Posts by Elastic (old posts, page 6)

RSS feed

Elastic named a Leader in The Forrester Wave™: Security Analytics Platforms, Q2 2025

We’re excited to share that Elastic has been named a Leader in The Forrester Wave™: Security Analytics Platforms, Q2 2025.

At Elastic, we believe security starts with the data. Elastic Security enables teams to detect, investigate, and respond to threats at scale, without lock-in or limits — powered by the speed and flexibility of Elasticsearch — and is grounded in a commitment to openness, innovation, and customer control.

https://static-www.elastic.co/v3/assets/bltefdd0b53724fa2ce/blt2a4d03e9432e99f4/685aa7bccfb1bb245fdfd25b/Image_Security-Analytics-Platforms-Q2-2025_(1).png,Image_Security-Analytics-Platforms-Q2-2025 (1).png

We believe this recognition reflects our engineering-led approach to solving security as a data problem — with AI-driven analytics, intuitive case management, and scalable deployment models that meet customers where they are.

GSA and Elastic announce strategic agreement to drive federal cost savings

In a significant step forward for government IT modernization, the US General Services Administration (GSA) has entered into a strategic agreement with Elastic, the Search AI Company, to help federal agencies reduce costs and elevate their cybersecurity, observability, and AI capabilities.

This landmark agreement establishes new, government-wide pricing for Elastic’s full suite of solutions — both self-managed and cloud. Agencies can now access volume discounts of up to 60%, eliminating the inefficiencies of fragmented, one-off procurements. The agreement is a win-win for the government: simplifying the acquisition and procurement processes while modernizing legacy IT systems.

Supporting federal mandates for cost savings and innovation

The new Elastic-GSA agreement supports the broader government-wide push for IT efficiency. Recent executive orders and US Office of Management and Budget (OMB) guidance — particularly the President’s Management Agenda and the directives on government efficiency and AI innovation — emphasize cost-effectiveness, cybersecurity, and the adoption of AI to improve public services.

Elastic is well-positioned to help government agencies accelerate their missions efficiently. Using open source Search AI technology, Elastic’s data mesh approach can transform massive amounts of siloed data into actionable, mission-critical insights. Agencies looking to strengthen interoperability, combat fraud, reduce wasteful spending, improve security, and modernize IT are using Elastic as a strategic foundation for multiple use cases that rely on data, such as Zero Trust, logging compliance, and building GenAI applications.

Through this agreement, agencies can gain streamlined access to Elastic’s open, scalable technology, including:

  • Next-generation security and logging: Elastic offers comprehensive logging and cybersecurity capabilities, including cutting-edge features such as AI Assistant for Security, Attack Discovery, and out-of-the-box detection rules to accelerate response times. Elastic’s tiered storage and logsdb index mode enable federal agencies to comply with M-21-31 logging requirements, making long-term log retention both operationally feasible and cost-effective.
  • Search AI Lake: Elastic’s Search AI Lake provides unified, AI-powered distributed data access across all data types and systems, breaking down silos for mission-critical insight. Using a data mesh approach, Elastic enables data to remain in its original location but be searched, accessed, and analyzed holistically. 
  • Zero Trust capabilities: Elastic unifies data across all Zero Trust pillars, enabling agencies to seamlessly ingest, analyze, and act on threats while cost-effectively integrating with their existing systems.
  • Open standards based observability: Gain full-stack visibility across IT environments with OpenTelemetry (OTel)-native support and real-time telemetry.
  • Flexible deployment models: Cloud-native, hybrid, or on-prem — Elastic meets agencies where they are.

These capabilities provide a unified foundation for operationalizing data at scale, enabling agencies to not only strengthen their security posture but also reduce complexity and boost operational resilience.

The release and timing of any features or functionality described in this post remain at Elastic's sole discretion. Any features or functionality not currently available may not be delivered on time or at all.

