Elastic on Elastic: How InfoSec deploys infrastructure and stays up-to-date with ECK

The Elastic InfoSec Security Engineering team utilizes the Elastic Stack to manage and protect their infrastructure, leveraging Elastic Cloud on Kubernetes (ECK) and Helm to streamline deployment and updates. ECK simplifies the deployment and management of Elasticsearch and Kibana, offering features like automatic upgrades, multi-cluster management, and default security settings, while Helm serves as a templating engine that reduces code duplication across clusters. The team operates multiple Elasticsearch clusters that handle large volumes of data, using cross-cluster search to centralize reporting and alerting. Despite challenges associated with frequent updates, the team has significantly reduced upgrade times from weeks to under two hours, enhancing their security visibility and operational efficiency without compromising platform stability.