Elastic unveils AI-powered migration tool for legacy SIEM users
Elastic has unveiled a new feature designed to simplify the often complex and time-consuming process of migrating from legacy Security Information and Event Management (SIEM) systems. Known as Automatic Migration, the feature applies generative AI and semantic search to translate and map detection rules into the Elastic Security platform—eliminating the need for manual rule rebuilding.
Announced on 30 April, the capability is intended to reduce the cost, risk, and operational burden for organisations looking to modernise their security operations with Elastic.
"Many security teams are stuck using their inefficient SIEMs due to the significant time and money it takes to transition to a modern solution, with migrating detection rules, dashboards, and other artifacts among the most challenging aspects for migration," said Santosh Krishnan, general manager of Security and Observability at Elastic.
"By mapping and translating existing SIEM artifacts, Automatic Migration reduces the cost, complexity, and risk that comes with SIEM migration," he said.
The core functionality of Automatic Migration lies in its ability to automatically map existing SIEM detection rules to Elastic-built rules using semantic search, rather than relying on exact text matches. Where mappings are unavailable, the feature uses generative AI grounded in custom knowledge to translate unmatched rules—along with associated lookups and macros—into functional Elastic queries.
The announcement is part of Elastic Security's broader effort to integrate more AI-powered capabilities into its platform.
Automatic Migration joins existing features such as Automatic Import, Attack Discovery, and the Elastic AI Assistant—each aimed at streamlining security operations through automation and machine learning.
This move by Elastic comes as organisations continue to face mounting challenges in scaling and modernising their cybersecurity infrastructure, especially as existing SIEM solutions struggle to keep up with the growing volume and complexity of data.
Elastic's approach centres on lowering the technical barriers associated with transitioning SIEM systems, which often involves time-intensive manual processes, including rule rewrites, dashboard configurations, and adapting data pipelines. By automating these critical tasks, the company aims to make the switch to Elastic Security more viable for organisations of various sizes.
Automatic Migration is now available in technical preview for customers on the Enterprise licence tier or those subscribed to the Security Analytics Complete tier of Elastic Cloud Serverless.
According to Elastic, the new capability reflects its commitment to helping organisations "find the answers they need in real-time using all their data, at scale." Elastic's suite of products spans search, observability, and security—all of which are built on its proprietary Search AI Platform.
While the announcement focuses squarely on easing the transition away from legacy SIEMs, the broader context suggests Elastic is positioning itself as a more agile and AI-forward alternative to established security platforms that often require substantial manual upkeep and custom development.
The Automatic Migration feature is expected to appeal to organisations that have been hesitant to abandon their current SIEM investments due to migration challenges. By lowering those hurdles, Elastic hopes to drive broader adoption of its security analytics platform and make advanced threat detection more accessible.
In introducing Automatic Migration, Elastic is targeting a major friction point in enterprise cybersecurity strategy: how to migrate away from entrenched systems without disrupting operations or increasing vulnerability during the transition.
Krishnan added, "Automatic Migration complements Elastic Security's expansive suite of AI-driven security analytics features," reinforcing the company's message that automation and AI are central to its ongoing development strategy.
Elasticjoins a growing number of technology vendors using generative AI to tackle practical enterprise challenges, particularly those that demand speed, accuracy, and a deep understanding of context—traits that traditional rule-based systems often lack.
As organisations continue to assess the value and limitations of their legacy security infrastructure, solutions like Elastic's Automatic Migration may offer a compelling path forward for those seeking a more modern, efficient, and scalable approach to SIEM.