In this blog post, we may have used or referred to third-party generative AI tools, which are owned and operated by their respective owners. Elastic does not have any control over the third-party tools and we have no responsibility or liability for their content, operation or use, nor for any loss or damage that may arise from your use of such tools. Please exercise caution when using AI tools with personal, sensitive or confidential information. Any data you submit may be used for AI training or other purposes. There is no guarantee that information you provide will be kept secure or confidential. You should familiarize yourself with the privacy practices and terms of use of any generative AI tools prior to use. 

Elastic, Elasticsearch, and associated marks are trademarks, logos, or registered trademarks of Elasticsearch N.V. in the United States and other countries. All other company and product names are trademarks, logos, or registered trademarks of their respective owners.

AI, out-of-the-box!

Elastic AI features in Elastic Security, Observability, and Search are now enabled by default in Elastic Cloud.

Getting started with generative AI (GenAI) shouldn’t be a project in itself. Too often teams encounter organizational friction that slows adoption of AI-based features, from third-party contracts and external API keys, to additional terms of service and billing management. With the Elastic Managed LLM, you can sidestep these blockers and get powerful AI features for automatic ingest, threat detection, problem investigation, root cause analysis, and more, ready to go from day one.

Prefer your own model? We’ve got you covered there, too, with the ability to integrate any popular third-party LLM of your choosing.

https://static-www.elastic.co/v3/assets/bltefdd0b53724fa2ce/blt5a6df87d39574ae5/685103294c53c84bece8879e/attack-discovery.png,attack-discovery.pngOut-of-the-box AI for SREs: Accelerated problem resolution

All AI features in Elastic Observability are ready to use out of the box — no setup required. Teams can accelerate root cause analysis, streamline incident response, and start getting value from generative AI on day one. For organizations that need more control, connecting a preferred LLM is still fully supported.

The Elastic Managed LLM powers all generative AI capabilities in Elastic Observability, including:

  • AI Assistant for Observability: The AI Assistant combines generative AI with RAG to reduce hallucinations and improve accuracy by grounding responses in your organization’s knowledge, including runbooks, past incidents, trouble tickets, documentation, and GitHub issues. It helps SREs troubleshoot faster by generating queries, dashboards, and visualizations to surface relevant data and enables natural language investigation across logs, metrics, and traces. In addition to conversational guidance, the AI Assistant also delivers embedded contextual insights directly in the UI, explaining log messages and APM errors without requiring a chat session.

  • Automatic Import: By automating the development of bespoke ingest pipelines, the Automatic Import feature extends Elastic’s 400+ out-of-the-box integrations with support for custom use cases. It reduces ingest time required from several days to less than 10 minutes and significantly lowers the learning curve for onboarding unstructured data. It builds a custom ingest pipeline based on sample data that accurately maps raw data into Elastic Common Schema (ECS) and custom fields, populates contextual information, and categorizes events. 

AI for developers: Prototype and test GenAI capabilities from day one

With the default Elastic Managed LLM, AI Playground and the Search AI Assistant are ready to use out of the box, without need for additional setup or API keys for an external model. Playground offers a low-code interface for rapidly prototyping RAG workflows with your own data. Now, you can test the latest GenAI capabilities and start building instantly — no model configuration needed. If you prefer your own model, you still have the flexibility to use the open inference API to connect any provider or custom endpoint of your choice.

https://static-www.elastic.co/v3/assets/bltefdd0b53724fa2ce/blt4a907834a226efc3/6851051280eb856f0140cd90/Ai-playground.png,Ai-playground.pngElastic’s unique approach to AI

Elastic delivers AI where it matters most, natively integrated with your data, workflows, and use cases. With a default managed LLM enabled out of the box, teams can start using AI immediately, without setup or third-party contracts. For more flexibility, developers can also connect to public LLMs using Elastic’s open inference API.

What truly sets Elastic apart is how it combines Search AI capabilities for security and observability:

  • Retrieval augmented generation (RAG) is built in using Elastic’s native vector database with embeddings sourcing relevant context from your environment. AI features can reference your internal knowledge bases (runbooks, incidents, documentation, GitHub issues, etc.) to enable relevant and grounded responses.

