Elastic launches AI-powered tool for SOC analysts
Search AI company Elastic has launched a serverless security package aimed at bringing AI-driven detection and triage into existing Security Information and Event Management (SIEM) and Endpoint Detection and Response (EDR) tools.
The solution, Elastic AI SOC Engine (EASE), uses Elastic’s Attack Discovery platform and an AI assistant to help Security Operations Centre (SOC) analysts more rapidly uncover hidden, coordinated threats. It is designed for deployment in security environments that utilise Splunk, Microsoft Sentinel, CrowdStrike, and other popular tools.
It supports agentless integrations by ingesting alerts from third-party platforms, allowing users to apply AI analysis to alerts. The solution can be used to triage, correlate and prioritise alerts, and data connections can enrich investigations with knowledge from sources including Jira, GitHub, and SharePoint.
Elastic GM for Observability and Security Santosh Krishnan said in today’s threat environment, SOC analysts can be overwhelmed by high alert volumes.
“EASE brings Elastic’s proven AI capabilities into the security tools teams already use, to automatically prioritise threats, correlate alerts, and accelerate investigations, reducing the load on teams,” he said. “When ready, teams can seamlessly migrate to Elastic Security for a unified, AI-driven platform that brings together SIEM, EDR, and cloud security, without missing a beat.”
Payment industry urged to act now on quantum threats
The Emerging Payments Association of Australia has released a paper urging the payment industry...
Cloudflare gives creators new tool to control use of their content
With AI crawlers reducing traffic to websites, content creators can now set rules on how AI...
Check Point Software expands Australian presence
Check Point Software has implemented Australian-based data residency instances of its Harmony...