KuppingerCole's Advisory stands out due to our regular communication with vendors and key clients, providing us with in-depth insight into the issues and knowledge required to address real-world challenges.
Unlock the power of industry-leading insights and expertise. Gain access to our extensive knowledge base, vibrant community, and tailored analyst sessions—all designed to keep you at the forefront of identity security.
Get instant access to our complete research library.
Access essential knowledge at your fingertips with KuppingerCole's extensive resources. From in-depth reports to concise one-pagers, leverage our complete security library to inform strategy and drive innovation.
Get instant access to our complete research library.
Gain access to comprehensive resources, personalized analyst consultations, and exclusive events – all designed to enhance your decision-making capabilities and industry connections.
Get instant access to our complete research library.
Gain a true partner to drive transformative initiatives. Access comprehensive resources, tailored expert guidance, and networking opportunities.
Get instant access to our complete research library.
Optimize your decision-making process with the most comprehensive and up-to-date market data available.
Compare solution offerings and follow predefined best practices or adapt them to the individual requirements of your company.
Configure your individual requirements to discover the ideal solution for your business.
Meet our team of analysts and advisors who are highly skilled and experienced professionals dedicated to helping you make informed decisions and achieve your goals.
Meet our business team committed to helping you achieve success. We understand that running a business can be challenging, but with the right team in your corner, anything is possible.
Markus Malewski, Head of SOC / SIEM at thyssenkrupp gives an insight how thyssenkrupp re-formed the Security division after the Winnti attack in 2016, why the company is so well prepared for current and future challenges and how the solutions of Elastic help to achieve those. Jörg Hesske, AVP CEMEA at Elastic shows how Elastic Security helps SecOps teams to protect their company against threats quickly and precisely with an integrative security approach.
Markus Malewski, Head of SOC / SIEM at thyssenkrupp gives an insight how thyssenkrupp re-formed the Security division after the Winnti attack in 2016, why the company is so well prepared for current and future challenges and how the solutions of Elastic help to achieve those. Jörg Hesske, AVP CEMEA at Elastic shows how Elastic Security helps SecOps teams to protect their company against threats quickly and precisely with an integrative security approach.
Yeah, I'm very pleased to talk about our collaboration with CEL today at ACOP a coal cyber security leadership summit, and we are working with CEL elastic for at least four years. We, that is ACO information management. Okay.
Europe, could I ask you to move to the next side? Thank you much, many nodes steel as a steel producer. Let's Europe's largest mil and indu book, but we can do more. We develop products and services for various industries and market segments just diversified industrial group, the numbers locations worldwide, and from our, from from security point of view, that brings visit a lot of challenges.
For example, in the area of compliance and governance, when it comes to strict observance of policies, laws, and regulations, but also when it comes to implementing security monitoring approach, the tool landscape must scale both on, in terms of performance with increasing event volume and compliance requirements like such as user or world concept. And last but not least of course, the license model, but how did we become aware of elastic? Therefore you need to know two things first that elastic search can be used to search, analyze, and visualize vast amount of data.
And second thing you need to know what happened at almost four years ago. So let's look back at the year 2 20 16, we became the target of, of the east group wi professional and organiz very organized group and supposed to be state sponsored. And by the way, in 2019, the report has been published that other ducks companies were the target of this, this PT group, as where PT means advantage assistant threat. Okay. Back to 20 16, 20 has penetrated network.
Of course, at that beginning, nobody knew that it would become a PT and just that. So computer emergency response team already had a small zoom solution in use and further investigations quickly, quickly made it clear that it was not enough, many more devices had to be connected to the small theme installation, but it was not sized for it at that time.
So following the need to know principle and event management solution had to be found to handle the huge volume of events, the elastic stack, or Alexei stack, what it was called at that time, open source, high scalable, simple license model and awesome community. I have worked with elastic lock stage in Keyana since the end of 2011. At that time, elastic did even not even exist or nor the Alexei as Alexei Alexei. At that time, there were three independents open source projects, but let us ask York who is elastic and what is the stack in detail?
Well, markers, thank you very much for the introduction and, and your words. And, and also for the partnership for such a long time. Many of of you in the audience here will have never heard of elastic. Some of you might have heard of elastic, but I guarantee you that every one of you is using elastic on a day to day in your business life and in your private life. And I give you a couple of examples that help you understand that if you book an Uber car, then elastic is the technology who finds the driver and matches that with the passenger.
