Elastic Introduces Attack Discovery to Revolutionize Threat Detection

Elastic, the Search AI Company, announced Search AI will replace the traditional SIEM with  an AI-driven security analytics solution for the modern SOC. Powered by the Search AI platform, Elastic  Security is replacing largely manual processes for configuration, investigation and response by  combining search and retrieval augmented generation (RAG) to provide hyper-relevant results that  matter. The newest feature, Attack Discovery, triages 100s of alerts down to the few attacks that matter  with a single button click, and returns results in an intuitive interface, allowing security operations teams  to quickly understand the most impactful attacks, take immediate follow-up actions and more. 

Elastic’s AI-driven security analytics is built on the Search AI platform, which includes RAG powered by  the industry's foremost search technology. LLMs are only as accurate and current as the information  they leverage: their underlying training data and the context provided with the prompt. As such, they  require rich, up-to-date data to deliver accurate, tailored results — and efficiently gathering this  confidential knowledge requires search. Search-based RAG delivers this context automatically and  eliminates the need to build a bespoke LLM and constantly retrain it on ever-changing internal data. 

Advanced Threat Detection

"In India, where the cybersecurity landscape is rapidly evolving, the need for advanced, efficient  solutions is paramount. Attack Discovery significantly advances threat detection and response time,  allowing security teams to swiftly prioritise and address the most critical attacks," said Asjad Athick,  Cybersecurity Lead, Asia Pacific and Japan at Elastic, "This ultimately bolsters the security posture and  resilience of organisations, and can power productivity and supplement practitioner knowledge to speed up threat detection, investigation, and response.” 

Attack Discovery uniquely leverages the Search AI platform to sort and identify which alert details  should be evaluated by the LLM. By querying the rich context contained within Elastic Security alerts  with the hybrid search capabilities of Elasticsearch, the solution retrieves the most relevant data to  provide to the LLM and instructs it to identify and prioritize the few attacks accordingly. This includes  data such as host and user risk scores, asset criticality scores, alert severities, descriptions and alert  reasons. 

“As a lean organisation, we do not operate a traditional SOC team, so the ability to secure our assets  faster using our existing team and generative AI is very exciting," said Kadir Burak Mavzer, Cloud  Security team lead at Bolt. "We've already seen great results with Elastic AI Assistant and are looking  forward to using Attack Discovery soon.” 

“Attack Discovery is a transformative step towards solving the ongoing cybersecurity workforce  shortage. Investigations that would have taken entire teams can now be investigated by a single analyst  in less time,” said Ken Buckler, information security research director at EMA. “Attack Discovery will  provide analysts and incident responders a significant advantage over existing log analysis focused  solutions.” 

Many SOCs have 1000s of alerts to sift through daily. Much of this work is dull, time-intensive, and error prone. Elastic Security removes the need for such manual effort. Attack Discovery triages out the false  positives and maps the remaining strong signals to discrete attack chains, showing how related alerts  are part of an attack chain. Attack Discovery uses LLMs to evaluate alerts, taking into consideration 

severity, risk scores, asset criticality and more. By delivering this accurate and fast triage, analysts can  spend less time sifting through alerts and more time investigating and addressing threats.  

Since its release in 2019, Elastic Security has grown to include some of the industry’s most advanced  analytics capabilities, including 100+ prebuilt ML-based anomaly detection jobs to detect previously  unknown threats. Last year, Elastic introduced Elastic AI Assistant for Security to help SOC analysts with  rule authoring, alert summarisation, and workflow and integration recommendations.