KMWorld 2024 Is Nov. 18-21 in Washington, DC. Register now for Super Early Bird Savings!

Elastic introduces AI-driven security analytics to redefine SEIM

Elastic, the Search AI Company, announced Search AI will replace its traditional SIEM with an AI-driven security analytics solution—replacing largely manual processes for configuration, investigation, and response by combining search and retrieval augmented generation (RAG) to provide hyper-relevant results that matter.  

The newest feature, Attack Discovery, triages 100s of alerts down to the few attacks that matter with a single button click, and returns results in an intuitive interface, allowing security operations teams to quickly understand the most impactful attacks, take immediate follow-up actions, and more.

Elastic’s AI-driven security analytics is built on the Search AI platform, which includes RAG powered by the industry's foremost search technology.

Attack Discovery uniquely leverages the Search AI platform to sort and identify which alert details should be evaluated by the LLM. By querying the rich context contained within Elastic Security alerts with the hybrid search capabilities of Elasticsearch, the solution retrieves the most relevant data to provide to the LLM and instructs it to identify and prioritize the few attacks accordingly. This includes data such as host and user risk scores, asset criticality scores, alert severities, descriptions, and alert reasons, according to the company.

“The attacks companies face are as constant as they are sophisticated, and with no lever to slow the deluge of signals, most security teams struggle to keep their heads above water,” said Santosh Krishnan, general manager of Security at Elastic. “Nearly 20% of our security customers already use our AI Assistant to boost team efficiency. Similarly, Attack Discovery will power productivity and supplement practitioner knowledge to speed up threat detection, investigation, and response. It helps your people—and SOC—succeed.”

Attack Discovery triages out the false positives and maps the remaining strong signals to discrete attack chains, showing how related alerts are part of an attack chain. Attack Discovery uses LLMs to evaluate alerts, taking into consideration severity, risk scores, asset criticality, and more.

According to the company, by delivering this accurate and fast triage, analysts can spend less time sifting through alerts and more time investigating and addressing threats.

Attack Discovery will be available to all customers with an Enterprise license as part of the Elastic 8.14 release.

For more information about this news, visit www.elastic.co.

KMWorld Covers
for qualified subscribers
Subscribe Now Current Issue Past Issues