  • Unified access to all your data means AI isn’t limited to predefined datasets. With 400+ integrations combined with other organizational knowledge sources, Elastic can enrich AI insights with logs, metrics, traces, runbooks, and more, all indexed and searchable in one place.

  • Search and analytics leverage Elastic’s platform strengths: fast query execution, aggregations, and built-in functions — ensuring AI-driven insights are grounded in real-time data and provide accurate and actionable results.

With the default LLM, you get:

  • A model tested and evaluated by Elastic.

  • Integrated billing and platform governance — linked to your Elastic subscription with no separate accounts, terms of service, or compliance gaps. Data is handled securely and adheres to the privacy and security controls you’ve already put in place.

  • Single-vendor support, so your team isn’t stuck chasing third parties.

  • Zero config in most cases — AI is simply ready when you are.

Whether you need speed, control, or customization, Elastic gives you a flexible, production-ready AI stack designed for how modern teams work.

You thought Elastic only did SIEM? Think again!

Elastic Extended Security, born from the acquisition of Endgame, brings years of battle-tested EDR and threat prevention expertise directly into Elastic’s Search AI Platform. This isn’t a bolt-on or third-party integration; it’s a native, deeply embedded component that redefines what’s possible with XDR. 

As data volumes grow exponentially, traditional EDR tools hit walls. Elastic doesn’t. Only Elastic can deliver true XDR: natively correlating endpoint, network, user, and cloud telemetry at search speed, across petabytes of data, all in a single platform. 

But Elastic goes further: 

  • Best-in-class endpoint built in: Our agent protects Windows, macOS, and Linux with the award-winning prevention and detection capabilities originally pioneered at Endgame and evolved into a scalable platform for modern threats. Advanced malware, behavioral, memory, and ransomware defenses are included out of the box. 
  • Hybrid endpoint, real-world ready: Most enterprises rely on multiple endpoint vendors, and Elastic meets them where they are. Elastic Security’s vendor-agnostic platform seamlessly operationalizes data from third-party EDR tools alongside Elastic Extended Security’s own endpoint agent — all within a unified detection and response workflow. No silos. No pivoting.
  • Unlimited deployment model: With Elastic, every user gets unlimited agents. Scale up during incidents. Deploy widely during mergers and acquisitions. Build a resilient baseline across thousands of machines — without hidden per-endpoint pricing. Elastic delivers a mission-ready platform that protects today’s infrastructure and scales to meet tomorrow’s complexity. This is XDR the way it was meant to be: flexible, powerful, and unified.
https://static-www.elastic.co/v3/assets/bltefdd0b53724fa2ce/bltd08d36a01c7e0da8/6852dd938e72c43e21691e17/blog-elastic-attack-discovery.png,blog-elastic-attack-discovery.pngAI-driven fixes at your fingertips

Endpoint security is essential, but it can sometimes introduce system slowdowns or conflicts that affect performance. Troubleshooting these issues manually is complex and time-consuming, often delaying the deployment of security tools and creating critical visibility gaps across your environment.

Elastic’s Automatic Troubleshooting uses AI to automatically identify third-party antivirus and security software causing endpoint performance issues and slowing your users down. We even help you fix these conflicts, with fast one-click exclusions.

This gives security teams fast, clear insights and guided steps to resolve performance problems — helping you maintain strong security without sacrificing endpoint performance or user experience.

https://static-www.elastic.co/v3/assets/bltefdd0b53724fa2ce/blt4bda86335de149b1/6852de90ec913838476ad687/blog-elastic-event-collection.png,blog-elastic-event-collection.pngDigging deeper: Investigate threats without data limits

Speed and context are everything in security investigations — and that means having all your data, instantly accessible, whenever you need it. Elastic Security is built to handle security telemetry at scale, so you can retain, search, and analyze vast amounts of data without compromise.

With searchable snapshots and flexible data tiers, Elastic lets you keep months or years of endpoint, cloud, and infrastructure data searchable — without blowing your budget. No more choosing between retention and performance.

