How defense teams turn data into mission outcomes

Leading defense organizations can connect information where it already lives, giving teams the ability to securely analyze and share insights across domains without changing sensitive systems. This distributed approach offers a better way to make decisions while laying the foundation for AI-enabled workflows in the future.

This article explores how defense teams are putting this approach into practice in the real world. Featuring customer stories from organizations including the US Army Corps of Engineers and leading aerospace and defense contractors, you’ll learn how a unified data layer built on search enables faster decision-making, stronger governance, and better support for missions that matter. 

Public sector organizations worldwide are using Elastic to operationalize their data, protect critical systems, and implement AI-enabled innovations. The Elasticsearch Platform provides a unified data foundation to apply AI consistently, improve public services, enhance data analytics and decision-making, enable cross-agency collaboration and data sharing, support geospatial analysis, and more. 

Read on to see how defense organizations are implementing distributed search and connecting information seamlessly across systems.

The US Army Corps of Engineers’ navigation portal project team supports safe, reliable, and efficient vessel traffic across the United States. Given the scale of its operations, even small improvements can produce major cost savings.

Improving efficiency was historically difficult for NavPortal. As its work operates on a project- and mission-based funding model, its tools are often siloed, its data systems are fragmented, and insights cannot be consistently derived across projects.

Operating across hundreds of ports and thousands of miles of waterways, the Army Corps accumulated decades of historical survey data, vessel traffic information from the Coast Guard’s Automatic Identification System (AIS), dredging records, and geospatial datasets from multiple external sources.

The core problem is geospatial precision. Survey points collected over time never perfectly overlap, making it nearly impossible to consistently study changes in channel depth or sediment accumulation.

Different data types — including single-beam surveys, multi-beam surveys, vessel traffic patterns, and dredging operations — existed in separate systems with incompatible formats. To make sense of it all, analysts needed expertise in a multitude of systems, from SQL to Oracle, AutoCAD, and more. 

Its problem went beyond tool sprawl. Analysts needed to connect systems manually. Fragmentation slowed decision-making, limited visibility across district offices, and made it difficult to predict where dredging operations were needed — a critical shortcoming when channel hazards can quickly become dangerous.

The Army Corps integrated Uber’s H3 global grid system with Elasticsearch to create a unified geospatial data platform. Elasticsearch is a distributed search and analytics engine equipped to handle structured, unstructured, and geospatial data at scale. Its geospatial capabilities enable fast search across location data using coordinates, polygons, and hexagonal spatial analytics. This makes it possible to store, query, and visualize spatial relationships in real time.

By converting raw survey points, vessel traffic data, and dredging records into standardized hexagonal bins at various resolutions — from continental scale down to one square foot — the team created a consistent spatial framework. Each hexagonal bin receives a globally unique identifier, allowing the Army Corps to track changes over time regardless of the original data source or survey type.

This standardization solved a core geospatial precision challenge. Rather than trying to match survey points that did not perfectly align, the Army Corps could aggregate data into consistent spatial areas and compare them reliably across variables like time, survey method, and data source.

Elasticsearch’s APIs enable secure data sharing across teams and projects without restructuring underlying systems, while its real-time analytics capabilities support immediate volume calculations and predictive modeling. 

By viewing channel depth alongside vessel traffic density through the same spatial framework, teams can optimize dredging priorities and resource allocation based on both current conditions and future projected needs.

Using Elasticsearch’s geospatial capabilities, the Army Corps can now:

• Compare and analyze geospatial data over time: Hexagonal binning allows consistent comparison across different survey types and time periods, delivering new trend analysis capabilities.
• Alert stakeholders when issues arise: When aggregated bins indicate sediment accumulation exceeding thresholds, the system triggers alerts to local entities, district offices, and headquarters.
• Predict problems before they happen: By tracking shoaling rates for each hexagonal bin, the Army Corps can project channel conditions six months into the future and pinpoint areas requiring maintenance before vessel groundings or safety incidents occur.

These hexbins have now effectively become a data integration framework for the Army Corps, delivering a new way to unify survey data, AIS traffic, dredging metrics, and predictive analytics into a single spatial-temporal system that keeps channels open, safe, and efficient.

