Elastic Security Automates Prevention, Collection, Detection, and Response Across MITRE ATT&CK

Datum : 11/02/2020 @ 19h30
Quelle : Business Wire
Name : Elastic NV (ESTC)
Kurs : 86.9  1.05 (1.22%) @ 01h55
Elastic NV share price Chart
After Hours
Last Trade
Last $ 86,70 ▼ -0,20 (-0,23%)

Elastic Security Automates Prevention, Collection, Detection, and Response Across MITRE ATT&CK

Elastic NV (NYSE:ESTC)
Historical Stock Chart


Von Dez 2019 bis Jun 2020

Click Here for more Elastic NV Charts.

The latest release of Elastic Security enhances endpoint detection capabilities and introduces improvements to Elastic SIEM

Elastic N.V. (NYSE: ESTC), creators of Elasticsearch, today announced the release of Elastic Security 7.6.0, which builds on the strengths of Elastic Endpoint Security and Elastic SIEM to deliver unparalleled visibility and threat protection through a unified interface. This release automates the centralized detection of threats in the SIEM app and enhances endpoint detection capabilities on Windows hosts. Access to new data sources and improvements across the Elastic SIEM app further empower security practitioners to accelerate detection and response.

This press release features multimedia. View the full release here: https://www.businesswire.com/news/home/20200211005906/en/

View SIEM detections (signals) generated by out-of-the-box rules automated by the SIEM detection engine (Graphic: Business Wire)

Approach zero dwell time with a new SIEM detection engine and MITRE ATT&CK™-aligned rules

Elastic Security 7.6 introduces a new SIEM detection engine to automate threat detection, minimizing mean time to detect (MTTD) and freeing up your security team for security tasks requiring human intuition and skill. With Elasticsearch at its core, Elastic SIEM already accelerates security investigation time from hours to minutes. This new automated detection capability further reduces dwell time by surfacing threats that would otherwise be missed.

Elastic is also releasing an initial set of nearly 100 out-of-the-box rules aligned with the ATT&CK knowledge base to surface signs of threats often missed by other tools. Created and maintained by the security experts at Elastic, the rules automatically detect tools, tactics, and procedures indicative of threat activity, and will be continually updated to address new threats. Risk and severity scores associated with signals generated by the detection engine enable analysts to triage issues rapidly and then turn their attention to the highest-value work.

“Elastic has helped our security team focus on what matters by equipping us with the tools we need to efficiently search millions of logs while reducing the number of alerts to a volume that our security team can manage,” said Maxim Verreault, Security Manager at Skytech Communications. “With the release of 7.6, out-of-the-box signal detection rules in Elastic SIEM enable us to automate analysis across our observability data and detect and respond to threats the moment they happen. Elastic Security 7.6 also provides a great way for the community to connect, as we, the security folks, will be able to share custom signal detection rules so that everyone can benefit from them and detect new emerging threats.”

Rules operate on Elastic Common Schema (ECS)-compliant data gathered from Windows, macOS, and Linux systems, as well as network information from other sources. Security teams have the option to create or customize rules, but should never need to rewrite them for new ECS-compliant data sources added to their environment.

Built-in Elastic SIEM threat detection rules are developed and maintained by the security experts at Elastic, and complement both the machine learning-driven anomaly detection jobs of the SIEM app and host-based protections of Elastic Endpoint Security.

Achieve unprecedented visibility into Windows endpoints

Elastic Security 7.6 delivers unprecedented levels of visibility and protection to Windows systems, which are a major attack target due to their ubiquity and lenient user permissions model. The release deepens visibility into Windows activity and resiliently collects and enriches data from locations otherwise vulnerable to the evasion techniques of advanced threats.

New out-of-the-box detections leverage this data to detect attempts to capture keyboard inputs, load malicious code into other processes, and more. Practitioners can pair events generated by these detection rules with automated responses (e.g., kill a process) to achieve layered prevention. Combining this visibility and protection with the existing prevention, detection, and response capabilities for macOS and Linux systems provides Elastic Endpoint Security users with complete protection across their entire environment.

Reduce MTTD by quickly seeing what matters most

The new Elastic SIEM app Overview page and broader workflow enhancements enable security practitioners to hunt for and investigate threats fast. Users can jump right into an investigation by opening a timeline, viewing the latest detection signals, and reviewing alerts from external sources like Elastic Endpoint Security, Palo Alto Networks, Suricata, Zeek, and others. Wherever you are in the SIEM app, you’re never more than a click away from its integrated threat detection and anomaly detection capabilities.

Analysts can also increase operational awareness with new event, alert, and signal histograms, and explore the new and enhanced visualizations in the Hosts and Network views for more specialized analysis.

Keep an eye on your applications

Elastic SIEM also now provides curated visibility into HTTP data, giving you the power to view Elastic APM data from directly within the SIEM app. Multiple out-of-the-box Beats modules provide access to additional ECS-compliant HTTP data, allowing you to easily inspect and visualize all web transactions in one unified view.

Monitor your cloud data

Ingesting data into the Elastic Stack for centralized visualization and analysis is now even simpler. 7.6 introduces support for AWS CloudTrail data and enhances support for Google Cloud Platform, providing essential visibility into the modern attack surface. Data in the CEF format, whether from the cloud or elsewhere, is also easier than ever to visualize thanks to the updated CEF module for Filebeat.

Learn more

  • Experience the latest version of Elastic Security on Elasticsearch Service on Elastic Cloud
  • Try an Elastic SIEM demo
  • Learn about the Early Access Program for Elastic Endpoint Security.

About Elastic

Elastic is a search company that powers enterprise search, observability, and security solutions built on one technology stack that can be deployed anywhere. From finding documents to monitoring infrastructure to hunting for threats, Elastic makes data usable in real time and at scale. Founded in 2012, Elastic is a distributed company with Elasticians around the globe. Learn more at elastic.co.

Elastic and associated marks are trademarks or registered trademarks of Elastic N.V. and its subsidiaries. All other company and product names may be trademarks of their respective owners.

Elastic Dan Reidy press@elastic.co

Kürzlich von Ihnen besucht
LSE
GKP
Gulf Keyst..
LSE
QPP
Quindell
FTSE
UKX
FTSE 100
LSE
IOF
Iofina
FX
GBPUSD
UK Sterlin..
Stocks you've viewed will appear in this box, letting you easily return to quotes you've seen previously.

Register now to create your own custom streaming stock watchlist.

Der Markt LS (Lang&Schwarz) wird als Realtime Indikation kostenlos angezeigt und bietet Ihnen außerbörsliche Realtime Aktienkurse in der Zeit von Mo-Fr 08:00 bis 23:00, Samstags 10:00 bis 13:00 und Sonntags an.
NYSE und AMEX Kurse sind um mindestens 20 Minuten zeitverzögert.
Alle weiteren Kurse sind um mindestens 15 Minuten zeitverzögert, sofern nicht anders angegeben.
P: V:de D:20200606 02:56:00