Skip to content

Tech Friday: Deep Dive into Elastic Security

In the month of June, we had our monthly meeting, where all the Elastic consultants came together to discuss on the new features, opportunities, trends, sales & marketing updates, knowledge sharing and improvement of the Elastic team in our Amsterdam office.

We started by introducing the employees who joined our team this month and we had a chance to get to know each other. We talked about our backgrounds, knowledge, and different industries that we worked in. We informed each other about what we are doing for our customers, what projects and cases we are working on and what is coming in the future.

Initially, the first part of the presentation was about the deep dive into Security and SIEM. It was explained where they came from, and what the MITTRE ATT&CK is. In addition, why these instances are very important for organizations with collective approaches like detection, regulations, incident management and zero attack day evidences. We also learned about the three different iterations of the MITTRE ATT&CK and checked the last version of the Enterprise Matrix, which was published in April of 2022.

ELASTIC SECURITY

Furthermore, we focused on the Elastic Security solution to gain more knowledge on these concepts. After that subject, we continued with the differences between XDR & EDR, how they are complementary to each other and how they work together.

During this meeting, we had a demo about Elastic Security.
The following subjects were discussed:

  • How Elastic is becoming a single point solution as a SIEM tool
  • The new features coming with Elastic 8.2
  • What Elastic Security provides security benefits and capabilities
  • What the architecture looks like and how the engine works
  • Endpoint agent deployment
  • Management from UI
  • Importing the policies to make a prevention, detection and easy respond

Moreover, we talked about the third party solutions for Elastic SIEM as a SOAR tool, which is an effective complementary part of SIEM tools to assist security teams in handling manual tasks with automation. We looked into the integrations between Elastic SIEM and some other tools such as Siemplify, Exabeam, Swimlane, D3 SOAR and new partnership with Tines.

Next on the agenda was our breakout session. Every Tech Day meeting, we have two or three breakout sessions in which we separate into small groups on specific topics for that day. At the end of these sessions, we present the outcome to the whole group.

This Tech Day the following subjects in the breakout sessions were:

  • Using XMatters as an action of Elastic alerts with a demo.
  • Elastic cloud billing to use APIs to retrieve data from Elastic Cloud.
  • Elastic 3rd party solutions as a service or a tool around Elastic.

We ended the day with drinks and snacks to celebrate our newly acquired strengths on Elastic and started the weekend with good knowledge sharing as a team. This shows how proud we are to be a member of such a strong Elastic community within Devoteam.

Do you like these kinds of events? Check out our I-Tech career page and perhaps you would be able to join this community’s next event!