Elastic Security launches two powerful AI tools for cybersecurity
Elastic Security has made two new AI features available designed to significantly improve the efficiency and effectiveness of security operations: Attack Discovery and Automatic Import. These technologies, already widely adopted in beta version, are now available to all users.
Quick Response
Elastic Security has launched two new AI features: Attack Discovery and Automatic Import. Attack Discovery consolidates alerts into actionable discoveries, while Automatic Import automates data integration. Both tools aim to improve the efficiency of security operations and attack visibility.
Attack Discovery: turning alerts into concrete actions
Attack Discovery is a solution that transforms thousands of SIEM alerts into a reduced number of actionable discoveries. According to a recent study by Enterprise Strategy Group, a customer reduced 1,018 alerts to just 8 significant discoveries. This process not only improves the efficiency of security teams but also allows for a faster and more accurate response to attacks.
Automatic Import: simplifying data integration
Automatic Import is a tool that automates the creation and validation of custom data integrations. According to Elastic, this feature can save hours of manual work, allowing security teams to quickly extend their visibility across the entire attack surface. Automatic Import is considered the most advanced solution of its kind on the market.
A flexible approach to LLM
Both features are based on an innovative approach called retrieval augmented generation (RAG). This method combines the capabilities of large language models (LLM) with organization-specific data to improve the accuracy and relevance of responses. Elastic allows security teams to choose their preferred LLM model based on criteria such as cost, speed, accuracy, and privacy.
Integrations with major LLM providers
Elastic Security natively supports the most popular LLM models, including:
- Google Cloud's Gemini 1.5 Pro 002 and Gemini Flash 1.5 002 via the Google Cloud Vertex AI platform
- Anthropic's Claude family of models via Amazon Bedrock
- The GPT-4 family of models via OpenAI or Azure's OpenAI Service
Next steps and availability
Both features are now available to all Elastic Security users. Users can try these new AI capabilities for free for two weeks through Elastic Cloud Serverless. Elastic emphasizes that the availability and timing of the features described are subject to the company's discretion.
Implications for security operations
The introduction of Attack Discovery and Automatic Import represents a significant step in the adoption of AI in security operations. These technologies not only reduce the workload of security teams but also improve the ability to detect and respond to attacks more effectively. Additionally, Elastic's flexible approach to LLM allows organizations to leverage the best capabilities available based on their specific needs.
Security and privacy considerations
Elastic recommends caution when using AI tools with personal, sensitive, or confidential information. Data entered may be used for training AI models or other purposes. There is no guarantee that the information provided will be kept secure and confidential. Users should familiarize themselves with the privacy practices and terms of use of generative AI tools before using them.
The competitive landscape and market opportunities
The introduction of Attack Discovery and Automatic Import positions Elastic Security as a key player in the market for AI-driven cybersecurity solutions. According to industry analysts, the ability to integrate and transform large volumes of data into actionable information represents a significant competitive advantage. This is particularly relevant in a context where organizations face increasing threat complexity and a shortage of specialized skills.
Elastic Security's features offer companies the opportunity to optimize their security operations, reducing response times and improving the accuracy of analyses. This is crucial for organizations seeking to maintain their security posture in an increasingly sophisticated threat environment.
Practical use cases and concrete benefits
The new AI capabilities of Elastic Security find application in various operational scenarios. For example, Attack Discovery can be used to identify complex attack patterns that might go unnoticed in a traditional alert stream. This is particularly useful for security teams that need to manage a high volume of data and prioritize responses.
Automatic Import, on the other hand, simplifies the data integration process, allowing organizations to quickly extend their visibility across the entire attack surface. This is essential for companies operating in dynamic environments and requiring high operational flexibility.
The importance of LLM flexibility
Elastic's flexible approach to LLM represents a significant strength. By allowing organizations to choose the LLM model best suited to their needs, Elastic offers a level of customization that is hard to find in other solutions. This is particularly important for companies operating in regulated sectors or with specific requirements in terms of data privacy and security.
The ability to integrate third-party LLM models, such as those from Google Cloud, Anthropic, and OpenAI, further amplifies the flexibility and adaptability of the solution. This allows organizations to leverage the best technologies available in the market without being tied to a single provider.
Considerations for small and medium-sized businesses
The new features of Elastic Security also offer significant benefits for small and medium-sized enterprises (SMEs). Many SMEs lack the resources needed to manage complex cybersecurity infrastructures. Elastic's AI-driven solutions can help these companies improve their security posture without requiring a significant investment in specialized skills.
The ability to try the new AI capabilities for free for two weeks through Elastic Cloud Serverless represents a valuable opportunity for SMEs to evaluate the potential of these technologies without taking on financial risks.
Future prospects and continuous innovation
Elastic continues to invest in the development of new AI capabilities for cybersecurity. The company has already announced plans for further improvements and integrations, which may include new predictive analytics features and advanced automation capabilities. These developments could further consolidate Elastic's position as a leader in the market for AI-driven security solutions.
The adoption of AI technologies in cybersecurity is set to grow in the coming years. Organizations that adopt these technologies proactively will be better positioned to address emerging security challenges and protect their critical assets.
The introduction of Attack Discovery and Automatic Import represents a significant step in the evolution of AI-driven cybersecurity solutions. These technologies offer tangible benefits in terms of operational efficiency, attack visibility, and response capabilities. The flexibility and adaptability of Elastic's solution make it an attractive choice for organizations of all sizes and sectors.
As the threat landscape continues to evolve, the adoption of advanced AI technologies like those offered by Elastic Security will be fundamental to maintaining a robust and resilient security posture. Organizations that invest in these technologies today will be better prepared to face the challenges of tomorrow.
Editorial Note and Disclaimer
The guides and content published on GoYou are the result of independent research and analysis activities, for informational, educational, and in-depth purposes.
GoYou does not constitute a journalistic publication or an editorial product pursuant to Law No. 62/2001 and does not engage in real-time information activities.
The GoYou project does not provide professional, technical, legal, or financial advice and disclaims all liability for the misuse of the information published.
In the Crypto sector, every investment involves risks: readers are invited to always inform themselves independently before making any decision.