Threat Intelligence & Incident Response

Elastic Launches Cloud Application For Enhanced Security Workflows

Elastic

Bringing Speed, Scale and Efficiency to Security Teams With Automated Detections and Operationalized Analytics

  • Introducing prebuilt machine learning jobs and detection rules supporting MITRE sub-techniques
  • Streamlining security operations center (SOC) workflows and accelerating response times with improved alert management
  • Providing a deeper understanding of how attacks are unfolding to drive efficient threat hunting

Elastic (NYSE: ESTC) (“Elastic”), the company behind Elasticsearch and the Elastic Stack, recently announced new prebuilt machine learning jobs and detection rules to protect cloud applications and hosts, and improved usability and accessibility to streamline security operations workflows in Elastic Security.

Elastic Security 7.11 helps secure the modern enterprise by automating detections and operationalizing analytics with prebuilt machine learning jobs and detection rules supporting MITRE sub-techniques. Prebuilt detections for cloud applications automatically spot techniques and behaviors associated with attacks against SaaS technologies such as Google Workspace, Microsoft 365 and Okta, and complements existing Elastic protections for IaaS technologies. Prebuilt security analytics content for Windows and Linux environments centrally detect a wide range of attacker activity, with a focus on addressing persistence, privilege escalation and lateral movement.

Elastic Security 7.11 streamlines alert management, enabling analysts to maintain velocity when addressing threats. Customizable alert notifications deliver key context to third-party workflow tools including Slack and ServiceNow, reducing swivel-chair analysis and accelerating triage. Security analysts can now attach alerts directly to cases to align responders and centralize relevant information. An expanded set of rule actions tighten integrations with Jira, ServiceNow and IBM Resilient, driving SOC efficiency.

A refreshed Timeline workspace drives efficient threat hunting, alert triage and investigation. Users can see key information on dedicated tabs, view events in a full-screen view and access event details without losing sight of surrounding events.

Related posts

Cyble Launches MSSP Program to Empower Industry-leading MSSPs

Business Wire

Base Operations Raises $3 Mn Funding Led by Mindset Ventures

Business Wire

Resecurity® showcased Cyber Threat Intelligence solutions at KPEX

PR Newswire