Detecting Cobalt Strike with memory signatures

At Elastic Security, we approach the challenge of threat detection with various methods. Traditionally, we have focused on machine learning models and behaviors. These two methods are powerful because they can detect never-before-seen malware. Historically, we’ve felt that signatures are too easily evaded, but we also recognize that ease of evasion is only one of many factors to consider. Performance and false positive rates are also critical in measuring a detection technique's effectiveness. S

Elastic Cloud Value Calculator: Understand the economics of adopting Elastic Cloud

As your Elastic usage increases and your use cases expand, it's important to know the benefits and cost savings that you can achieve by running Elasticsearch as a service. But since every Elasticsearch implementation can vary by use case and deployment model, it can be complicated to tackle on your own. So with that in mind, we are excited to share the Elastic Cloud Value Calculator. With this calculator, you can easily estimate cost savings and increases in productivity based on infrastructure

Top tips from women Leaders @ Elastic

In a male dominated industry, we know that representation matters. It’s important, for everyone, to see someone like them finding career opportunities and success as they climb the ladder.At Elastic we take equity seriously. In celebration of International Women's Month we wanted to share some of the profiles and features from our Culture blog highlighting our amazing female leadership at Elastic.Read on to discover some of their thoughts on mentorship, work life balance, finding and making oppo

Elastic named in Fast Company’s 2021 World’s Most Innovative Companies list

This year has required all of us to think a little bit differently about the future. At Elastic, our pursuit of innovation starts with a fundamental belief that better is always possible — better products, better customer service, and most importantly, a better world. We need solutions for a better world now more than ever, especially in the wake of the COVID-19 pandemic. We’re honored to drive technology — such as Workplace Search and Elastic Security — that is alleviating some of the stresses

Validating Elastic Common Schema (ECS) fields using Elastic Security detection rules

The Elastic Common Schema (ECS) provides an open, consistent model for structuring your data in the Elastic Stack. By normalizing data to a single common model, you can uniformly examine your data using interactive search, visualizations, and automated analysis.

Elastic provides hundreds of integrations that are ECS-compliant out of the box, but ECS also allows you to normalize custom data sources. Normalizing a custom source can be an iterative and sometimes time-intensive process. However, we

How to manage Elasticsearch data across multiple indices with Filebeat, ILM, and data streams

Indices are an important part of Elasticsearch. Each index keeps your data sets separated and organized, giving you the flexibility to treat each set differently, as well as make it simple to manage data through its lifecycle. And Elastic makes it easy to take full advantage of indices by offering ingest methods and management tools to simplify the process. In this post, we'll use Filebeat to ingest data from multiple sources into multiple indices, and then we'll use index lifecycle management (

Elastic Stack 7.11.2 released

Version 7.11.2 of the Elastic Stack was released today. We recommend you upgrade to this latest version. The 7.11.2 patch contains fixes and small enhancements for the stack. For a full list of changes for each product, please refer to the release notes: 7.11.2 Release Notes Elastic Stack

Elasticsearch Kibana Beats Logstash

Elastic Enterprise Search

Enterprise Search

Elastic Observability

APM

Elastic Security

Elastic Security Solution

Elastic Cloud

ECK 1.4.1

https://www.elastic.co/blo

Detecting threats in AWS Cloudtrail logs using machine learning

Cloud API logs are a significant blind spot for many organizations and often factor into large-scale, publicly announced data breaches. They pose several challenges to security teams:

Cloud API transactions do not leave network or host-based evidence. For this reason, they cannot be monitored, searched, or analyzed using conventional security tools and products like network security devices or endpoint-based security agents. This tends to create significant blind spots in cloud threat detectio
International Women's Day kickoff at Elastic

The theme of this year’s International Women’s Day is #ChooseToChallenge. It is a necessary call for individuals to commit themselves to forging a more inclusive world.At Elastic, we challenge ourselves year round to think both more broadly and deeply about inclusivity. The research is clear: when everyone is from the same background, goes to the same schools, shares the same lived experiences, you can quickly slip into group think. More diversity means more view points, more ideas, and ultimate

Detection and Response for HAFNIUM activity

On March 2, 2021, Microsoft released a security update describing several 0-day exploits targeting on-premises Microsoft Exchange servers. Four published remote code execution vulnerabilities relate to this activity, for which Microsoft released a patch. The vulnerabilities include CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, and CVE-2021-27065. In addition to verifying the information published by other members of the security community, Elastic Security identi


Chercher