Elastic Announces New Capabilities to Accelerate Threat Hunting Workflows, Prevent Ransomware, and Eliminate Blind Spots in Elastic Security

Elastic , the company behind Elasticsearch and the Elastic Stack, recently announced new updates across the Elastic Security solution in the 7.12 release to accelerate threat hunting and investigation workflows, prevent ransomware, and eliminate blind spots. Enhanced capabilities include analyst-driven correlation, behavioral ransomware prevention, and unmatched data lookback with schema on read, searchable snapshots, and cross-cluster search.

Marketing Technology News: MarTech Interview with Tobias Knutsson, CEO at Adverty

Elastic Security streamlines security operation workflows and helps practitioners maximize data insights with analyst-driven correlation. Driven by Event Query Language (EQL) — the technology behind advanced correlation in the Elastic Security detection engine — analyst-driven correlation provides more targeted threat hunting and investigation with higher-fidelity detections derived from the findings that analysts uncover during those investigations. Security teams benefit from multiple detection and investigative methods that cover a broad range of security use cases. Combining EQL-based correlations with machine learning-based detections, indicator match type detection rules, and third-party context at cloud scale enables a more comprehensive security strategy.

Behavioral analysis with the Elastic Agent was also introduced to add a new layer of ransomware prevention in Elastic Security. Complementing the signatureless anti-malware first introduced in Elastic Security 7.9, behavioral ransomware prevention on the Elastic Agent detects and stops ransomware attacks on Windows systems by analyzing data from low-level system processes. It is effective across an array of widespread ransomware families, including those targeting the system’s master boot record.