Elastic’s Search AI set to revolutionise cyber security operations
Elastic is leading a tech revolution as it announces that Search AI will supersede conventional SIEM (security information and event management) with an AI-fuelled security analytics solution for contemporary security operations centres (SOCs). By harnessing the capabilities of Search AI, Elastic Security is revamping burdensome manual processes tied to configuration, investigation and response, using search and retrieval augmented generation (RAG) to churn out highly pertinent results.
A key feature, named ‘Attack Discovery’, capitalises on the Search AI platform’s prowess to efficiently narrow down hundreds of alerts to the most critical ones with a solitary click, all neatly exhibited via an intuitive user interface. This empowers security operations teams to rapidly pinpoint high-impact attacks and take prompt, decisive action.
The innovative approach to security analytics driven by Elastic’s solution’s AI capabilities is built on the Search AI platform, which incorporates RAG powered by the industry’s unparalleled search technology. LLMs (local linear models) are merely as precise and current as the information they utilise, thus requiring rich, recent data to produce accurate, custom results. The search-based RAG delivers the necessary context automatically, eradicating the need for the construction and constant retraining of a customised LLM on perpetually evolving internal data.
The groundbreaking innovation from Elastic Security is poised to transform the framework and productivity of organisations’ security teams. “With this launch, security teams have the power to condense thousands of alerts, a task that would have originally consumed hours for analysts to sift through manually. Now, it is triaged within seconds with just a single click,” says Asjad Athick, Cyber Security Lead, Asia Pacific and Japan at Elastic.
‘Attack Discovery’ uniquely employs the Search AI platform to sort and categorise which alert details the LLM should assess. It fetches the most unerring data by querying the rich context within Elastic Security alerts with Elasticsearch’s hybrid search capabilities and instructs the LLM how to identify and prioritise the most significant attacks.
Gavin Jones, Area Vice President, ANZ at Elastic, highlighted the need for such a solution, noting the incessant and sophisticated attacks organisations face. He stated ‘Attack Discovery’ is a transformative development towards addressing the persistent cybersecurity workforce crisis, “Threat investigations that would have taken entire teams can now be investigated by a single analyst in less time.”
Many SOCs are bogged down by the daily task of sorting through thousands of alerts, a dull, time-wasting chore prone to error. Elastic Security alleviates this strain by triaging out false positives and mapping remaining potent signals to discrete attack chains. Analysts can expend less effort sifting through alerts and more time investigating and addressing threats through prompt, accurate triage.
Since its inception in 2019, Elastic Security has grown to encompass advanced analytics capabilities with over 100 prebuilt ML-based anomaly detection jobs to detect previously unknown threats. Elastic AI Assistant for Security has been introduced to aid SOC analysts with rule authoring, alert summarisation, and workflow and integration recommendations.
Under the upcoming Elastic 8.14 release, ‘Attack Discovery’ will be accessible to all customers with an Enterprise licence.