Mountain View, CA, USA
Jan 20, 2022   |  By Derek Ditch,
Elastic Security engineers have documented a less tedious way to find network beaconing from Cobalt Strike. In their full analysis (), Elastic Security team researchers Andrew Pease, Derek Ditch, and Daniel Stepanic walk users through the Elastic fleet policy, how to collect the beacon, beacon configuration, how to analyze its activity, and how you can set it up in your organization’s environment.
Elastic Security has verified a new destructive malware targeting Ukraine: Operation Bleeding Bear. Over the weekend, Microsoft released details about this multi-stage and destructive malware campaign that the Ukrainian National Cyber Security Coordination Center has been referring to as Operation Bleeding Bear.
Jan 13, 2022   |  By Apoorva Joshi,
The early stages of an intrusion usually include initial access, execution, persistence, and command-and-control (C2) beaconing. When structured threats use zero-days, these first two stages are often not detected. It can often be challenging and time-consuming to identify persistence mechanisms left by an advanced adversary as we saw in the 2020 SUNBURST supply chain compromise. Could we then have detected SUNBURST in the initial hours or days by finding its C2 beacon?
Jan 13, 2022   |  By James Spiteri
Following the discovery of Log4Shell, a vulnerability in Log4J2, Elastic released a blog post describing how users of our platform can leverage Elastic Security to help defend their networks. We also released an advisory detailing how Elastic products and users are impacted.
Jan 11, 2022   |  By Daniel Stepanic,
With our recent 7.16 Elastic Security product release, we improved our existing Linux malware feature by adding memory protection. In this blog, brought to you by Elastic’s Engineering Security Team, we lean into this recent advancement to show how we are protecting the world’s data from attack.
Dec 22, 2021   |  By Joe Desimone
The Elastic Security team identified a noteworthy cluster of malicious activity after reviewing our threat prevention telemetry. A valid code signing certificate is used to sign malware to help the attackers remain under the radar of the security community. We also discovered a novel malware loader used in the campaign, which we’ve named BLISTER. The majority of the malware samples observed have very low, or no, detections in VirusTotal.
Dec 20, 2021   |  By Cole Henry
Welcome to Elastic’s Log4j2 vulnerability information hub. Here we will explain what the specific Log4j2 vulnerability is, why it matters, and what tools and resources Elastic is providing to help negate the opportunity for malware exploits, cyberattacks, and other cybersecurity risks stemming from Log4j2.
Dec 15, 2021   |  By Gagan Singh
CIOs are remaking the IT function — no longer will security and developer teams be siloed. Recent survey data from 451 Research, part of S&P Global Market Intelligence, and published by Elastic shows a major shift in who is using application security tools, suggesting that DevSecOps is not just an idea, but a growing reality for IT decision makers. IT decision-makers allocated application security tools to 48% of development teams in 2020, compared to just 29% in 2015.
Dec 10, 2021   |  By Jake King,
To understand how Elastic is currently assessing internal risk of this vulnerability in our products please see the advisory here.
Dec 9, 2021   |  By Jennifer Ellard,
Elastic has been recognized as a Customers’ Choice in the 2021 Gartner Peer Insights ‘Voice of the Customer’: Security Incident and Event Management (SIEM) report with an overall rating of 4.6 out of 5 based on 51 reviews as on November 25, 2021. The report combines the feedback and experiences of more than 51 Elastic Security customers on Gartner Peer Insights™. Elastic’s Willingness to Recommend score was 98% — the highest of all vendors included in the report.
Dec 9, 2021   |  By Elastic
Elastic Security has introduced the industry’s only free and open Limitless XDR solution. Now, native endpoint security comes on every host, automated detections prioritize the biggest risks, and universal data ingestion and centralized analysis accelerate analyst workflows across triage, investigation, escalation, and response. Join our keynote session to learn what unrestricted data ingestion, visibility, and analysis means for analysts, the impacts that key technology and cloud integrations have on security teams, and what the future with Limitless XDR looks like for organizations worldwide.
Dec 9, 2021   |  By Elastic
In this session, you'll learn how to make sense of Microsoft 365 and Azure AD logs to secure and monitor your environment. Speaker: Eric Ooi, Director of Security and Research, Iron Vine Security
Nov 4, 2021   |  By Elastic
Elastic Security equips analysts to solve their most pressing infosec problems by preventing, detecting, and responding to threats quickly and at scale.
Jul 14, 2021   |  By Elastic
Learn how to use Elastic Security’s ransomware protection to stop threats at scale. In this tutorial, you will learn how to enable ransomware protection through Elastic Security and how our technology uses behaviors — not signatures — to protect your network.
Jun 4, 2021   |  By Elastic
Learn how to use threat intelligence and EQL in Elastic Security to threat hunt at any skill level. In this tutorial, you will learn how to extract information from threat reports and author EQL queries to threat hunt across your environment with the speed that Elasticsearch is known for.
Mar 11, 2021   |  By Elastic
Elastic Security empowers analysts to collect data from multiple data source integrations, perform traditional SIEM functions, and take advantage of machine learning-based malware protection on the endpoint. Analysts can filter, group, and visualize data in real-time while performing automated threat detection across various security events and information. In this video, you’ll learn about the components that make up Elastic Security and what those components do to help you protect your data.
Mar 11, 2021   |  By Elastic
Elastic Security offers the ability to open and track security issues using cases. Cases created directly in Elastic Security can be sent to external systems like Atlassian’s Jira, including Jira Service Desk, Jira Core, and Jira Software. In this video, you’ll learn how to connect Elastic Security to the Jira Service Desk.
Jan 4, 2021   |  By Elastic
Elastic Security has open sourced all our detection rules to work alongside the security community to stop threats at scale and arm every analyst. As part of our belief in the power of open source, Elastic includes prebuilt rules within the Security App to detect threats automatically. In this video, you’ll learn how you can contribute by creating a new rule, adding your new rule to the detection rules repo, and getting credit for it in the Elastic contributor program.
Dec 16, 2020   |  By Elastic
The detection engine brings automated threat detection to the Elastic Stack through the Security app in Kibana. As part of our belief in the power of open-source, Elastic Security has open sourced all our detection rules to work alongside the security community to stop threats at scale and arm every analyst. In this video, you’ll learn more about the detection engine and how to automate the protection of your data.
Aug 19, 2020   |  By Elastic
Learn how the latest security capabilities in the Elastic Stack enable interactive exploration, incident management and automated analysis, as well as unsupervised machine learning to reduce false positives and spot anomalies — all at the speed and scale your security practitioners need to defend your organisation.

Elastic is the world's leading software provider for making structured and unstructured data usable in real time for search, logging, security, and analytics use cases. Built on an open source foundation, the Elastic Stack lets you reliably and securely take data from any source, in any format, and search, analyze, and visualize it in real time.

The Elastic Stack:

  • Kibana gives shape to your data and is the extensible user interface for configuring and managing all aspects of the Elastic Stack.
  • Elasticsearch is a distributed, JSON-based search and analytics engine designed for horizontal scalability, maximum reliability, and easy management.
  • Beats is a platform for lightweight shippers that send data from edge machines to Logstash and Elasticsearch.
  • Logstash is a dynamic data collection pipeline with an extensible plugin ecosystem and strong Elasticsearch synergy.

Founded in 2012 by the people behind the Elasticsearch, Kibana, Beats, and Logstash open source projects, Elastic's global community has more than 80,000 members across 45 countries. Since its initial release, Elastic's products have achieved more than 100 million cumulative downloads.