A free and open platform that many agencies already use for search and logging can also serve as the foundation for a data-driven approach to observability and cybersecurity, especially when deployed in the cloud.
Grounded in a robust search engine capability, Elastic is deployed across much of the federal space, from civilian agencies to high-security defense and intel offices. Elastic makes it possible for users to search across IT logs, mission data and any other data agencies need to analyze.
But the capabilities of the underlying platform go beyond search. The ability to gather, analyze and interpret large volumes of data at speed is also a game-changer when it comes to security, said John Harmon, regional vice president of federal cyber solutions at Elastic.
“Federal government is collecting lots of logs and other kinds of telemetry from its websites and other IT assets,” said Harmon. With the vast compute power and scalability of a cloud-native solution, “they are able to collect all security data cost-effectively, and to alert on it in a timely fashion.”
The Cloud Advantage
“Cloud-native” is a key point.
Historically, many agencies got started running Elastic on premises, and that has served them well. By leveraging these same capabilities in cloud-native form, agencies can elevate their security posture, unifying diverse datasets to get mission-critical insights and drive informed decision-making.
Key advantages include:
- Scalability: A fully managed FedRAMP Moderate solution, Elastic in the cloud offers agencies a ready means to automatically scale up the observability and security of their systems, without adding any additional overhead in terms of infrastructure or IT management. “As security threats continue to proliferate, agencies will need to increase the amount of data they’re collecting,” Harmon said. “With a cloud-native solution, that scalability happens automatically.”
- Cost control: Cloud offers a more cost-effective means for retaining the vast volumes of data agencies are required to retain under the recent Executive Order on cybersecurity. By routing data to low-cost storage configurations, “cloud makes it possible to store that long-term telemetry far more affordably,” Harmon said.
- Deeper insights: Powerfulrecord retention and search-based retrieval in turn make key data available to cybersecurity teams, who need insight into past events in order to effectively secure agency systems. “It solves the kinds of problems we saw with the SolarWinds hack, where agencies didn’t have enough data to answer simple questions such as, ‘Were we breached 12 months ago by this adversary?’” Harmon said.
- Speed: Autoscaling on a managed platform can help speed cyber response times by automatically aligning compute resources to fit the workload. A search-based solution likewise accelerates key processes, making it easier to understand why an IT system is running slowly, and to apply quick remediations.
At a time when IT teams are stretched to the breaking point, a cloud-native managed service frees technology professionals to focus their efforts on high-value mission needs, rather than tending to the care and feeding of an on-prem solution.
“The cloud offering enables agencies to keep that security telemetry in a way that’s both actionable and affordable,” Harmon said.
To take full advantage of a cloud-native data platform, agencies can begin by tending to their data.
“You want to identify those workloads that are ready to move to the cloud, versus certain high-security or high-impact processes that you might have to keep on-prem. Understand your regulatory environment, and identify those data sets that you can move to the cloud,” Harmon said. “And for data that does need to stay on-prem, you can run Elastic in a hybrid environment.”
It makes sense, too, to get the bureaucratic wheels turning. By lining up authority-to-operate for a FedRAMP Moderate observability platform, agencies will enable themselves to pivot smoothly and easily to a cloud-based deployment of Elastic’s already familiar tools and processes.
When they’re ready to make the leap, that prior familiarity with Elastic will make for an easy transition. “These are the same tools that they’re already using, whether that’s Beats for data shippers or Kibana for dashboarding and data analysis. Everything is the same in our cloud offering,” Harmon said.
For those who aren’t yet using Elastic tools, cloud availability offers a reason to shift to a next-gen cybersecurity platform. “We were just named a visionary in the latest Gartner Magic Quadrant for SEIM: These are some of the best technologies for running those capabilities,” Harmon said.
Those interested can try Elastic’s cloud offering for free for 30 days.
“In cybersecurity we’re constantly asking questions and having to search for answers: What alerts am I getting? What does this alert mean?” Harmon said. In this light, “a scalable cyber solution grounded in search just makes sense.”