Elastic, a data analytics company that provides search-powered solutions, has launched an AI-driven cybersecurity tool that reflects the growing industry shift toward integrating AI in security information and event management (SIEM) and cybersecurity products.
AI-driven SIEM solutions can continuously learn from massive datasets in real time, allowing them to adapt to emerging threats much faster than any human team.
The Elastic AI SOC Engine (Ease) is a serverless security package that is designed for quick deployment. It brings AI-powered, context-aware detection and triage into existing SIEM and Endpoint Detection and Response (EDR) systems without the need for immediate platform migration or replacement.
Built on Elastic’s cloud, Ease offers agentless integrations, AI-driven alert correlation via Elastic’s Attack Discovery. Another feature is its AI Assistant that helps security operations centre (SOC) analysts to more quickly locate hidden, coordinated threats, reduce manual investigation time, and reduce alert fatigue.
SOC analysts are overwhelmed by high alert volumes and lack the necessary AI support from their existing SIEM and EDR solutions, said Santosh Krishnan, general manager of observability and security at Elastic.
“Ease brings our proven AI capabilities into the tools teams already use, automatically prioritising threats, correlating alerts, and accelerating investigations. And when ready, they can move to a fully unified Elastic Security platform without disruption,” he added.
Ease works with popular security platforms such as Splunk, Microsoft Sentinel, and CrowdStrike.
Elastic says its new technology provides agentless integrations for immediate AI analysis of third-party alerts and uses AI-powered alert correlation to triage, link, and prioritise threats. The built-in AI Assistant supports natural language queries and enriches investigations with data from sources like Jira, GitHub, and SharePoint.
The platform offers transparent AI with flexible model choices, enabling organisations to use either Elastic-managed or custom large language models, with all responses fully traceable.
In addition, operational dashboards track detection improvements, time savings, and return on investment, helping teams measure impact effectively.
Ease addresses a pressing industry challenge, said Michelle Abraham, senior research director for Security and Trust at IDC.
“Elastic is tackling a common challenge: how to bring open and transparent AI into the SOC without starting from scratch,” she added. “Ease enables faster detection and investigation using the tools teams already have.”
