Elastic on Elastic The Elastic Infosec Detections and Analytics team is responsible for building, tuning, and maintaining the security detections used to protect all Elastic systems. Within Elastic we call ourselves Customer Zero and we strive to always use the newest versions of our products. In this series of blog posts we will provide an overview of our architecture, what data we send to our clusters, how and why we use Cross Cluster Search (CCS) with the Security and Machine Learn
We are excited to announce that Elastic is joining forces with Cmd to accelerate our efforts in Cloud security - specifically in cloud workload runtime security. By integrating the capabilities of Cmd's expertise and product into Elastic Security, we will enable customers to detect, prevent, and respond to attacks on their cloud workloads. Adding to our recent announcement to acquire build.security, this will give customers cloud security protections from build-time, to deployment-time, to runti
As an Elastic Technical Account Manager (TAM), I’m a trusted advisor who provides the necessary technical lens to help solve key business problems and drive customers towards strategic outcomes by helping teams make the most of their investments in Elastic technologies. In this series, you will hear firsthand the insights into some of the many ways we help our customers achieve success.
Asjad Athick, Elastic Technical Account Manager (TAM) For customers looking to monitor and observe thei
On August 21, 2021, the Cybersecurity and Infrastructure Security Agency (CISA) released an urgent notice related to the exploitation of ProxyShell vulnerabilities (CVE-2021-31207, CVE-2021-34473, CVE-2021-34523). By chaining these vulnerabilities together, threat actors are compromising unpatched Microsoft Exchange servers and gaining footholds into enterprise networks. Security vendors and researchers are also observing these attacks tied to post-exploitation behavior such as deploying r
At Elastic, we are continually evolving and growing and with this comes new opportunities. We are excited to announce our latest initiative, the Elastigrad Program, which is focused on recruiting early-career engineers. Ash Kulkarni, Elastic’s Chief Product Officer, is dedicated to creating an even more diverse engineering team, and the Elastigrad Program is a natural extension of our investment in our people. “By recruiting and training early-career engineers, we will have fresh perspect
Since its inception, Elastic Security has had a clear mission: to protect the world's data and systems from attack. We started with SIEM, built on top of the Elastic Stack, applying its fast and scalable search capabilities to detect security vulnerabilities across all threat vectors. Next, we joined forces with Endgame to integrate endpoint security into Elastic Security, and allow customers to prevent, detect, and respond to attacks from a single, unified platform. With the recent release of E
Kibana creates easy ways to do powerful things with all of your data — to ask and answer questions and follow the flow of analysis. Many times the answer to your question requires calculations based on queried data. Formulas allow you to author your own metrics by combining multiple aggregated fields using math operations. In addition, moving through and replaying your data in time and space are powerful ways to gain historical context and understand additional insight about the present. In the
We are excited to announce support for Google Compute Engine (GCE) N2 general purpose virtual machine (VM) types, and additional hardware configuration options powered by N2 custom machine types. N2 VMs leverage Intel 2nd Generation Xeon Scalable processors and provide a balance of compute, memory, and storage. N2 machine types also offer more than a 20% improvement in price-performance over the first-generation N1 machines.
When you provision an Elastic deployment on Google Cloud you wil
This blog post was written in collaboration with the team at Lightrun: Itai Tieger, Roy Chen, and Tom Granot. Itai is an R&D team leader specializing in cybersecurity, with over 10 years of experience in the industry. Roy is a software engineer with over 6 years of diverse experience in multiple disciplines. Tom is a solution engineer and a former site reliability engineer. An application running in production is a difficult beast to tame. Most experienced developers–ones who spent enough late n
As a powerful search engine, Elasticsearch provides various ways to collect and enrich data with threat intel feeds, while the Elastic Security detection engine helps security analysts to detect alerts with threat indicator matching. In this blog post, we’ll provide an introduction to threat intelligence and demonstrate how Elastic Security can help organizations establish robust cyber threat intelligence (CTI) capabilities. CTI is contextual information obtained through research and analysis of