Paired with powerful investigation tools like Timeline, Session View, and an interactive process analyzer, analysts can quickly trace events, pivot between related activity, and uncover the full scope of an incident. The result: faster investigations, deeper insights, and decisions based on complete, reliable data. And thanks to our vendor-agnostic approach, these investigative workflows work seamlessly whether telemetry comes from Elastic, a third-party EDR, or a mix of both — ensuring investigations stay efficient and comprehensive, no matter what tools you’re running.

https://static-www.elastic.co/v3/assets/bltefdd0b53724fa2ce/bltad0ea4716f7bc444/6852dec069746a16382d085d/blog-elastic-event-analyzer.png,blog-elastic-event-analyzer.pngOpen and transparent security

At Elastic, we know SOC analysts rely on transparency and trust to Extended Security against evolving threats. That’s why we made our protections-artifacts repository fully open, sharing the exact detection logic behind Elastic’s endpoint security — including YARA signatures and rules for Windows, macOS, and Linux. This level of visibility lets you understand what’s running under the hood, customize detections to fit your environment, and collaborate with the community to sharpen protections. 

Openness isn’t just about sharing code — it’s about empowering you to stay ahead of attackers and keep your organization secure. Elastic also runs a public bug bounty program that covers EDR behavior detection rules, rewarding researchers for identifying ways to bypass detections. This helps security teams strengthen Elastic Extended Security’s protections and stay ahead of evolving attack techniques.

https://static-www.elastic.co/v3/assets/bltefdd0b53724fa2ce/bltc58cc85e657dd94f/6852df230a2918f94ca05d53/blog-elastic-response-console.png,blog-elastic-response-console.pngJust how good are Elastic Extended Security protections?

We think Elastic Extended Security is one of the best protection engines in the industry — but don’t just take our word for it. Independent third-party testing continues to validate the strength of our endpoint security capabilities.

In the latest AV-Comparatives Business Security Test (April–May 2025), Elastic Extended Security achieved a 100% protection rate against 200+ advanced attack scenarios and 1,000+ real-world malware samples. That’s top-of-the-table performance in one of the industry's most rigorous evaluations.

And it doesn’t stop there. Elastic Extended Security also earned a Grade A certification from VB100, following its intensive real-world malware and false positive testing.

These results reinforce what our customers already experience: Elastic Extended Security consistently delivers reliable, high-fidelity protection against today’s most sophisticated threats — while staying lightweight and easy to manage as part of the Elastic Security platform.

https://static-www.elastic.co/v3/assets/bltefdd0b53724fa2ce/blt9d6aa2b38ad0a8fb/6852df5b419e5446071c3619/blog-elastic-av-comparatives.png,blog-elastic-av-comparatives.pngGet started with Elastic Security

Join the growing number of businesses that trust Elastic Security to protect their organization against attacks. Experience the peace of mind that comes with knowing your endpoints — and organization as a whole — are secure against the latest threats. Start your Elastic Security free trial and discover the difference that our protection can make. Visit elastic.co/security to learn more and get started.



Reclaiming analyst time: Smarter investigations with AI in defence

Security analysts at the UK Ministry of Defence (MOD) — and everywhere — face an overwhelming challenge: They can receive thousands of alerts daily, and distinguishing genuine threats from false positives in a timely fashion has become nearly impossible without technological intervention. The human cost is significant — over 70% of SOC analysts (across sectors)1 report burnout, even while the MOD saw a 400% increase2 in data breaches over the past five years. Organisations often respond by adding more tools, personnel, and (unnecessary) costs rather than addressing fundamental inefficiencies.

Simplifying security operations

This unified data model brings together endpoint, network, and cloud telemetry in one searchable data view. Analysts can quickly pivot from alerts to detailed investigation without switching contexts. By eliminating the need for separate tools and their associated licensing costs, total security tooling costs can be reduced by approximately 25% while actually improving capabilities and reducing complexity. Investigation guides and prebuilt playbooks standardise response procedures while ML-powered detection rules identify threats that might otherwise be missed. 