Hashtags
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Techday NZ
2 days ago
- Techday NZ
Red Canary deploys AI agents to slash security investigation times
Red Canary has announced the introduction of a suite of AI agents designed to perform tier 2 security investigations at the pace and calibre of experienced analysts. These AI agents have already conducted over 2.5 million investigations, reportedly reducing the average investigation time by 90%. The agents are trained on a decade's worth of operational data and provide contextual gathering, alert enrichment, and recommended actions for identified threats, with a stated aim to lessen alert noise and assist security teams in managing evolving threats without increased complexity or risk. Reducing manual security tasks The AI agents are described as specialists across every phase of detection, investigation, and response. They cover roles including security operations centre (SOC) analyst, detection engineering, threat intelligence, and user analysis, automating many procedures traditionally undertaken by security experts. For organisations, this means the agents automate both Tier 1 and Tier 2 analyst tasks in various environments such as cloud, identity, Security Information and Event Management (SIEM), and endpoint systems. According to Red Canary, this leads to faster root cause analysis and remediation of security incidents. In addition, a threat intelligence agent compares threats against known profiles, identifying new trends and aiding intelligence operations. Impact and efficiency Red Canary states that, by automating analyst-level workflows, customers have reduced investigation times from over 20 minutes to under three minutes on average, with the company citing a 99.6% customer-validated true positive rate. The system is built to be enterprise-grade, with training on 10 years of real-world data and with continuous oversight by security operators to ensure consistency and reliability. "Several years ago, we introduced automation to replace repetitive Tier 1 work," said Brian Beyer, CEO and Co-founder of Red Canary. "Now, by combining the best of agentic AI with AI agents that are equipped with years of frontline experience, we're taking the next leap—accelerating Tier 2 investigations with the speed of automation and the judgment of experienced security analysts. This shift allows every Red Canary detection engineer to focus on Tier 3-level analysis, delivering deeper insights and stronger outcomes for our customers." Practical use cases Red Canary offered specific examples to illustrate the value of the AI agents. In one scenario, a user behaviour analysis agent flagged an anomalous Salesforce login, missed by other tools. A reputation analysis agent added context by identifying the login as originating from a high-risk IP address. Red Canary's team validated the threat and quickly alerted the customer, allowing for immediate password reset and containment within minutes. Another example involved a compromised account detected through alert enrichment and user behaviour analysis. These agents identified a suspicious application and proxy activity from an unfamiliar ISP and geography. A Red Canary detection engineer confirmed that a user's access token had been compromised and notified the customer's security operations team for swift response. Scope of agent capabilities The suite currently includes agents specialised for specific systems, including Microsoft Defender for Endpoint, Crowdstrike Falcon Identity Protection, AWS Guardduty, and Microsoft Sentinel. These agents are designed to deliver consistent procedures for their respective environments. The response and remediation agent offers concrete steps for both addressing current incidents and hardening systems to reduce future risk, while the user baselining and analysis agent highlights deviations in user activity by comparing real-time behaviour to historical patterns. Red Canary underscores that its agents are not fully autonomous decision-makers; instead, their outputs are subject to the oversight of experienced detection engineers, aiming to balance automation, reliability, and human judgement. This development represents an ongoing trend in the security sector towards applying artificial intelligence to reduce manual workloads, lower incident response times, and support strained security teams. According to Red Canary, its focus remains on reducing noise, accelerating triage, and providing expert analysis for each threat faced by its clients.
Techday NZ
02-06-2025
- Techday NZ
Elastic & AWS partner to enable secure generative AI apps
Elastic has entered into a five-year strategic collaboration agreement with Amazon Web Services (AWS) to support organisations in building secure, generative AI-powered applications with greater speed and reduced complexity. The agreement is focused on joint product integrations and go-to-market initiatives that aim to enable customers to transition into AI-native enterprises more efficiently. It brings together Elastic's Search AI Platform and AWS services, with a particular emphasis on facilitating work in highly regulated sectors such as the public sector and financial services. Under this agreement, the companies will invest in technical integrations, including support for Amazon Bedrock and Elastic Cloud Serverless, to help customers drive AI innovation. The collaboration is designed to allow customers to leverage generative AI features by making use of high-performing foundation models available through Amazon Bedrock. It also offers support for migrating Elasticsearch workloads from on-premise data centres to Elastic Cloud on AWS, ongoing cost efficiencies for users of Elastic Cloud Serverless, and enhanced agentic AI capabilities through work on Model Context Protocol (MCP) and agent-to-agent interoperability. Commenting on the collaboration, Ash Kulkarni, Chief Executive Officer at Elastic, said: "As the speed of generative AI adoption accelerates, search has become increasingly relevant. Our collaboration with AWS and integration with Amazon Bedrock brings the power of search directly to generative AI for a host of use cases, including cybersecurity and observability. Together, we're enabling developers to build intelligent, context-aware applications that leverage their own data securely and at scale." Ruba Borno, Vice President, Specialists and Partners at AWS, said: "Together with Elastic, we're helping customers transform how they leverage data and AI to drive innovation. This strategic collaboration delivers particular value for highly regulated industries requiring robust data protection, while our shared commitment to standards like Model