Elastic scaled far beyond previous tools, dramatically increasing the number and types of events monitored. This gives OLX an expanded security view and helps them protect from threats. Elastic Security detection rules and Timelines will be used for faster incident response.
OLX chose Elastic Cloud on AWS to keep their highly skilled security team focused on security management and remove the additional work of managing their own clusters. As an AWS customer, OLX is able to keep Elastic Cloud close to existing AWS based applications and bill through their AWS account.
The OLX security team became aware of the Elastic Security solution offered as part of the Elastic Stack and thought it might address their needs. They started by downloading the Elastic Stack and testing the functionality of Elastic’s SIEM product and the ingest performance with Elastic’s ingest agent. OLX ran this initial testing within their AWS account, and the tests proved successful. The security team then reached out to Elastic for advice on the best architecture and implementation approach for a production deployment. As the security team prototyped their Elastic deployment, it was clear it could provide dramatic scale improvements over existing solutions. The security team also concluded that a commercial relationship with Elastic would provide them ongoing support and access to premium features such as alerting and anomaly detection—all important for the success of the project.
The next question for OLX was whether they wanted to run the Elastic Stack themselves or have Elastic run the clusters as a SaaS service with Elastic Cloud. As security practitioners, the security team saw the value of having the creators of Elasticsearch run the underlying Elasticsearch Service, freeing their time to focus on security issues. The security team could then work on building the integrations with security data sources and using Elastic Security for threat hunting and incident investigation. The time to value for their upgraded security solution within OLX would be significantly increased by choosing Elastic Cloud. To prove out this path, OLX opened an Elastic Cloud account through the Elastic Cloud listing on the AWS Marketplace. OLX got started in a few minutes with billing flowing through their existing AWS account. OLX continued to prove out the solution with Elastic Cloud using this flexible, pay-as-you-go model.
The Elastic and AWS partnership meant that OLX could deploy Elastic Cloud in AWS regions where OLX already hosted their applications. Elastic’s pre-built integrations with AWS services made it easy to ingest data from AWS services via Beats. Once the decision was made for Elastic Cloud on AWS, OLX decided to purchase an annual Elastic Cloud subscription through the AWS Marketplace private offer process, allowing them to apply the purchase against their AWS EDP consumption commit and leverage consolidated billing. OLX intends to leverage the Elastic Cloud support for AWS PrivateLink to provide private connectivity between Elastic Cloud on AWS and their security data sources. The collaboration between Elastic and AWS on Elastic Cloud means OLX can use their preferred tools from each company in a seamless way.
After implementing Elastic Security on Elastic Cloud, OLX was able to increase security related log collection capacity from 500 GB per month to over 10TB per month, an increase of over 10x. Asset monitoring coverage increased by 35%, improving the ability to investigate alerts in a unified view. Even with the dramatic increases OLX achieved in the amount and types of data utilized, OLX sees additional opportunity to provide expanded protection for the company and its users. The team has set a goal to reduce Mean Time To Response (MTTR) for security incidents by 30% using Elastic detection rules and search flexibility with the Timelines feature. They will use the new solution to achieve compliance requirements regarding PCI DSS. Looking forward, the security team wants to implement Elastic Security for endpoint security, providing a means to automatically protect the edge from threats like malware while efficiently centralizing data collection from agents.