Elastic increases real-time visibility and expands protection against advanced attack techniques
Elastic announced new integrations and enhancements across the Elastic Security solution in its 7.16 release, enabling users to accelerate detection and response, increase real-time visibility into their data, protect endpoints against advanced attacks, and streamline workflows.
The Osquery Manager integration for Elastic Agent, now generally available in Elastic Security, streamlines host inspection and provides users with real-time visibility into system data, including running processes, loaded kernel modules, and open network connections. Users can now customize the configuration of key settings as well as map saved queries results directly to Elastic Common Schema (ECS) to return normalized data for immediate analysis.
Elastic also added to its prebuilt layered protections with extended malicious behavior prevention and memory threat protection for macOS and Linux systems to stop advanced attack techniques.
Additionally, Elastic introduced two newly certified ServiceNow applications for Security Incident Response (SIR) and IT Service Management (ITSM) to streamline security workflows across products and teams. With the power of Elastic, ServiceNow SIR maximizes analyst efficiency with security orchestration, automation, and response, while ServiceNow ITSM coordinates the IT workloads and processes. The integrations enable users to escalate cases into ServiceNow IT and security incidents and automatically update ServiceNow incidents from Elastic alerts.