Elastic (NYSE: ESTC), known as the Search AI Company, recently announced the launch of its Elastic AI SOC Engine (EASE). This new serverless security package is designed to bring AI-driven, context-aware detection and triage capabilities to existing SIEM (Security Information and Event Management) and EDR (Endpoint Detection and Response) tools. The aim is to enhance threat exposure without requiring an immediate overhaul of current security infrastructure.
EASE offers agentless integrations and incorporates AI-driven alert correlation through Elastic’s Attack Discovery. It also includes an AI Assistant, intended to help SOC analysts identify hidden and coordinated threats more quickly, thereby reducing manual investigation efforts. Delivered on the Elastic Cloud, EASE is presented as a way for security teams to better prioritize threats, alleviate alert fatigue, and maximize the value of their existing security investments.
Santosh Krishnan, general manager, Observability & Security at Elastic, commented on the development, stating, “SOC analysts are overwhelmed by high alert volumes and lack the AI support they need from their existing SIEM and EDR solutions to investigate threats effectively. EASE brings Elastic’s proven AI capabilities into the security tools teams already use, to automatically prioritize threats, correlate alerts, and accelerate investigations, reducing the load on teams. When ready, teams can seamlessly migrate to Elastic Security for a unified, AI-driven platform that brings together SIEM, XDR, and cloud security, without missing a beat.”
EASE is developed for quick deployment and is compatible with security environments utilizing platforms such as Splunk, Microsoft Sentinel, and CrowdStrike. Key features of EASE include:
- Agentless integrations: Allows for native alert ingestion from third-party SIEM and EDR platforms, enabling immediate AI analysis of alerts.
- AI-powered alert correlation: Provides access to Elastic Attack Discovery for triaging, correlating, and prioritizing alerts, alongside an AI-powered alert view with summaries and context.
- Context-aware AI Assistant: Facilitates investigations by enriching them with internal knowledge from sources like Jira, GitHub, and SharePoint, supporting natural language queries and RAG-based search across organizational data.
- Transparent AI with model flexibility: Offers choices between an organization’s own LLM or the Elastic Managed LLM, with cited AI Assistant responses for data transparency and full logging and tracking of queries, responses, and token usage.
- Operational dashboards: Provides out-of-the-box metrics to demonstrate time savings, detection improvements, and ROI for security teams.
Michelle Abraham, senior research director, Security and Trust, IDC, noted, “Elastic is tackling a common challenge: how to bring open and transparent AI into the SOC without starting from scratch. EASE helps teams with faster detection and investigation using the tools they already have.”