如何讓 Elastic Security 為您的公司創造價值？

Video transcript:
Hi, all. I’m Mandy, Elastic’s CISO. Before I compare the above outcomes, let me first share my perspective for context. Fundamentally, I see security as a data problem, and I’m often asked, what keeps you up at night? I always give the same answer: what do I not know? There are so many things changing and happening in the global threat environments and our overall environment that I’m always concerned about what we are missing. What actions should we be taking that we don’t have the visibility or are just not looking at with the correct perspective? With that in mind, I try to build a diverse team that brings different skills and different perspectives and stays really connected with the community.

But there will always be things that we don’t know. And how do we learn that? How do we apply Elastic and the power of the ELK stack to provide us that visibility? Elastic helps our organization uncover some of those unknown unknowns with data. There are so many great stories I can tell you about how Elastic enables organizations to do that. But fundamentally, it’s a mindset shift.  How do you transition from focusing on discrete activities that you don’t want to see happening in your environment to really understanding the baseline of how your environment should be behaving and what anomalous activities are occurring that you should investigate? With today’s scale and overall significant amounts of data. Elastic provides the ability to quickly process significant amounts of data at scale. That speed, combined with our machine learning and generative AI capabilities, means we don’t have to do it the same way. When you replace the tech stack for your SOC. These combined capabilities are some of the most powerful I have seen and some of the easiest to configure just out of the box, turning on machine learning rules. We gain significantly more insight than organizations can achieve with the traditional SIEM. We’re all awaiting the addition of Elastic Security Assistant that utilizes generative AI to shorten the learning curve of analysts.

Before Elastic, I was working at a Fortune 100 firm. We wanted to completely rebuild our SOC and expand to provide global 24×7 support. We were ingesting daily about five terabytes of data with 50,000 events per second. Additionally, we had daily bursts, occasionally reaching 100,000 events per second. We knew we wanted detection and analysis with some behavioral analytics. We wanted to start moving into anomalous behavior. Understanding what was suspicious about our environment, whether it was a user or a machine. Getting all of that stood up took us three tools, 24 months, millions of dollars in licenses, and even millions of dollars more in services. And after 24 months, we were functional, but we still had a lot of work to do to get us to our desired end state. 

When I started at Elastic, I was looking to achieve the same thing, and we were able to do that with one product and one license, Elastic. We’re known to Elasticians as customer zero. We start testing and consuming capabilities as soon as possible. In that first three months, we were ingesting about 32 terabytes of data daily, 350,000 events per second. And we only had four SOC analysts distributed across the globe. From an information security perspective, we were up and running in three months versus 24. Not to mention that our current architecture is ingesting daily 200 terabytes of data, but this story doesn’t tell us the rest of the power across the environment. Utilizing cross-cluster search on petabytes of data across multi-cloud and on-prem environments, searching many, many petabytes of data in just under 30 seconds. 

This provides insights allowing us to respond to real-time events like Log4j and helps us provide data analysis to answer some of those questions to help ensure that we’re knowing what’s happening in our environment and identifying, as best we can, those unknown unknowns. With elastic security, we’ve seen clear productivity gains, risk reductions, and cost savings, and we look forward to continuing on this journey to improve the security of elastic. I encourage you to evaluate the gains your organization can achieve using elastic. Thank you.