Elastic announces AI-driven attack discovery feature

Search AI company Elastic has introduced a new feature to its Elastic Security solution designed to help customers distil hundreds of alerts into a critical few with the click of a button.

The new Security Information and Event Management (SIEM) feature, Attack Discovery, allows security operations teams to quickly discover and understand the most impactful attacks, and take immediate follow-up actions to mitigate them.

The security analytics capabilities are powered by Elastic’s Search AI platform, which utilises retrieval augmented generation (RAG) technology to deliver the most relevant search results.

The large language models the Search AI platform is based on make use of the rich, up-to-date data needed to deliver accurate, tailored results. Attack Discovery leverages this platform to query the content generated within Elastic Security alerts using Elasticsearch’s hybrid search capabilities. Searchable data includes host and user risk scores, asset criticality scores, alert severities, descriptions and alert reasons.

Elastic Area VP for ANZ Gavin Jones said the new feature can help Australian organisations withstand the constant, sophisticated and increasingly prevalent attacks they are facing.

“The Australian Cyber Security Centre last year revealed that, on average, a cybercrime report is made every six minutes — with the average cost to businesses increasing by 14% compared to the previous financial year,” he said. “Attack Discovery is a transformative step towards solving the ongoing cybersecurity workforce shortage. Threat investigations that would have taken entire teams can now be investigated by a single analyst in less time.

“This new solution from Elastic Security will ensure analysts and incident responders can reduce time spent on resource-intensive tasks, instead utilising their expertise for threat mitigation and response.”

Image credit: Elastic.