Button and his colleagues developed proofs of concept from three separate security information and event management (SIEM) suppliers. Elastic stood out for several reasons, including the ability to onboard new logs with little or no configuration. “We started out with a list of 13 log sources and onboarded all of them within three months. Now we have about 60 sources.”
Sitecore automated most of its workflows for two analysts handling 3,600 events a week, using Elastic as the heart of its Security Operations Center.
Sitecore has reduced the average time to fix issues from hours to minutes with Elastic.
Sitecore automated 96 percent of its security workflows, reduced average fix times to 12 minutes, and significantly improved analyst productivity by deploying Elastic.
How do you deliver a first-class digital experience for your customers when you are a large global brand? With Sitecore, organizations can manage international campaigns and massive volumes of content across digital touchpoints. Its customers, including major brands like L’Oreal, Microsoft, United Airlines, and PUMA, rely on Sitecore to deliver unforgettable, personalized experiences to millions of customers.
Safeguarding the systems that serve these clients is vital to Sitecore’s success. The company strives to mitigate all forms of digital threats, including malicious code and distributed denial-of-service (DDoS) attacks.
A shortage of analysts with the skills to manage advanced security environments compounds the challenges Sitecore faces. Adam Button, Head of Product Cybersecurity at Sitecore, says, “We are a relatively small company compared to some of our international customers. We needed to find a way to do more with fewer people.”
Button set out to automate Sitecore’s security workflows and enable different security teams, including engineering, assurance, and operations, to collaborate on shared problems when they arise.
Elastic also outperformed the competition when comparing search speeds for large data volumes. “When it comes to speed of search, Elastic stands alone in the industry. During the proof of concept, we tested with 16TB of data, and Elastic returned results in 0.6 seconds,” commented Button.
Button was also impressed by how quickly he could set up a use case in Elastic. “With other SIEM vendors, the lead time for a consultant to define need, write the scope of work, and complete the job could be weeks or even months. We can complete a use case in a day and avoid the professional service fees common among other suppliers.”
Since deploying Elastic Security, Sitecore has taken advantage of more than 400 use cases from the Elastic open-source community and has written more than 60 custom use cases.
Machine learning in Elastic APM also plays an important role. “We recently experienced a virus attack from overseas that generated thousands of hits. With Elastic machine learning, we created a use case in just one hour that protects us from this threat in the future.”
Button also says Elastic offers better value and more flexible licensing options than the other vendors Sitecore considered. “We really like Elastic’s pricing model. It is transparent, simple to understand, and fair when you need to scale up capacity.”
Elastic Security now sits at the heart of Sitecore’s Security Operations Center as a Service (SOCaaS) platform. “Keeping our data in one location gives us a single source of truth, which enables our security teams to collaborate and work more efficiently,” says Button. This also assists with application development. “As soon as we spot a deficiency in our systems, it is passed on to the development team to fix the problem.”
The platform has increased the efficiency of Sitecore’s security operations team, enabling the company to automate 96 percent of its security workflows, with an average time to resolution of 12 minutes. “One week, we managed a spike of 18,800 events with just three people. We probably would have needed 20 or more to cope without Elastic,” adds Button.
Sitecore has reduced the cost of retaining data in a quickly searchable store. “With a traditional SIEM, you keep data live or ‘hot’ for 30 days to make it searchable. With Elastic, we are hot for one day, warm for seven, cold for 30, and then we offload everything to our frozen tier. It massively reduces our storage costs,” says Button, while still powering faster historical analysis than competing solutions.
Elastic is also helping Sitecore transform security from a cost to a marketplace differentiator. By centralizing and automating workflows, the business can prove its security bonafides with prospective customers and demonstrate compliance with their security protocols. Button adds, “During a recent pitch, I spent an hour with the client explaining our security platform and the automation layer that drives it. It proved that we take security seriously and played a critical role in closing the sale.”
In the future, Sitecore plans to migrate to Elastic Cloud on Kubernetes. “We plan to go cloud-agnostic so that our customers can use any provider they want. Containerization will also help us speed up deployment and scale up or down to match workload variations.” In addition, Button hopes to use Elastic EDR (endpoint detection and response) and expand the use of Agent to ingest log data into Elastic.
Finally, Button stresses the importance of Sitecore’s partnership with Elastic, especially during deployment.
“The Elastic team genuinely cares that we get the most out of their technology and help us at every stage. When we were onboarding the system, two people were always available and got back with answers in a matter of minutes. It’s not just the technology—the team behind Elastic is second to none as well.”