As we’ve shown in a previous blog, search-based detection rules and Elastic’s machine learning-based anomaly detection can be a powerful way to identify rare and unusual activity in cloud API logs. Now, as of Elastic Security 7.13, we’ve introduced a new set of unsupervised machine learning jobs for network data, and accompanying alert rules, several of which look for geographic anomalies.
In my previous blog post, I demonstrated how to use Prometheus and Fluentd with the Elastic Stack to monitor Kubernetes. That’s a good option if you’re already using those open source-based monitoring tools in your organization. But, if you’re new to Kubernetes monitoring, or want to take full advantage of Elastic Observability, there is an easier and more comprehensive way. In this blog, we will explore how to monitor Kubernetes the Elastic way: using Filebeat and Metricbeat.
The 2010 Stuxnet malicious software attack on a uranium enrichment plant in Iran had all the twists and turns of a spy thriller. The plant was air gapped (not connected to the internet) so it couldn’t be targeted directly by an outsider. Instead, the attackers infected five of the plant’s partner organizations, hoping that an engineer from one of them would unknowingly introduce the malware to the network via a thumb drive.
Detecting and preventing malicious activity such as botnet attacks is a critical area of focus for threat intel analysts, security operators, and threat hunters. Taking up the Mozi botnet as a case study, this blog post demonstrates how to use open source tools, analytical processes, and the Elastic Stack to perform analysis and enrichment of collected data irrespective of the campaign.
I’m a security analyst at Orange Business Services in Paris, and one of my current projects for the Orange Group is implementing a new SIEM based on the Elastic Stack. In this blog post, I’ll share why we chose Elastic and how we were able to integrate Elastic into our existing SIEM, resulting in faster investigations and saving our engineers’ time. So follow along.
What do an airline, the world’s largest retailer, the French government, Adobe, and NASA’s JPL have in common? They use the Elastic Stack to empower customers, communities, and, even, interplanetary exploration. With the Elastic Stack’s ability to take data from any source and in any format, and then search, analyze, and visualize it in real time, organizations can act quickly to improve customer experience and power critical systems.
Is enterprise data a benefit or a burden? Think about all of the data your organization generates and consumes in the digital age — from security event logs to application error messages, energy consumption to vendor contracts. There is so much, and all of it is usually stored in silos, making the data difficult to synthesize to provide better services, identify signals proactively, or make stronger business decisions.
We’re thrilled to announce that Elastic has been named a Leader in The Forrester Wave™: Cognitive Search, Q3 2021*, highlighting, in our opinion, our commitment to providing a set of tools that makes it quicker and easier to build great search experiences with Elasticsearch. In addition to receiving the highest score possible in the strategy category, Elastic also received the highest scores possible in the operations and market awareness criteria.
In a previous blog, we discussed how to monitor, troubleshoot, and fix high %CPU issues. We also revealed a system API that could have an unexpected impact on CPU consumption. In this episode, we’ll discuss another time-related performance aspect that is unique to security software: application startup time. You don’t need to be a developer to benefit from this article.
Users of Elastic Security are protected through numerous layers of protections against the REvil ransomware that affected Kaseya VSA and its customers. Elastic Security’s layered protections prevented 100% of the REvil ransomware samples tested before damage and loss could occur to the business. We believe that detections and preventions must be layered, as no single protection works 100% of the time.
