I’m a security analyst at Orange Business Services in Paris, and one of my current projects for the Orange Group is implementing a new SIEM based on the Elastic Stack. In this blog post, I’ll share why we chose Elastic and how we were able to integrate Elastic into our existing SIEM, resulting in faster investigations and saving our engineers’ time. So follow along.

What do an airline, the world’s largest retailer, the French government, Adobe, and NASA’s JPL have in common? They use the Elastic Stack to empower customers, communities, and, even, interplanetary exploration. With the Elastic Stack’s ability to take data from any source and in any format, and then search, analyze, and visualize it in real time, organizations can act quickly to improve customer experience and power critical systems.

Is enterprise data a benefit or a burden? Think about all of the data your organization generates and consumes in the digital age — from security event logs to application error messages, energy consumption to vendor contracts. There is so much, and all of it is usually stored in silos, making the data difficult to synthesize to provide better services, identify signals proactively, or make stronger business decisions.

We’re thrilled to announce that Elastic has been named a Leader in The Forrester Wave™: Cognitive Search, Q3 2021*, highlighting, in our opinion, our commitment to providing a set of tools that makes it quicker and easier to build great search experiences with Elasticsearch. In addition to receiving the highest score possible in the strategy category, Elastic also received the highest scores possible in the operations and market awareness criteria.

In a previous blog, we discussed how to monitor, troubleshoot, and fix high %CPU issues. We also revealed a system API that could have an unexpected impact on CPU consumption. In this episode, we’ll discuss another time-related performance aspect that is unique to security software: application startup time. You don’t need to be a developer to benefit from this article.

Users of Elastic Security are protected through numerous layers of protections against the REvil ransomware that affected Kaseya VSA and its customers. Elastic Security’s layered protections prevented 100% of the REvil ransomware samples tested before damage and loss could occur to the business. We believe that detections and preventions must be layered, as no single protection works 100% of the time.

We are pleased to announce the general availability of the Azure Private Link integration with Elastic Cloud. Azure Private Link provides private connectivity between your VNET (Virtual Network) and other Azure resources. Private Link simplifies your cloud network architecture and eliminates data exposure to the public internet by routing your data to private Azure service endpoints.

We’re excited to share that Elastic Security has been recognized in the 2021 Gartner Magic Quadrant for Security Information and Event Management (SIEM). Elastic Security is the latest Elastic solution to be recognized in a 2021 Gartner Magic Quadrant report, following the 2021 Magic Quadrant for Insight Engines and 2021 Magic Quadrant for Application Performance Monitoring.

The ability for security teams to integrate threat data into their operations substantially helps their organization identify potentially malicious endpoint and network events using indicators identified by other threat research teams. In this blog, we’ll cover how to ingest threat data with the Threat Intel Filebeat module. In future blog posts, we'll cover enriching threat data with the Threat ECS fieldset and operationalizing threat data with Elastic Security.

At Elastic, we internally use, test, and provide feedback on all of our products. For example, the Information Security team is helping the Product team build a stronger solution for our customers. The InfoSec team is an extremely valuable resource who acts not only as an extension of Quality Assurance/Testing, but also as a data custodian.