Elastic has today presented EASE, a serverless security solution that uses AI to enrich existing SIEM and EDR tools. The platform is designed to help analysts identify complex cyberattacks faster by automatically correlating alerts and adding contextual information.
According to Santosh Krishnan, general manager of Observability & Security at Elastic, SOC analysts are overwhelmed by large numbers of alerts and lack AI support from their existing tools. EASE aims to address these issues without requiring teams to leave their familiar environment.
The solution includes time-saving dashboards, detection improvements, and measurable returns. This helps security teams demonstrate the business value of their activities.
AI-driven approach for existing tooling
The Elastic AI SOC Engine (EASE) already integrates with existing security tools such as Splunk, Microsoft Sentinel, and CrowdStrike. This means users do not need to completely replace their current infrastructure. The solution imports alerts via agentless integrations and then applies AI analysis.
At the heart of EASE is Elastic’s Attack Discovery technology, which correlates and prioritizes alerts. At the same time, an AI Assistant provides natural language queries and can add data from internal sources such as Jira, GitHub, and SharePoint to the investigation.
Transparency in AI choices
Elastic says users can choose from different LLMs, including their own models or an Elastic-managed model. All AI responses are recorded so it’s clear what data the conclusions are based on. Queries, answers, and token usage are fully logged.
IDC researcher Michelle Abraham, quoted at the presentation of the new solution, already sees the value of this approach. “Elastic is tackling a common challenge: how do you bring open and transparent AI into the SOC without starting from scratch?”
Market position amid competition
With EASE, Elastic, like other players, is trying to help SOCs deal with their abundance of information flows. Simply put, this is about data management from a variety of locations. The question is whether all data is ultimately needed to arrive at clear signals. In any case, some form of funneling is necessary, with Elastic opting for an AI option. Competitors such as Vectra AI are also introducing AI agents to combat alert fatigue.
The serverless implementation via Elastic Cloud should ensure that organizations can quickly get started with the new capabilities. Teams can gradually migrate to Elastic Security for their AI-driven security platform. The launch of EASE follows earlier work this year by Elastic on AIOps capabilities, again with the goal of reducing the number of alerts and increasing their significance.