Elastic has updated its product stack to version 7.14, which sees Elastic Agent maturing and includes a rebranding of Elastic Security as an extended detection and response (XDR) unit.
Elastic Agent was introduced to the portfolio as an unified agent that can be deployed to either hosts or containers in order to collect data and send it to other tools of the Elastic Stack. One of them is Elastic Security, which is why the team decided to go with the new categorisation as soon as the agent became generally available.
It will help combine Elastic Security’s information and event management capabilities with endpoint security, making it a XDR in the company’s book. Plans for such a transition have been in the works for a while now, as the intention announced alongside the 2019 acquisition of endpoint security provider Endgame suggests. Compared to similar solutions, Elastic sees the strength of Elastic Security in scalability and the ability to work with different kinds of data sources.
According to the release notes, Elastic Agent comes with features to stop ransomware and malware attacks. However, teams are also meant to be able to use the Agent to invoke various response actions should they come across suspicious behaviour. For now, host isolation is the only response available, which — as the name suggests — lets users isolate a host from a network to make sure malicious activities don’t start spreading.
Elastic Observability also profits from the Elastic Agent. Combined with the company’s Fleet application for a simplified management process, the new setup is said to offer better data collection and monitoring capabilities, auto-discovery for Kubernetes, and one-click upgrade and policy deployments, amongst other things.
Another addition to Elastic Security can be found in the alert summary panel, which now includes “30 days of contextually relevant threat intelligence for ten common data fields, like IP addresses, file hashes, URL, and registry path”. New machine learning jobs analyse authentication events to make organisations aware of unusual login patterns.
Elasticsearch, probably the most known tool of the Elastic portfolio, mostly focused on improvements for aggregation tasks and the handling of geospatial data. Version 7.14 provides range aggregation over histogram fields and promises significant speed-ups for
date_histogram aggregation where there is a single bucket and no sub-aggregations, as well as reduced resource consumption during composite aggregations.
Other than that users can create runtime fields containing information computed from
geo_shapes, aggregate on these fields or query their height, width, or centroid. Geotile grid aggregation over
geo_shapes was sped up as well and a new
match_only_text field type has been introduced to reduce storage requirements for logging datasets.
With the 7.14 release, Elastic Enterprise Search is moving to Elastic’s main management interface, Kibana. Users who want to keep using it as a standalone application are assured that this variant will stay available nonetheless. Kibana itself also saw a few enhancements as part of the update, and now comes with time-shifted metrics to compare time periods, a time slider to relive selected time periods in Elastic Maps, and custom formulas.
Details on all of the changes are available through the Elastic blog.