Elastic expands cybersecurity portfolio with SIEM solution

Elastic has decided to continue to enter the cyber security market with the launch of a new product. The SIEM solution, used to detect threats in enterprise networks, will be part of the new version of Elastic Stack.

SIEM stands for Security Information and Event Management. The solution, Elastic SIEM, initially becomes available as a beta, writes Silicon Angle. This version will be published in Elastic Stack, a product bundle with the company’s open source data management and analytics tools.

The core of the suite is the widely used Elasticsearch search engine, which enterprises use to help their employees navigate through internal information repositories. The suite also includes extensive data processing features, making it a popular tool for threat analysis as well. Organizations such as Slack and Cisco’s Talos group have built their entire security infrastructure on top of this.

Elastic SIEM

Elastic SIEM extends the core capabilities of the suite with additional functions. Those features are designed to simplify the work of network protection teams. The product is accessible via a new dashboard in Kibana, a data visualization tool that comes with Elastic Stack. The dashboard is divided into three views, each of which focuses on a different part of the workflow when searching for threats.

The first view is Timeline Event Viewer, a workbench for investigating potential breaches. Security professionals can use a search bar to find objects like applications that behave badly, and drag them to a query builder to search for suspicious activity. The tool allows users to keep evidence of a breach, add related information and add notes for colleagues.

The data that comes up via the Timeline Event Viewer can also be accessed via the other two views. One of them is Hosts, which tracks server activity. The second view is available under the Network tab and allows users to monitor network metrics. For example, how much data is leaving the business network.