Elastic, known as the Search AI Company, has announced a groundbreaking shift in security analytics with the introduction of their AI-driven solution designed to replace traditional Security Information and Event Management (SIEM) systems. This innovative approach is set to revolutionize the modern Security Operation Center (SOC) by leveraging the power of their Search AI platform.

A New Era in Security Analytics

Elastic Security, built on the Search AI platform, is transforming the way security operations are conducted. The platform combines search and retrieval augmented generation (RAG) to automate previously manual processes such as configuration, investigation, and response. The most notable feature of this update is the new Attack Discovery tool, which streamlines the process of handling alerts. With a single click, it can triage hundreds of alerts, pinpointing the few that are critical, and presenting results in an intuitive interface for swift action by security teams.

Power of Search-Based RAG

The Search AI platform’s strength lies in its ability to provide rich, up-to-date data for Large Language Models (LLMs). Unlike bespoke LLMs that require constant retraining with internal data, Elastic’s search-based RAG offers the necessary context automatically, enhancing the accuracy and relevance of the results. This process is crucial for efficient and effective security operations.

Attack Discovery: Simplifying Complex Security Tasks

Attack Discovery utilizes the Search AI platform to evaluate alerts, leveraging hybrid search capabilities to retrieve the most relevant data. This includes assessing host and user risk scores, asset criticality, alert severities, descriptions, and reasons for alerts. By doing so, it enables the LLM to identify and prioritize significant attacks, making it easier for security teams to focus on real threats.

Addressing Resource Constraints in Cybersecurity

Ravi Rajendran, Area Vice President for Southeast Asia at Elastic, highlighted a significant challenge faced by businesses in Singapore. According to the Cyber Security Agency of Singapore, two in five businesses lack the resources to implement comprehensive cybersecurity measures, despite the high incidence of cyber attacks. Rajendran emphasized that Attack Discovery aims to alleviate this burden, allowing security teams to concentrate on critical threats rather than low-level tasks.

Asjad Athick, Cybersecurity Lead for Asia Pacific and Japan at Elastic, underscored the severe consequences of cyber incidents for businesses, particularly SMEs. He pointed out that delays in detecting and responding to threats can lead to significant financial losses, reputational damage, and legal repercussions. Proactive measures like Attack Discovery are essential for protecting businesses in today’s volatile cybersecurity landscape.

Enhancing SOC Efficiency

In Singapore’s SOCs, analysts typically spend considerable time triaging thousands of alerts daily. This process is not only time-consuming but also prone to errors. Elastic Security’s Attack Discovery simplifies this by filtering out false positives and mapping significant alerts to attack chains. This allows analysts to focus their efforts on genuine threats, improving overall efficiency and effectiveness.

Continued Innovation in Elastic Security

Since its inception in 2019, Elastic Security has continually advanced its analytics capabilities, including the development of over 100 prebuilt ML-based anomaly detection jobs. Last year, the introduction of the Elastic AI Assistant for Security further enhanced the capabilities of SOC analysts by aiding in rule authoring, alert summarization, and workflow integration.

Availability

The new Attack Discovery feature will be available to all customers with an Enterprise license as part of the Elastic 8.14 release.