functionality allows analysts to instantly respond to critical threats identified by SentinelOne, enhancing security posture for mutual customers. In addition, these capabilities allow teams to centralize and consolidate security operations, making it easier to manage and analyze all security data in one place.

This capability is in technical preview for 8.12 and is accessible via the Elastic Security Enterprise subscription tier on both self-managed and cloud deployments. We are excited to grow the list of integrations with leading endpoint response vendors as we continue through 2024!

When viewing an alert from a SentinelOne endpoint, analysts have the option to isolate the host from the Take Action menu

Additional enhancements

Enhancing collaboration and response with alert assignment

With the 8.12 release, Elastic Security fulfills a long awaited feature by extending investigation assignment to alerts. Rather than escalating an alert to a case so it can be assigned for further investigation, security teams can assign individual alerts directly to analysts. This allows security teams to better organize their investigations and reduces the number of cases that they have to open over a given period, which will contribute to a more effective workflow for analysts.

Preview and compare Elastic prebuilt rules updates

Elastic’s suite of powerful detection rules is constantly updated to remain efficient against the ever-changing threat landscape. In our commitment to open security and detection engineers, we’ve made it easier for users to understand what updates they’re getting out of the box. 

With the 8.12 release, users will see the prebuilt rule update and the currently installed rule version side by side, making it much easier for the security teams to see exactly what is being updated, estimate the impact of the change, and decide whether they want to apply the new version. This feature saves time and simplifies the rule update process so security teams can more quickly harness a more efficient SOC.

Updates to prebuilt rules are clearly laid out in the rule update flyout

Try it out

Read about these capabilities and more in the release notes.

Upgrading to a new release can be intimidating, which is why Elastic Security has many resources to help you navigate the process. In addition to Elastic’s Support team, there’s a lively community of Elastic users, experts, PMs, and developers available to everyone on the Elastic Slack and Discuss forums.

Existing Elastic Cloud customers can access many of these features directly from the Elastic Cloud console. Not taking advantage of Elastic on cloud? Start a free trial.

The release and timing of any features or functionality described in this post remain at Elastic's sole discretion. Any features or functionality not currently available may not be delivered on time or at all.