If you look in platforms like auto eBay or Wikipedia, the search that is power powering these platforms, the technology is, is elastic. If you use your mobile phone, then elastic helps monitor the, the radio masks and make sure that the service is up and, and running. Or if you use your car and you're, and you're using microservices like your navigation system or Spotify in your car, all these microservices are, are monitored with elastic technology, or one of the other of you in the audience might use Tinder and elastic helps you to refine the, the perfect match.
It all comes down to, to that. We are a search company and digital transformation has all to do with data and the increase of data. And that's not, that's no news. And we all talk about the, the new oil, but we all agree that the data is getting more and more. And we are looking into this data into vast amount of data at scale, and in the high performance, the company behind that was founded in, in, in 2012. And Marcus just said that he worked with, with the technology already before that.
And we have now 40 we're located in 40 countries have over 2000 employees and customers in hundred countries are, we actually were founded in, in the Netherlands. And we now have headquarters in Amsterdam in mountain view and in Singapore, and are publicly traded and with a pretty significant market capitalization already, which we, which makes us very proud. The technology behind that is what we see here in the middle, basically with B DPP. And Lockte actually the technology to get data into the, the elastic search platform.
Elastic search actually is doing the search obviously, and then Keana is working. It helps you visualize, visualize the data. And basically what we are talking about is here the data life cycle. And with that, we mean, first of all, we have to make data visible. We have to look into what can we, what are the insights in that data?
You know, what is the relevance of that data and drill really pick the relevant data and not everything. And with the, with the increasing data, that's actually a difficult task to do. And then obviously you want to take action out of that. You take the relevant data, and then what is the action behind that, that you, that you then do with your, with your team? And you want to have that as a feedback, and that enables you to have actually a continuous learning out of that data. And that is actually what the elastic stack is, is, is made for.
And in the solution areas you see on top is we have three solution areas. This one is elastic, enterprise search. And there we are looking into, if you have a web shop, that what is your traffic doing there? What are your customers doing?
If you use a CRM, what data or email, all this data we make searchable and, and, and usable then, and on elastic observability, we're talking about what I said, monitoring the microservices in the car as an example, or also monitoring applications with our APM solutions, making sure that which is even in COVID times is even more relevant because people work more and more remote from home offices. And you want to make sure that their applications are up and running and you have a high performance.
And then last but not least, if you talk about large amount of data and you talk about the ever increasing amount of data, then security is becoming more and more important to this obviously. And if we think about our security approach is we highly automate that. Working with the data we work with machine learning, or have machine learning solutions or automated dashboards and, and all this. And basically the important thing is if we, if we understand that, where does the data come from? First of all, you know, and we handle all sorts of data.
If it's email data, or if it's endpoint data, if it's sensor data, which is gonna be more and more data of cars or in the case, OFTU cope. Think about all the equipment that is used and how many sensors are used in there. And these are all becoming very important in terms of security. The more data you have, the more important is the secure security of your data. And this is what we are we're, we're basically focusing on. And if you guys say we are focusing on, obviously we cannot do that all alone because we have to make sure that we have a very good ecosystem.
And the logos you see here are just a couple of partners that we are using on the left hand side, you see where the data's coming from and, and a couple of partners that, that we have open APIs with and that they all can can double down on, on the elastic stack. And basically on the, and on the right hand side, you see the orchestration tools or the ticketing tools and, and all the vendors there. And basically what that means is with our open source platform, what customers are getting is our own developers.
Then all the developers that are in the community and are working in these, within these partners to make a real solution out of that. And basically also with our channel partners, solution integrators and value added resource MSPs and MSPs, especially. And then we have the whole community of our customers and Marcus, I know that you are very active and you mentioned it already. You're very active in the community. Maybe you say a couple of words, what are you doing there? What are you getting out of that?
Yeah, I told you communities, the community is awesome until you get it right. You are a threat hunter. Then you should check out. For example, ha the hunting stack, it's the first open source hunting platform with advanced analytics capabilities, for example, the soft E so security, operations and forensics E by the way, that is also used in security trainings, organized by the Zs organization.
For example, if you don't know Zs, it's one of the most trusted and by far the largest sources for information security trainings, or are you looking for solution for your Z and security torsion detection systems, then you should have a look on work as, and for example, so you can use, you can see in the community is using as underlying technology, always this search stack also when it comes to vulnerability management.
