Elastic Security provides unified protection built on the Elastic Stack. It aims to stop threats at scale, eliminate blind spots, and arm every analyst. Features include new modules for collecting data from Office 365 and Okta, CEF module support for Check Point, streaming logs to Logstash, and direct ML integration. Elastic Security is intended to be an out-of-the-box solution that provides prevention, detection, and response capabilities for security analysts everywhere using free and open source tools.

1. Elastic Security
Unified protection for everyone, built on the Elastic Stack
Sébastien Michel - security specialist
July 2nd
, 2020

2. Security analysts are
overwhelmed
Everyone is a target
Attack surface rife
with blind spots
1 2 3

3. Stop threats
at scale
Eliminate
blind spots
Arm
every analyst

4. Stop threats at scaleEliminate blind spots Arm every analyst
Elastic Security
➔ New Filebeat modules for
Office 365 and Okta
➔ Filebeat CEF module
supports Check Point
➔ Elastic Endpoint Security
streams to Logstash
➔ ECS “Mapper” tool made
public
➔ SIEM queries support ECS
fields
➔ Notifications - Email,
Slack, PagerDuty,
Webhook
➔ Direct ML integration in
detection engine
➔ Expanded prebuilt rules
➔ Prebuilt MITRE Based
Protections
➔ Import and export timelines
➔ SIEM rule execution
monitoring
➔ New case management
workflows
➔ New simple case
management workflow
integration with
ServiceNow® and JIRA
➔ New Investigation Guide
playbooks

5. Elastic SIEM Bottom-up Vision
Elastic Confidential Information - Roadmap information provided on this slide is an overview of overall direction and nothing is committed.
5
Deep Community Ecosystem
● Users
● Open projects & distributions
● Integrations
● Training
3
Rich Visualizations, Easy Workflow
● Heatmaps
● Geo maps
● Infographics
● Automated or Human-in-the-loop
● SOC, IR, and SOAR workflows
1
Fast Scalable Search Engine
● Built on Elasticsearch
● Schema on write for speed
● Distributed for scale
● Common Schema (ECS) for open
4
Effective Detection Library
● Out of the box
● Out of the community
● Basic and advanced
2
Multiple Detection Engines
● Queries, aggregations, matches
● Lists, intelligence, context
● Stateful correlation rules
● ML-based anomaly & outlier detection
● Graph analysis

6. Unified protection
for everyone
Elastic Security arms analysts to
prevent, detect, and respond to
threats — and it’s free and open,
available to analysts everywhere
Elastic Security

7. Prevention, Detection, and Response for unified Protection
Elastic Security
Security content
from Elastic and
community
Visualize your Elasticsearch data
and navigate the Elastic Stack
A distributed, RESTful search
and analytics engine
Kibana
Elasticsearch
Security
Out-of-the-box solution for
security analysts everywhere
LogstashBeats Endpoint

8. Demo

9. Prevent Detect
Elastic Security
Unlimited insights across all your data for all time
Respond

10. 2010 Today
Elasticsearch 0.4
released
ECS 1.0
released
Elasticsearch 1.0
released
Growing use of ELK
for threat hunting
SIEM app
released
Security consultancy
Perched acquired
Endgame
acquired
Logstash
joins forces
Kibana
joins forces
Beats to collect
all the data
Anomaly detection
firm Prelert acquired
Elastic Cloud
launched

11. These are just some of our partners and community members. The presence of a vendor logo doesn’t imply a business relationship with Elastic.
Security orchestration,
automation, response
Security incident
response
General ticket & case
management
● Host sources
● Network sources
● Cloud platforms &
applications
● User activity sources
● SIEMs & centralized
security data stores
Community
Consulting
Education & training
Solutions Integrators,
Value-added Resellers,
MSPs & MSSPs
Internal context
External context
Elastic Ecosystem
Scale your program with the Elastic
Community

12. Powering security teams
around the world
Validated by top
industry analysts

13. — WEBINAR —
Minimizing MTTD with
Elastic Security
Watch here: ela.st/securityintro
Mike Paquette
Director, Product Management
Braden Preston
Director, Product Management

14. Elastic is a Search Company.
www.elastic.co
Thank You