Elastic, known as the Search AI Company, has unveiled a new AI-driven security analytics platform set to transform traditional Security Information and Event Management (SIEM) approaches for Security Operation Centres (SOCs). Their latest feature, Attack Discovery, simplifies the detection process by filtering hundreds of alerts to highlight the most critical attacks using just one click. This innovation, powered by Elastic’s Search AI platform, automates much of the manual configuration, investigation, and response tasks that have long burdened security teams.
The Search AI platform integrates search and retrieval augmented generation (RAG), drawing on advanced search technology to produce highly relevant results swiftly. This approach ensures that Elastic’s security solutions are built on rich, current data, crucial for delivering precise outcomes tailored to specific security needs.
Transforming alert management with Attack Discovery
Attack Discovery stands out by utilising the Search AI platform to sort through alerts and identify key details that should be assessed. Leveraging Elastic’s Elasticsearch, the feature queries the vast context available in Elastic Security alerts, retrieving pertinent data such as host and user risk scores and alert reasons. This enables the system to instruct the underlying large language models (LLMs) to prioritise the most significant attacks efficiently.
Ravi Rajendran, area vice president of Southeast Asia at Elastic, highlighted the significance of this innovation for Singapore, noting the Cyber Security Agency of Singapore’s findings: two in five businesses in the country struggle with adequate cybersecurity resources despite frequent incidents. “Attack Discovery will empower businesses to slash the resource burden, freeing security teams from the grind of low-level tasks. This allows them to focus their expertise on what matters most: responding to and mitigating real threats,” Rajendran explained.
Proactive cybersecurity measures are essential for business survival
Asjad Athick, Elastic’s Cybersecurity Lead for Asia Pacific and Japan, discussed the high stakes of cybersecurity incidents, emphasising the potential for data loss, reputation damage, and severe financial consequences, especially for small and medium-sized enterprises. “This is why proactive cybersecurity measures are crucial for businesses to protect their public image and ensure survival in today’s ever-evolving threat landscape,” Athick stated, underscoring the importance of swift detection and response to protect businesses in a rapidly evolving threat environment.
In typical SOCs across Singapore, analysts manually sift through thousands of alerts daily, a tedious and error-prone process. Elastic Security’s Attack Discovery automates this by filtering out irrelevant alerts and mapping significant ones to specific attack chains, allowing analysts to focus on genuine threats. This efficient triage process facilitated by LLMs aids analysts in spending less time on preliminary alert assessments and more on detailed investigations and resolutions.
Since its inception in 2019, Elastic Security has expanded to include over 100 prebuilt machine learning-based anomaly detection jobs and, more recently, the Elastic AI Assistant for Security, which aids SOC analysts in rule authoring, alert summarisation, and integration recommendations.
