Elastic Security automates prevention, collection, detection, and response across MITRE ATT&CK

The latest release of Elastic Security enhances endpoint detection capabilities and introduces improvements to Elastic SIEM

Elastic N.V. (NYSE: ESTC), creators of Elasticsearch, today announced the release of Elastic Security 7.6.0, which builds on the strengths of Elastic Endpoint Security and Elastic SIEM to deliver unparalleled visibility and threat protection through a unified interface. This release automates the centralized detection of threats in the SIEM app and enhances endpoint detection capabilities on Windows hosts. Access to new data sources and improvements across the Elastic SIEM app further empower security practitioners to accelerate detection and response.

Elastic Security 7.6 introduces a new SIEM detection engine to automate threat detection, minimizing mean time to detect (MTTD) and freeing up your security team for security tasks requiring human intuition and skill. With Elasticsearch at its core, Elastic SIEM already accelerates security investigation time from hours to minutes. This new automated detection capability further reduces dwell time by surfacing threats that would otherwise be missed.

Elastic is also releasing an initial set of nearly 100 out-of-the-box rules aligned with the ATT&CK knowledge base to surface signs of threats often missed by other tools. Created and maintained by the security experts at Elastic, the rules automatically detect tools, tactics, and procedures indicative of threat activity, and will be continually updated to address new threats. Risk and severity scores associated with signals generated by the detection engine enable analysts to triage issues rapidly and then turn their attention to the highest-value work.

“Elastic has helped our security team focus on what matters by equipping us with the tools we need to efficiently search millions of logs while reducing the number of alerts to a volume that our security team can manage,” said Maxim Verreault, Security Manager at Skytech Communications. “With the release of 7.6, out-of-the-box signal detection rules in Elastic SIEM enable us to automate analysis across our observability data and detect and respond to threats the moment they happen. Elastic Security 7.6 also provides a great way for the community to connect, as we, the security folks, will be able to share custom signal detection rules so that everyone can benefit from them and detect new emerging threats.”