SNC is a global aerospace and national security contractor supporting critical defense and government operations, spanning aircraft modification and integration, space systems development, and cybersecurity technology products.

For an organization operating at this level, robust cybersecurity is essential to meet contractual and regulatory requirements. Strict government oversight, paired with the need to maintain citizen trust, places pressure on the organization’s wide-ranging operations.

As SNC expanded, so did the complexity of its threat landscape. The organization needed a scalable, secure way to monitor and respond to threats across increasingly distributed environments — all without relying on external managed service providers to protect its most sensitive systems, intellectual property, and Controlled Unclassified Information (CUI).

SNC’s existing security information and event management (SIEM) solution, managed by a third party, was struggling to keep up with modern defense operations. 

“The legacy system was sluggish and expensive,” explains Doug Russell, director of data integration strategies at SNC. “Running queries was a cumbersome process.”

Investigations requiring fast answers were regularly taking several minutes, presenting a critical liability in a threat environment where the speed of detection can directly determine the severity of impact. Beyond raw performance, SNC’s legacy setup created serious operational blind spots. Analysts lacked the correlation capabilities needed to connect security signals across environments, limiting their ability to detect and contain threats before they caused real damage. 

Above all, SNC’s own cyber team couldn’t fully see into or control the systems it was relying on to protect sensitive defense information — posing a critical risk for a contractor working under strict government regulations. 

SNC’s team ran Elastic Security concurrently with its existing solution to evaluate it firsthand. Elastic Security is an open, AI-driven platform that unifies SIEM, XDR, and cloud security into a single solution. This enables teams to detect, investigate, and respond to threats at speed and scale, all without data silos or bolt-on complexity. For SNC, the results were immediate.

“The difference was like night and day,” says Russell. “Elastic’s speed and querying capabilities within our environment blew us away. The ability to visualize data using Kibana dashboards was also impressive.”

Due to performance, SNC migrated to Elastic Security and built a robust, in-house security operations center (SOC) on top of it. With Elastic as its central SIEM, SNC’s cyber team could now directly analyze, investigate, and act on security data without routing sensitive information through a third party. Role-based access controls and operational separation ensured the right people could see the right data while maintaining overall information security.

Elastic Security enabled SNC to automate a significant portion of its alerting workflows through the Case Management feature, reducing manual overhead and freeing analysts to focus on higher-value work.

“Elastic has helped us alleviate pressure on our security analysts while facilitating smoother data access,” says Russell. “This enhanced speed is crucial for adhering to our strict SLAs with clients and ensures we remain within compliance boundaries.”

Elastic also addressed SNC’s strict data retention requirements through storage efficiency, enabling rapid retrieval of older data from cold and frozen storage tiers.

Consolidating multiple security tools onto a single platform simplified day-to-day operations. For instance, analysts investigating malicious IP addresses no longer need to pivot across separate systems for a complete picture. “Elastic elegantly addresses our requirements without unnecessary complexity or cost,” Russell explains.

Collaboration between SOC and incident response teams improved significantly as well. “Previously, sharing information involved exchanging numerous links,” says Roderick Bickert, cybersecurity manager at SNC. “With Elastic, we can send a single link that directs people to all available information. Viewing everything within a unified platform significantly streamlines workflows.”

With Elastic Security as its foundation, SNC:

• Reduced query times from minutes to seconds, giving analysts the power to stay within strict internal and client-facing SLAs and respond to threats before they escalate
• Scaled data ingestion tenfold, processing the equivalent of a terabyte of security data each day without compromising performance
• Detected and neutralized zero-day threats proactively, identifying and containing attacks before they were publicly announced, strengthening SNC’s overall security posture
• Launched a new revenue stream via Defensible Security, a managed security service for defense contractors built on Elastic Security and Microsoft Azure Government Cloud
• Strengthened collaboration between SOC and incident response teams, replacing fragmented, multi-platform workflows with a single unified view

As Russell states: “We can find threats quickly and alert clients before they have an inkling of what's going on in their environment. Other players in the defense sector haven't been able to keep up with us from a cybersecurity perspective."

Looking ahead, SNC plans to deepen its use of AI and machine learning within the SOC — leveraging Elastic Security’s anomaly detection capabilities, user entity behavior analytics (UEBA), and integration with external machine learning models to further automate threat identification and response. 