Context Protocols enables seamless agent-to-agent interactions. Available through AWS Marketplace, customers will be able to quickly deploy solutions that combine Elastic's powerful search capabilities with Amazon Bedrock on the secure, global AWS infrastructure, helping them build compliant, intelligent applications that accelerate their AI journey." The collaboration is already producing results for organisations such as Generis and BigID. Mariusz Pala, Chief Technology Officer at Generis, said: "The strength of the Elastic and AWS partnership has been fundamental to Generis's mission of delivering secure, compliant, and intelligent solutions for clients in highly regulated industries. By deploying Elastic on AWS, we've reduced average search times by 1000% and cut the time to produce complex, compliance-driven documents from two weeks to just two days, providing our clients real-time insights while upholding the highest standards of data integrity and control." Avior Malkukian, Head of DevOps at BigID, said: "Leveraging Elastic Cloud on AWS has been transformative for BigID. We've achieved a 120x acceleration in query performance, enabling real-time data insights that were previously unattainable. The scalability and flexibility of Elastic Cloud on AWS allow us to efficiently manage vast and complex data landscapes, ensuring our customers can swiftly discover and protect their sensitive information. Elastic Cloud on AWS is a powerful combination that allows us to deliver innovative features, reduce operational costs, and maintain our leadership in data security and compliance." The integration of Elastic's AI-powered solutions with AWS services includes features such as Elastic AI Assistant, Attack Discovery, Automatic Import, Automatic Migration, Automatic Troubleshoot, and AI Playground, all of which interact with Large Language Models through Amazon Bedrock. These integrations help customers to conduct root cause analysis more quickly, synthesise complex data signals, automate data onboarding, and simplify the migration process. Natural language and retrieval-augmented generation (RAG)-powered workflows are designed to enable teams to interact with their data more intuitively and support faster decision-making. Elastic's relationship with AWS has been recognised within the AWS Partner Network. In December 2024, Elastic was named AWS Global Generative AI Infrastructure and Data Partner of the Year, and it was among the first group of AWS software partners acknowledged with the AWS Generative AI Competency. The company has also received AWS competency designations for the government and education sectors earlier this year.
Techday NZ
22-05-2025
- Techday NZ
Survey reveals gap between threat intelligence & execution
A new survey has highlighted a disconnect between the importance organisations place on threat intelligence and their ability to implement it effectively. The research, conducted by Cyware, collected responses from 100 cybersecurity executives and professionals working across enterprises, government agencies, and service providers. Nearly all respondents (92%) described operationalising threat intelligence as either "absolutely crucial" or "very important" in their organisations' efforts to combat cyber threats. Despite this consensus, only 13% of those surveyed reported satisfaction with their automation between cyber threat intelligence (CTI) and security operations (SecOps) tools. The survey also found that nearly 40% of participants experienced difficulty coordinating data between critical security systems such as Threat Intelligence Platforms (TIPs), Security Information and Event Management (SIEM) tools, and vulnerability management platforms. Speaking on the findings, Anuj Goel, Co-founder and Chief Executive Officer of Cyware, stated: "The RSAC survey data reveals a serious gap between that belief and the operational reality. Threat intelligence isn't just about collecting data - it's about connecting people, processes, and platforms to act on it. These findings reinforce the need for more unified, automated, and collaborative approaches to security operations." Internal collaboration and automation maturity were flagged as key areas where organisations fall short. Although almost all those surveyed regard threat intelligence sharing as fundamental, only a small proportion felt their automation systems worked well in practice. Artificial intelligence (AI) is seen as a promising area for improving threat intelligence processes, with 78% of respondents believing AI will enhance threat intel sharing within their organisations. However, only 43% reported that AI has already made a meaningful impact, pointing to difficulties in implementing AI solutions and integrating them into existing security processes. The Cyware survey also drew attention to the timeliness of threat intelligence sharing. Only 17% of teams said they disseminate threat intelligence among key roles — such as SecOps, incident response, and vulnerability management - in real time, while another 25% do so on a daily basis. At the same time, 22% indicated that information is shared infrequently or not at all, raising questions about internal communication and responsiveness to emerging threats. External collaboration with industry peers for the purpose of improving threat intelligence is another area identified for additional growth. According to the survey, while 57% of respondents claimed that their organisation collaborates with other companies in their sector, a significant 30% were unsure if this kind of peer cooperation even exists at their workplace. Automation challenges remain evident, with more than half (56%) of survey participants reporting significant or moderate obstacles in automating workflows across CTI and SecOps teams. This suggests that technical, procedural, or organisational hurdles are hampering efforts to scale effective threat intelligence practices. Additionally, participation in Information Sharing and Analysis Centres (ISACs) or similar organisations is relatively low. Only 18% confirmed their organisation is involved with such groups, while 45% were unaware of any such participation. The lack of engagement or awareness about ISACs could be limiting access to valuable, sector-specific threat information, potentially reinforcing the existing silos within the threat intelligence community. The survey's findings align with a broader trend: as cyber threats evolve and become more complex, organisations face mounting pressure to bridge the gap between recognising the importance of threat intelligence and actually executing it through internal collaboration, real-time sharing, automation, and peer engagement.
