Highlights:

  • Elastic, a provider of SIEM technology, just made the announcement that it would be releasing Elastic Security 8.4, which will have new native security, orchestration, automation, and response (SOAR) features.
  • Implementation of SOAR capabilities into the current solution positions Elastic favourably to accelerate its journey towards open security.

About 56% of significant businesses manage at least 1,000 security alerts daily. If these notifications require 10 minutes to be addressed, it makes up to nearly 166 hours per day or 830 hours per week that’s wasted. Automation is now necessary to eliminate these manual activities so that security personnel may concentrate on higher-value jobs.

It is here that Elastic, a provider of SIEM technology, just announced the release of Elastic Security 8.4, which will launch new native security, orchestration, automation, and response (SOAR) features. In addition, it has partner integrations that were developed to speed up security operation centers (SOCs) and provide improved assistance to human analysts.

The new solution, powered by Elastic Agent, will offer native remediation and response capabilities for all users. Additionally, it will provide configurable alerts, and integration with other SOAR vendors, allowing businesses to implement SOAR without purchasing additional solutions.

SOAR and open security

Elastic’s launch comes at a time when security automation is crucial for surviving an increasingly complicated attack landscape.

According to IBM, firms with fully integrated security Artificial Intelligence (AI) and automation paid USD 3.05 million less per data breach than those without. SOAR provides a complete security automation platform.

According to Gartner, SOAR platforms are “solutions that combine incident response, orchestration and automation, and threat intelligence platform management capabilities in a single solution.” Ultimately, the result is the ability to minimize mean time-to-detection and mean time-to-response to security events.

Implementing SOAR capabilities into the current solution positions Elastic favourably to accelerate its journey towards open security, with new integrations with D3 and Torq and existing connectors with ServiceNow, Swimlane, and Tines.

Mike Nichols, vice president of product management and security at Elastic, said, “We are committed to open security, which started with us opening our security artifacts. By sharing the patterns of behavior we look for to identify threats and our mechanisms for stopping an attack, other companies can leverage the work we’ve already done to strengthen their defences.”

SOAR market in brief

Elastic security is now positioned to participate in the SOAR market, which experts anticipate will expand at a compound annual growth rate of 14.6% and reach a value of USD 2.03 billion by 2025.

One of the most critical providers in the market is Swimlane, which offers a low-code SOAR platform. This platform is designed for security professionals with no experience with coding, and it uses webhooks and remote agents to ingest data from all over the environment of an organization.

At the beginning of this year, Swimlane successfully obtained growth finance of USD70 million.

Yet another competitor is Siemplify, which Google acquired at the beginning of this year for a total price of USD 500 million. Siemplify provides enterprises with a cloud-native SOAR platform with a drag-and-drop user interface that analysts can use to automate administrative duties. In addition to this, it offers recommendations that are informed by machine learning for improving the visibility of the SOC.

The company’s emphasis on open security is the primary factor that sets Elastic Security apart from other service providers on the market. Elastic security is working to standardize data sharing to guarantee businesses have access to the information required to protect their environments from modern threat actors.