1 Introduction
It is a well-known fact that for many organizations, increased investments in cybersecurity do not provide any easily quantifiable return: while spending on security tools continues to grow, the number and scale of data breaches and other incidents do not show any signs of decreasing. The most common explanation for this problem is the notorious skills gap – the growing shortage of security professionals needed to operate those security infrastructures.
However, what are the root causes of this shortage? First and foremost, the exponentially growing complexity of modern IT infrastructures. Thanks to the adoption of cloud services, the digitalization of manufacturing, and the recent rapid increase in remote workforce, modern corporate networks are becoming more heterogeneous, distributed, and open, leading to the exponential increase in the number and sophistication of security incidents.
Second, the number of deployed security products has increased as well – a large enterprise may easily have over 100 security tools owned and operated by disjointed teams. Last but not least, the sheer amount of security telemetry generated by those tools is adding unpredictable storage costs to the existing logistical nightmare, forcing many companies to limit collection and retention of this crucial data.
In a way, organizations are facing a profoundly difficult dichotomy – should they limit coverage of their infrastructures by security tools and let attackers slip through the gaps, or should they let their analysts drown in thousands of alerts, not having time to respond to each one properly? To address this paradox, the cybersecurity market offers a broad range of potential solutions including managed security services, decision-support tools powered by machine learning, or specialized security monitoring and orchestration solutions that can partially automate certain aspects of incident response.
However, all those tools inevitably further increase the overall complexity and cost of cybersecurity architectures. A potential alternative approach that could prove that the dichotomy mentioned above is a false one, would be a vertically integrated solution that can replace multiple specialized security tools (or at least make them work better together) with a single, open, and extensible platform for collecting, processing, and analyzing security events. Such a platform should be able to scale to any amount of collected data and operate on any on-prem or cloud infrastructure.
Elastic is a software company headquartered in Mountain View, California. Founded in 2012, Elastic is primarily known as a search company, offering both self-managed and SaaS solutions for search, logging, and analytics use cases. As the primary developer of the popular open-source Elastic Stack, which combines the Elasticsearch search engine and Kibana data visualization framework with powerful data ingestion and processing capabilities, Elastic offers a broad range of products and services for such applications as enterprise search, business analytics, infrastructure monitoring, application performance management, and others.
Although some customers have utilized the Elastic stack as a foundation for their security analytics projects for years, in 2019 the company has finally released its own vertically integrated security solution. Elastic Security combines SIEM, endpoint security, and threat hunting functions with the existing collection, search, and visualization capabilities of the core platform, all under a single license.