Thursday, 3 April 2025
25.7 C
Singapore
28.2 C
Thailand
20.8 C
Indonesia
26.9 C
Philippines

Elastic revolutionises SIEM with AI-driven analytics

Elastic revolutionises SIEM with its new AI-driven security analytics, enabling SOCs to prioritise attacks efficiently and enhance their operational response.

Elastic, known as the Search AI Company, has unveiled a new AI-driven security analytics platform set to transform traditional Security Information and Event Management (SIEM) approaches for Security Operation Centres (SOCs). Their latest feature, Attack Discovery, simplifies the detection process by filtering hundreds of alerts to highlight the most critical attacks using just one click. This innovation, powered by Elastic’s Search AI platform, automates much of the manual configuration, investigation, and response tasks that have long burdened security teams.

The Search AI platform integrates search and retrieval augmented generation (RAG), drawing on advanced search technology to produce highly relevant results swiftly. This approach ensures that Elastic’s security solutions are built on rich, current data, crucial for delivering precise outcomes tailored to specific security needs.

Transforming alert management with Attack Discovery

Attack Discovery stands out by utilising the Search AI platform to sort through alerts and identify key details that should be assessed. Leveraging Elastic’s Elasticsearch, the feature queries the vast context available in Elastic Security alerts, retrieving pertinent data such as host and user risk scores and alert reasons. This enables the system to instruct the underlying large language models (LLMs) to prioritise the most significant attacks efficiently.

Ravi Rajendran, area vice president of Southeast Asia at Elastic, highlighted the significance of this innovation for Singapore, noting the Cyber Security Agency of Singapore’s findings: two in five businesses in the country struggle with adequate cybersecurity resources despite frequent incidents. “Attack Discovery will empower businesses to slash the resource burden, freeing security teams from the grind of low-level tasks. This allows them to focus their expertise on what matters most: responding to and mitigating real threats,” Rajendran explained.

Proactive cybersecurity measures are essential for business survival

Asjad Athick, Elastic’s Cybersecurity Lead for Asia Pacific and Japan, discussed the high stakes of cybersecurity incidents, emphasising the potential for data loss, reputation damage, and severe financial consequences, especially for small and medium-sized enterprises. “This is why proactive cybersecurity measures are crucial for businesses to protect their public image and ensure survival in today’s ever-evolving threat landscape,” Athick stated, underscoring the importance of swift detection and response to protect businesses in a rapidly evolving threat environment.

In typical SOCs across Singapore, analysts manually sift through thousands of alerts daily, a tedious and error-prone process. Elastic Security’s Attack Discovery automates this by filtering out irrelevant alerts and mapping significant ones to specific attack chains, allowing analysts to focus on genuine threats. This efficient triage process facilitated by LLMs aids analysts in spending less time on preliminary alert assessments and more on detailed investigations and resolutions.

Since its inception in 2019, Elastic Security has expanded to include over 100 prebuilt machine learning-based anomaly detection jobs and, more recently, the Elastic AI Assistant for Security, which aids SOC analysts in rule authoring, alert summarisation, and integration recommendations.

Hot this week

Samsung Galaxy A06 5G offers modern features at an affordable S$228

The Samsung Galaxy A06 5G, with a 50MP camera and 5,000mAh battery, launches in Singapore on March 21, 2025, for S$228.

Facebook introduces friends-only feed to cut out algorithmic content

Facebookโ€™s new Friends tab removes algorithmic recommendations, letting you see only posts from friends. It is now rolling out in the US and Canada.

World Backup Day 2025 highlights the shift from backup to restore in AI-driven era

Pure Storage calls for a shift from backup to rapid restore on World Backup Day 2025, highlighting AIโ€™s demand for resilient data recovery.

Nothing Phone (3a) Pro review: A mid-range marvel with standout zoom

Nothing Phone (3a) Pro blends standout design, powerful zoom camera, and smart features, making it a top choice in the mid-range segment.

Google Pixel 9a arrives in Singapore this April for S$799

The Google Pixel 9a launches in Singapore in April 2025 with a Tensor G4 chip, 48MP camera, and seven years of updates, starting at S$799.

Qualcomm expands AI research with MovianAI acquisition

Qualcomm has acquired Vietnamese AI research firm MovianAI to boost its AI development in smartphones, PCs, and software-defined vehicles.

Roblox introduces new parental controls to enhance child safety

Roblox introduces new parental controls, allowing parents to block games, restrict friends, and monitor their childโ€™s activity for better safety.

Anthropic introduces Claude for Education, a new AI chatbot plan for universities

Anthropic launches Claude for Education, an AI chatbot plan for universities that offers advanced learning tools and administration support.

Exabeam introduces Nova, an agentic AI that boosts cybersecurity operations

Exabeam unveils Nova, a proactive AI agent that boosts security team productivity and reduces incident investigation time by over 50%.

Related Articles