Elastic launches AI-powered tool for SOC analysts

Search AI company Elastic has launched a serverless security package aimed at bringing AI-driven detection and triage into existing Security Information and Event Management (SIEM) and Endpoint Detection and Response (EDR) tools.

The solution, Elastic AI SOC Engine (EASE), uses Elastic’s Attack Discovery platform and an AI assistant to help Security Operations Centre (SOC) analysts more rapidly uncover hidden, coordinated threats. It is designed for deployment in security environments that utilise Splunk, Microsoft Sentinel, CrowdStrike, and other popular tools.

It supports agentless integrations by ingesting alerts from third-party platforms, allowing users to apply AI analysis to alerts. The solution can be used to triage, correlate and prioritise alerts, and data connections can enrich investigations with knowledge from sources including Jira, GitHub, and SharePoint.

Elastic GM for Observability and Security Santosh Krishnan said in today’s threat environment, SOC analysts can be overwhelmed by high alert volumes.

“EASE brings Elastic’s proven AI capabilities into the security tools teams already use, to automatically prioritise threats, correlate alerts, and accelerate investigations, reducing the load on teams,” he said. “When ready, teams can seamlessly migrate to Elastic Security for a unified, AI-driven platform that brings together SIEM, EDR, and cloud security, without missing a beat.”

Image credit: iStock.com/D3Damon