Regardless of data volume, SNC can now store everything in a single central location. Cassie Cagwin, senior cybersecurity data science manager at SNC, notes, “Elastic continues to play a central role in our AI security initiatives.”

As one of the world’s largest aerospace and defense companies, this multinational aerospace organization knows that technical precision and operational readiness are essential. Engineers, technicians, and program managers depend on immediate access to accurate documentation to maintain programs, meet deadlines, and ensure mission success. But as the organization grew, so did the complexity of finding the right information when it mattered most.

Documentation was often scattered across SharePoint sites, file shares, email archives, and dozens of disconnected repositories. Engineers frequently resorted to asking colleagues directly or maintaining personal notes just to keep track of procedures. Without unified search, employees wasted valuable time chasing down documents or even duplicating them by accident. 

The challenge intensified as one division alone accumulated more than two million documents across 50 to 60 sources, ranging from engineering command media to lessons-learned reports and other critical files.

Although the organization had the right documentation, it didn’t have an easy way to find it. Engineers needed instant access to build instructions, test procedures, policy references, and technical specifications, but they had no unified way to search for them across systems. 

Version sprawl compounded the issue. With no authoritative source of truth, teams couldn’t verify they were working from the most current specifications. This itself created new risk, especially in mission-critical contexts where outdated information could lead to safety concerns or very costly delays. New hires faced weeks of onboarding, during which they learned which repositories to search and how to navigate fragmented systems.

The organization needed a solution to unify access to technical documentation, support both precise keyword queries and exploratory semantic search, and lay the foundation for future AI-driven capabilities.

Several years ago, the division began building a custom enterprise search application on the Elasticsearch free and open source stack. The team has since upgraded, leveraging advanced AI capabilities including Elastic’s embedding model, ELSER, and native support for retrieval augmented generation (RAG) pipelines.

Elasticsearch is a distributed search and analytics engine designed to handle structured and unstructured data at scale. Its hybrid search capabilities allow users to combine keyword precision with semantic understanding, making it possible to search for exact part numbers or policy references.

“The main focus of the application is indexing technical documentation," says a lead developer on the project. "This is essential because it tells an engineer how to do their job. By indexing directly from original sources, we give engineers confidence that what they find is current and correct.”

The application now supports more than two million documents and processes 30,000 searches each month. Engineers can use hybrid search to balance precision and exploration. The Elasticsearch Platform delivers significant value on shop floors, where technicians use it to access, build, and test instructions in real time.

“Elastic has enabled us to build a curated, bespoke search engine tailored to specific use cases,” says the lead developer. “The result is cleaner, more accurate results.”

In addition to enterprise search, Elasticsearch provides support for generative AI. The team uses RAG pipelines and ELSER to vectorize datasets and experiment with AI-driven assistants while basing all responses on authoritative documents.

“Other tools required bolt-on capabilities to support semantic search and vector databases,” explains the lead developer. “Elastic provides these features natively within an open, scalable architecture.” 

Using Elasticsearch, the aerospace organization:

• Improved operational efficiencies in mission-critical contexts: The organization implemented hybrid search and now supports more than two million documents and 30,000 searches a month.
• Eliminated document sprawl and duplication: By consolidating enterprise search, the organization accelerated access to critical information while keeping data grounded in authoritative documents.
• Built a foundation for AI-driven innovation: The Elasticsearch Platform provides integrated support for generative AI and other AI innovations such as AI-driven assistants and Elastic's embedding model, ELSER.
• Streamlined onboarding: Increased operational efficiency centralized documentation, helping new hires quickly locate and process documentation.

“The application has been a great success thanks to its ease of use and the reliable support and partnership we have with the Elastic team,” says the lead developer.

The application is evolving into a company-wide knowledge platform that ingests documents across the enterprise and enables tailored search for specific business areas. The team can now develop and demo RAG-based prototypes using generative AI models, showcasing how Elastic supports multi-agent systems and decision support in highly regulated environments.

Looking ahead, the team envisions expanding the platform to support both small, specialized document sets and large, complex datasets. “As we support future projects, including missions to the moon and Mars,”  says the lead developer, “Elastic keeps us at the forefront when adding new tools like AI assistants, knowledge-based decision support, and scalable search.”