New exciting features of Elastic 8.5
Elastic Security for Cloud
These days, cloud security capabilities are ever more necessary, because of cyberwarfare and rising threats from infamous hacking groups. As the business world continuously expands its IT infrastructure to the cloud so do the threats toward cloud infrastructure.
With the Elastic Defend integration, it is even easier to integrate cloud protection into environments like Virtual Machines (ec2 instances & Kubernetes). At Elk Factory, we believe in the capabilities for Elastic Security to be used both for conventional Endpoint protection as well as cloud, simultaneously making deployment management and monitoring seamless. Elastics Fleet integrations are a driving factor in streamlining.
Endpoint configuration options
During our experience working with Elastic Security, the flexibility, and versatility of the product has been a strong point. Elastic 8.5 gives us more options to finetune configuration settings regarding endpoints for their specific environment and, the ability to choose if an endpoint should be managed with only Next Generation Antivirus/ Essential EDR or Complete EDR.
Rule preview and Risk scores
ELK factory is very excited about the added feature of previewing rules, which will give us the ability to test our own rules more effectively as well as optimize the time used for implementing a specific ruleset for an endpoint. Also, Elastics’ Risk score functionality has been a great tool for increasing visibility in our environment.
Bulk rule editing
Previously detection rules had to be edited one by one, which could be time-consuming when editing many rules. Especially if the changes are very limited in scope. With Elastic 8.5 however, bulk editing has been added to Elastic Security giving us the needed ability to effectively manage our detection rules.
Elastic security Machine Learning capabilities
A SIEM tool like Elastic Security should make the life of a security analyst easier. To achieve the most productive workflow, it is necessary to eliminate monotone or repetitive tasks as much as possible. Elastic Security Machine learning capabilities help us eliminate the overhead for our analyst and let him/her focus on the most important tasks. These options include the detection of uncommon processes based on which environment is used and, risk scores that are given to hosts as well as users.
Lastly, we are very excited about the new ability called, session view showing every command which has been used as well as if the command has been executed successfully. Session view also gives us the ability to react with more options such as running an osquery, opening a case, and even reacting immediately to a threat.
Elastic Observability 8.5
With Elastic Observability, it will be possible to auto-instrument existing .NET applications, which will provide a solution to the organization’s need of disturbed tracing for their .NET applications. This feature will give complete visibility into the entire .NET application ecosystem. Making it possible for applications that are running in containers, IIS, or Windows/Linux services without the need of recompiling the binaries.
Overall, we at Elk Factory are extremely excited about the constant innovation brought on by Elastic and its community. We will continue to closely monitor the new releases and will make sure to keep you informed about the exciting aspects of each release. So follow us on Linkedin and stay up to date!