So can, if you have different vulnerability management or scanning systems, you can bring them all together in one tool in this underlying elastic stack, like this volume, this power communication, or yeah, ZMA for example, are you operating Zs from different vendors in your environment? And you are tired of tired by rewriting all the, the different use cases rules you have for the different Zs.
Then you should, should have a look on ZMA for example, that some unified form to write a use case and your old and with one mouse click, you can transform it to the language that your Z solution does understand. And I think let's be enough for today about the communities. You will find all this communi stuff on GitHub. So feel free after this, to discover all this fancy and really cool projects that has been delivered, developed by security experts. But I think there's much more you can discover also from, so what else should we know about holistic? Yeah. Thanks. Thanks Marcus.
It's, it's really incredible how active you are in the community. And, and there's so many members in there it's, it's really outstanding.
What we, what we as a company also get, get, get out of that and the really fast development that we're getting out of that if we, if we put that all together in solutions. And, and basically we put that in, in the case of chosen group, we've been working for a long time together and that's, and at the end of the day, if you work on the such a project, it takes a couple of, of points that, that we also deliver besides the technology. It's actually the management commitment, you know, and being open on product development. And if Marcos has requests, then he can send them in.
And we are working on that in, in our product development team, but also he gets obviously our support from, from the management team. And then also we are making sure that we do the, the delivery and then delivery of technology, but also knowledge because to run such a platform within a big organization, like group is a hell of a challenge. And we deliver training and technical account measure and all that.
And obviously also 20 24 7 support and, and everything that is needed, if something goes wrong, which can happen as you showed in your experience from 2016, then I think it's the matter of how fast you get support from our site and how fast we can actually fix, fix an issue. And with that, Marcus, I would hand it over to you back to you and hear about more after that.
What, what were your strategies and your tactics, how you were, have been working on this? Yeah, thank you. Yeah. Back to our PT, of course, after we have cleaned up all the systems and have did some time of house care cleaning as right of the hack tech, just decided to set up an in-house so and team service and established through the whole group. So like kind of central solution.
So far the strategy, economic and efficiency, of course, that is always one of the demands from our management, but from the tactical, the whole things looks like, like this in parallel parallel to the SIM setup, the, a cluster as data lake was also developed on the one hand, the reason for that it was to meet the requirements of security monitoring, but also on the other hand to meet the requirements of the security of the, of the third team and of course, extension of the data reaction possibilities, which was also desired by our customers so that we not only logging all the events from the different data sources into our Z, but also there's a requirement for responding much more quicker on possible security incidents.
So the challenge on management side is of course, to achieve cost balance, which we between increasing volume of events and higher protection requirements. So how we did, how can we achieve that? There are a couple of, of technologies and techniques we can use for that. One of the advantage advantages is of course measuring learning approach is supervised and unsupervised learning, but best is with you do not, don't need to be the data science because of this built in tools like data visualizer, help finding the outliers you are looking for, or with the fleet management.
It makes it quite easy with the unified agent. You will keep control of the beads and the, the IDR agent in your environment, start on normalization and mapping those events to the attack framework that matters. It offers quite good reporting capabilities as well. So they have this in attack model framework. I don't know, even know that you have 12 different tactics and the more than hundred underlying techniques, the decision. Yeah. Yeah. And also one of the interesting parts here with this EDR, you can directly choose the detection on the end points.
So you don't need to ship millions or billions of events per day to a central team solution. So only you have the detection capabilities on your local host, and then you can send only the alerts to, to a zoom solution that matters for your, for your money to, okay. Yeah.
Jo, could you please go to the next slide? Thanks. Yeah. Wrap up in summary, this elastic stack we con we could, or we can consolidate our tool landscape and reduce the number of tools to review vendors that simplifies not only the operation of the platform, but also support, but also the support request from the vendors. So I don't have to handle my, my, my problems are the issues I'm facing with my tools with different vendors. So have a single point of contact for that. Also cost production is not only through the license model model, but also in employee training.
So you can imagine if I have only a few tools when I have, I have new colleagues in my team, I'd only need to train them for one or two or for a few vendors. So that's all for my side. Thanks for your listening. And I hope that there's the time to left. Still time left to answer your questions.
