Press ReleaseDevice & IoTThreat Detection & Defense

Elastic Upends Traditional SIEM with Next-Gen Security Analytics Powered by AI

Photo of CSA Editorial CSA Editorial Send an email May 9, 2024
3 minutes read

Elastic (NYSE: ESTC), the Search AI Company, announced Search AI will replace the traditional Security Information and Event Management (SIEM) with an AI-driven security analytics solution for the modern Security Operation Centre (SOC). Powered by the Search AI platform, Elastic Security is replacing largely manual processes for configuration, investigation and response by combining search and retrieval augmented generation (RAG) to provide hyper-relevant results that matter. The newest feature, Attack Discovery, triages 100s of alerts down to the few attacks that matter with a single button click, and returns results in an intuitive interface, allowing security operations teams to quickly understand the most impactful attacks, take immediate follow-up actions and more.

Elastic’s AI-driven security analytics is built on the Search AI platform, which includes RAG powered by the industry’s foremost search technology. LLMs are only as accurate and current as the information they leverage: their underlying training data and the context provided with the prompt. As such, they require rich, up-to-date data to deliver accurate, tailored results — and efficiently gathering this confidential knowledge requires search. Search-based RAG delivers this context automatically and eliminates the need to build a bespoke LLM and constantly retrain it on ever-changing internal data.

Attack Discovery uniquely leverages the Search AI platform to sort and identify which alert details should be evaluated by the LLM. By querying the rich context contained within Elastic Security alerts with the hybrid search capabilities of Elasticsearch, the solution retrieves the most relevant data to provide to the LLM and instructs it to identify and prioritise the few attacks accordingly. This includes data such as host and user risk scores, asset criticality scores, alert severities, descriptions, and alert reasons.

“The Cyber Security Agency of Singapore revealed that two in five businesses in Singapore lack the manpower and resources to adopt the full recommended suite of cybersecurity measures, despite four in five businesses being hit by a cybersecurity incident over the past year,” said Ravi Rajendran, Area Vice President, Southeast Asia and Greater China at Elastic. “Attack Discovery will empower businesses to slash the resource burden, freeing security teams from the grind of low-level tasks. This allows them to focus their expertise on what matters most: responding to and mitigating real threats.”

“Cyber incidents in organisations can become incredibly costly. Data loss and theft, reputation damage, and the expense of late-stage incident response measures can irreversibly impact a business, particularly for small and medium-sized enterprises,” said Asjad Athick, Cybersecurity Lead, Asia Pacific and Japan at Elastic. “Beyond the immediate cost of recovery, there’s the potential for hefty fines and legal repercussions depending on the type of data compromised. The longer it takes to detect and respond, the more severe the consequences become. This is why proactive cybersecurity measures are crucial for businesses to protect their public image and ensure survival in today’s ever-evolving threat landscape.”

Within most SOCs in Singapore today, analysts triage thousands of alerts individually on a daily basis – a critical yet time-intensive process to distinguish true positives. Much of this work is dull, time-intensive, and error-prone. Elastic Security removes the need for such manual effort. Attack Discovery triages out the false positives and maps the remaining strong signals to discrete attack chains, showing how related alerts are part of an attack chain. Attack Discovery uses LLMs to evaluate alerts, taking into consideration severity, risk scores, asset criticality and more. By delivering this accurate and fast triage, analysts can spend less time sifting through alerts and more time investigating and addressing threats.

Since its release in 2019, Elastic Security has grown to include some of the industry’s most advanced analytics capabilities, including 100+ prebuilt ML-based anomaly detection jobs to detect previously unknown threats. Last year, Elastic introduced Elastic AI Assistant for Security to help SOC analysts with rule authoring, alert summarisation, and workflow and integration recommendations.

Availability
Attack Discovery will be available to all customers with an Enterprise license as part of the Elastic 8.14 release.

Tags
Photo of CSA Editorial CSA Editorial Send an email May 9, 2024
3 minutes read
Photo of CSA Editorial

CSA Editorial

Launched in Jan 2018, in partnership with Cyber Security Malaysia (an agency under MOSTI). CSA is a news and content platform focusing on key issues in cybersecurity in the region. CSA is targeted to serve the needs of cybersecurity professionals, IT professionals, Risk professionals and C-Levels who have an obligation to understand the impact of cyber threats.

Related Articles

Financial Phishing

Financial Phishing Continues to Be Menace to SEA Companies—Kaspersky

November 28, 2024
Keeper Security

Williams Racing Chooses Keeper Security to Safeguard Data in Formula 1’s High-Stakes, Data-Driven World

November 28, 2024
resilient cybersecurity frameworks

Beyond Legislation: How Businesses Can Build Resilient Cybersecurity Frameworks

November 28, 2024
DevSecOps

Everything Old is New Again: AI-Driven Development and Open Source

November 27, 2024

Leave a Reply

Your email address will not be published. Required fields are marked *

(c) Asia Online Publishing Group 2024 - Media and PR enquiries - editor@aopg.net