Elastic 8.4 Introduces SOAR for Modern Security Operations

Aug. 25, 2022 — Modern SOCs are running headlong into numerous challenges. While the visibility and impact of security operations has become a board-level issue, the resources available to those security teams are still limited. Data is exploding, and correspondingly, the responsibility of the security team has been increasing. Teams are tasked with protecting a perimeter-less, distributed environment while also assessing the risk of SaaS providers and shared services.

To address these challenges, many organizations have begun unifying teams with similar goals in order to share best practices and reduce the skills gap. The walls between observability (those tasked with the operational efficiency and visibility of business applications) and security (those tasked with the assurance and protections of business applications) have found their worlds colliding — now sharing data, workflows, and team expertise. Elastic Security 8.4 delivers the tools that analysts need to streamline their operations workflows to speed up threat hunting and remediation.

What’s New: SOAR for the Modern SOC is a Force Multiplier

Recently, Elastic re-doubled its pledge to open and transparent security, and now, in Elastic Security 8.4, Elastic expands its response capabilities to continue to streamline analyst operations.

The enhanced workflows in Elastic 8.4 combine native response capabilities and configurable alert and case actions with bidirectional integrations with security orchestration, automation, and response (SOAR) vendors. Users can now enjoy integrations with ServiceNow, Swimlane, and Tines, as well as new partnerships with D3 and Torq.

Elastic’s unique approach to SOAR is powered by Elastic Agent. This technology, included with the Elastic Security solution, empowers single-click use case growth across hundreds of data sources as well as management of our endpoint and cloud security protection software. Elastic Agent powers native remediation capabilities accessible to all users, ensuring anyone can begin their SOAR journey without the need to purchase additional technologies.

As use cases for remediation grow and teams require advanced orchestration controls, users can utilize the customizable orchestration capabilities within Elastic Security, or the one-click integrations with other leading SOAR providers. This user-first approach grows with the needs of an organization, offering simplicity and consolidation for all users without enforcing vendor lock-in.

This scale-as-you-grow model enables clients to simplify automation and orchestration workflows and processes in their existing ecosystem by combining native, one-click actions and orchestrations with an API-first approach for first- and third-party integrations. Analysts can now use Elastic Security for their SOAR needs, leverage any of our partner SOAR vendors to extend their orchestration capabilities, or completely customize the response experience with Elastic actions and our API-first approach to all capabilities.

Elastic’s open vision for SOAR mirrors its approach to many other technologies, like Elastic Security for Endpoint, which delivers endpoint prevention and detection and powers extended detection and response (XDR). Users deserve choice, so Elastic also offer rich integrations with other endpoint vendors, like CrowdStrike, Microsoft Defender, and SentinelOne.

Many organizations are just getting started with security orchestration, automation, and response. Our native SOAR capabilities help organizations of every kind excel at incident management, and our tightly integrated SOAR partners help them accomplish even more.

For more information, please refer to these detailed release notes, and visit the Elastic website.

Source: Mike Nichols, Elastic