No Comments

Implementing Security Analytics Using Elastic Stack

Ajit Gadge I Senior Database Consultant, Ashnik
Singapore, 15 Mar 2018

by , , No Comments


Threats don’t follow templates. Neither should you. The Elastic Stack gives you the edge you need to keep pace with the attack vectors of today and tomorrow. Let’s start with understanding what security analytics is and how it can be maximized. 

Security analytics is the process of using data collection, aggregation, and analysis tools for security monitoring and threat detection. Depending on the types of tools installed, security analytics solutions can incorporate large and diverse data sets into their detection algorithms. Security analytics data can be collected in several ways, including from:

  • Network traffic
  • Endpoint and user behavior data
  • Cloud resources
  • Business applications
  • Non-IT contextual data
  • Identity and access management data
  • External threat intelligence sources

Recent technological advancements in security analytics include adaptive learning systems that fine-tune detection models based on experience and learnings, as well as anomaly detection logic. These technologies accumulate and analyze real-time data that includes:

  • Asset metadata
  • Geo-location
  • Threat intelligence
  • IP context

These forms of data can then be used for both immediate threat response and investigations.

Security analytics has a variety of use cases, from improving data visibility and threat detection to network traffic analysis and user behavior monitoring. Some of the most common security analytics use cases include:

  • Analyzing user behavior to detect potentially suspicious patterns
  • Analyzing network traffic to pinpoint trends indicating potential attacks
  • Identifying improper user account usage, such as shared accounts
  • Detecting data exfiltration by attackers
  • Detecting insider threats
  • Identifying compromised accounts
  • Investigating incidents
  • Threat hunting
  • Demonstrating compliance during audits

Above all, the primary goal of security analytics is to turn raw data from disparate sources into actionable insights to identify events that require an immediate response through the correlation of activities and alerts. In doing so, security analytics tools add a critical filter to the volumes of data generated by users, applications, networks, and other security solutions in place.

Elastic Stack is one of the most powerful solutions to address these security analytics use cases in well-defined manner. We have created a demo with screenshots for you to better understand ‘how to leverage the Elastic Stack’. Click here to download the demo paper.

Ajit Gadge I Senior Database Consultant, Ashnik

Ajit brings over 16 years of solid experience in solution architecting and implementation. He has successfully delivered solutions on various database technologies including PostgreSQL, MySQL, SQLServer. His derives his strength from his passion for database technologies and love of pre-sales engagement with customers. Ajit has successfully engaged with customers from across the globe including South East Asia, USA and India. His commitment and ability to find solutions has earned him great respect from customers. Prior to Ashnik he has worked with EnterpriseDB for 7 years and helped it grow in South East Asia and India


More From Ajit Gadge I Senior Database Consultant, Ashnik :