sakkmesterke - stock.adobe.com

How Elastic is going beyond enterprise search

Elastic has been doubling down on the security and observability capabilities of its open-source platform, going beyond its roots in enterprise search

Elastic, an open-source technology stack, may be better known for its capabilities in searching, analysing and visualising unstructured data, but organisations that have dabbled in the technology are using it for purposes other than enterprise search.

Speaking at a media briefing on a recent visit to Singapore, Elastic CEO Ash Kulkarni noted that while Elastic was good at helping businesses get value out of their data, “customers were using us for all kinds of interesting use cases”.

“The first is what people now refer to as observability, where I’m going to bring in my application logs, application traces, and metrics from my infrastructure, and stitch them all together to better understand what might be causing my application to not perform the way I expected,” he said.

Kulkarni noted that observability is a compelling use case for many Elastic customers as it’s fundamentally a data problem where organisations need to bring in different types of data from their own datacentres or in the public cloud, to search and explore it.

“We started seeing customers using us a lot for security purposes – specifically, it all started with SIEM [security information and event management] to get visibility into what’s happening within their environment,” he added.

Despite Elastic’s expanding footprint in observability and security, Kulkarni said its enterprise search capabilities remain entrenched in banks and financial institutions which are using the platform to identify fraud patterns, among other risk management applications.

“Government agencies are also using us to surface the right information to citizens as part of licence application processes while immigration departments are using Elastic to quickly go through all their data to determine whether to issue a visa to a particular person or not.

“Anytime you need to act upon large amounts of unstructured data in real time, that’s when Elastic absolutely shines because of the way we work,” he added.

Formerly known as the ELK stack, Elastic comprises Elasticsearch, a distributed search engine based on Apache Lucene; Logstash, a data collection engine that unifies data from multiple sources; the Kibana data visualisation tool; and Beats, which serve as agents to send different types of data to Elasticsearch.

With a run rate of over $1bn, Elastic is now deriving a bigger proportion of its revenue from security and observability, which account for 25% and 40% of its business, respectively.

“Security has been one of the fastest growing areas and we are a significantly sized player in the space now,” Kulkarni said.

Pitting itself against rivals such as Splunk and other suppliers of SIEM systems, Elastic is also cognizant of the requirements of security operations centres, such as the use of specific data formats used to exchange security-related information.

“One of the earliest things that we did was to invest in a common format called Elastic Common Schema, one of the most widely used formats for logs to the point where we are now working to contribute it to the CNCF [Cloud Native Computing Foundation] as a log format.

“We’ve mapped Stix, Taxii and all of these standards that you typically see in security to Elastic Common Schema for some time, and we’ve got pre-built integrations with threat intelligence platforms like Recorded Futures, Anomali and others.”

Kulkarni said Elastic’s security product not only functions as a SIEM system, but also touts endpoint security capabilities through its acquisition of Endgame a few years ago.

“Through the same agent you deploy to pull data from your systems for SIEM, you now have the ability to do ransomware and malware prevention. We’ve made it bi-directional, so it can send data and also implement and enforce security restrictions directly on the endpoint,” he added.

But Elastic is not stopping at endpoint security. The company has made moves into cloud security, having acquired and integrated the capabilities of two other companies that specialise in protecting cloud-based workloads.

“If you’re running a cloud workload in a container or virtual machine on any public cloud, you can protect that workload against host intrusion. If anybody is trying to elevate privileges to get access to the system, we can detect and block that,” Kulkarni said.

Additionally, Kulkarni said organisations can assess and manage the security posture of the cloud services that they are deploying: “We are able to tell if you’ve left some Amazon S3 privilege open to the world or you’ve done something in your Terraform template that’s going to cause a security vulnerability.”

Like most enterprise technology companies, Elastic has been making its products available through the cloud, with its Elastic Cloud service accounting for about 39% of its overall revenue in the last quarter. “We expect it to account for more than 50% of our overall revenue by the fourth quarter of our next fiscal year,” Kulkarni said.

Elastic is now looking to expand its footprint across Asia-Pacific and Japan (APJ), having recently appointed Barrie Sheers, a former Microsoft executive, as its vice-president for the region.

The company does not break down its earnings by geography, but Kulkarni noted that international revenues now account for 44% of Elastic’s business.

“There are several countries within the APJ region that I don’t believe have achieved their full potential. For example, our business in Japan is still relatively small, with a huge opportunity for growth.

“India is also growing very nicely with its digital native firms, while Singapore and other countries in ASEAN are rapidly trying to digitise. I expect Asia to become a bigger part of our overall business than what it is today.”

Read more about observability and cyber security in APAC

Read more on Datacentre performance troubleshooting, monitoring and optimisation