What's the unique value elastic security provides? Is it SIEM? Why do people use elastic for XDR instead of crowdstrike and so on, since they can provide network solutions etc.
Hi Ernest, thank you for asking! Elastic for Security's unique value proposition is its ability to ingest and analyze vast amounts of data from a variety of sources, including logs, network traffic, and endpoint data. This allows organizations to gain a comprehensive view of their security posture and to detect threats that might otherwise go unnoticed.
Elastic for XDR is a good alternative to other solutions because it is more open and flexible. Elastic is a software platform, so organizations can choose to deploy it on-premises or in the cloud. This gives them more control over their security infrastructure and makes it easier to integrate Elastic with other security tools.
-Openness and flexibility: Elastic is a software platform, so organizations can choose to deploy it on-premises or in the cloud. This gives them more control over their security infrastructure and makes it easier to integrate Elastic with other security tools.
- Scalability: Elastic is designed to scale to meet the needs of even the largest organizations. This is important for XDR, as organizations need to be able to collect and analyze data from a variety of sources.
- Cost-effectiveness: Elastic is a relatively cost-effective solution for XDR. This is because organizations can choose to deploy Elastic on-premises or in the cloud, depending on their needs.
-Limitless data
**-Advanced analytics **
-Kernel level data collection
-Native prevention
- Native response
I can go on and on. Are you interested in talking further with someone about our capabilities or giving it a try?
Thank you! Does Elastic support a Firewall? Do I need to buy another product providing both firewall and XDR after I use elastic for XDR? And does Elasticsearch's "Near-real-time" matter in security scenes?
- We can collect logs from firewalls
- We can use webhooks to modify the host based firewall or other firewall technology if they are API driven.
Realtime and near-real time matters al lot when trying to contain an incident. Security analysts need to be able to react and respond in time to stop damage and loss.
Excuse me. I don't get it. So is Elastic XDR near-real-time? Or Elastic XDR is independent of Elasticsearch?
Our open XDR is a part of our Elastic Security solution. The unified solution provide includes our SIEM, Endpoint, XDR and Cloud security. Our XDR solution is considered a bit of both. Real-time prevention of malicious activity on the host. Near real time centralized detection in the stack
You can find more information on our website and documentation if you are interested. You can also connect with one of our sales rep for a deeper dive. XDR | Extended Detection and Response | Elastic | Elastic
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.