For remediation, security teams can execute actions across distributed endpoints simultaneously — isolating compromised machines, killing malicious processes, or deploying patches without leaving the platform. This end-to-end workflow automation transforms what was once a multi-hour, multi-tool process into a streamlined operation.

Enabling the MOD's defence data management strategy with intelligent data access

Since the release of the Defence Data Management Strategy in 2020,1 significant strides have been made toward the MOD's vision of treating data as a “strategic asset, second only to people.” Yet, as the 2025 target date approaches, work remains to achieve the strategy's four key outcomes: 

  • Curating integrated, machine-ready data

  • Treating data as a strategic asset

  • Developing skilled personnel to leverage information advantages

  • Positioning Defence as data leaders alongside partners and allies

While the objectives, rules, and purposes are clear, siloed systems persist. And as AI increasingly accesses sensitive defence information, questions of accountability and visibility become crucial. Also important is avoiding traditional compliance approaches that can significantly increase storage costs while slowing access to critical information.

CISOs in defence are faced with the question: How do we put a security wrap around AI to understand how it is being used and what data it is accessing?

Elastic meets the strategic outcomes of the MOD data strategy

In the Defence Data Strategy, the rules and outcomes play complementary roles. The Defence Data Rules set the principles and standards required to build a unified data environment, while the strategic outcomes define the goals Defence aims to achieve through their application. Together, the rules provide the foundation, and the outcomes set the direction — driving the operational transformation of Defence’s data landscape.

Elastic helps Defence overcome data silos and complexity, transforming strategic goals into mission success. Here’s how Elastic enables each Defence data outcome in practice:

  • Data is curated, integrated, and human/machine-ready: Data can be searched and understood in its original format without needing to be converted first. This means different types of information, like intelligence feeds, sensor readings, and operation records, can be analysed and accessed holistically, no matter where they come from.

  • Data is treated as a strategic asset: RBAC and ABAC enforce data sovereignty by granting authorised personnel granular access to accurate, up-to-date data for real-time decisions. RBAC simplifies privilege management by tying permissions to roles, removing access automatically when roles change — especially when integrated with systems like Active Directory.

  • Skilled personnel exploiting data for advantage: User-friendly dashboards let analysts identify trends and anomalies without specialised expertise. Generative AI integration summarises complex unstructured data, while prebuilt templates and workflows accelerate training. This addresses skills gaps and maximises the effectiveness of existing personnel, which can significantly increase security teams' efficiency.

  • Defence as data leaders with partners and allies: An open, flexible ecosystem with multi-vendor support allows Defence to unify data and drive innovation collaboratively with partners and industry, ensuring agile and secure operations.

The result is an operational advantage built on secure, accessible, and comprehensive information. Beyond this, the ROI for such a data foundation is remarkable, a critical advantage for defence teams managing complex compliance requirements and tight budgets. 

Join our webinar series, Mission advantage: Strategic conversations with defence leaders to explore how defence organisations are embedding governance, auditability, and assurance into every phase of AI deployment — while building a unified data layer to drive mission success and accelerate Defence Data Strategy outcomes.

Explore additional resources:

Sources:

  1. Computer Weekly, Government announces data strategy for defence,” 2021.

  2. Ministry of Defence, Data Strategy for Defence - GOV.UK,” 2021.

The release and timing of any features or functionality described in this post remain at Elastic's sole discretion. Any features or functionality not currently available may not be delivered on time or at all.

In this blog post, we may have used or referred to third party generative AI tools, which are owned and operated by their respective owners. Elastic does not have any control over the third party tools and we have no responsibility or liability for their content, operation or use, nor for any loss or damage that may arise from your use of such tools. Please exercise caution when using AI tools with personal, sensitive or confidential information. Any data you submit may be used for AI training or other purposes. There is no guarantee that information you provide will be kept secure or confidential. You should familiarize yourself with the privacy practices and terms of use of any generative AI tools prior to use. 

Elastic, Elasticsearch, and associated marks are trademarks, logos or registered trademarks of Elasticsearch N.V. in the United States and other countries. All other company and product names are trademarks, logos or registered trademarks of their respective owners.