Elastic launches AI-powered tool for SOC analysts
Search AI company Elastic has launched a serverless security package aimed at bringing AI-driven detection and triage into existing Security Information and Event Management (SIEM) and Endpoint Detection and Response (EDR) tools.
The solution, Elastic AI SOC Engine (EASE), uses Elastic’s Attack Discovery platform and an AI assistant to help Security Operations Centre (SOC) analysts more rapidly uncover hidden, coordinated threats. It is designed for deployment in security environments that utilise Splunk, Microsoft Sentinel, CrowdStrike, and other popular tools.
It supports agentless integrations by ingesting alerts from third-party platforms, allowing users to apply AI analysis to alerts. The solution can be used to triage, correlate and prioritise alerts, and data connections can enrich investigations with knowledge from sources including Jira, GitHub, and SharePoint.
Elastic GM for Observability and Security Santosh Krishnan said in today’s threat environment, SOC analysts can be overwhelmed by high alert volumes.
“EASE brings Elastic’s proven AI capabilities into the security tools teams already use, to automatically prioritise threats, correlate alerts, and accelerate investigations, reducing the load on teams,” he said. “When ready, teams can seamlessly migrate to Elastic Security for a unified, AI-driven platform that brings together SIEM, EDR, and cloud security, without missing a beat.”
Tenable launches tool for securing enterprise AI
Tenable AI Exposure aims to help organisations reduce risks associated with the use of AI across...
Palo Alto seeks to redefine application security
Palo Alto Networks' new Cortex Cloud APSM solution is aimed at resolving security risks...
HPE unveils new security tools at Black Hat USA
HPE has introduced a range of new AI-driven security capabilities at the annual Black...
