How the Elastic InfoSec team uses Elastic Security

Elastic's Information Security (InfoSec) team plays a crucial role in enhancing the Elastic Security product by acting as both a quality assurance extension and a data custodian. During a three-day observation, the team demonstrated their use of various tools and workflows, such as cross-cluster search and custom machine learning jobs, to process and analyze internal data from multiple sources, including cloud and network logs. This approach enables them to effectively manage detection alerts and triage processes. The symbiotic relationship between InfoSec and Product Management allows Elastic to refine features and address usability issues, while also providing the InfoSec team with early access to new software versions. Additionally, the team operates an internal malware sandbox for secure file testing and manages the Elastic Bug Bounty Program, which is currently being revamped for an upcoming relaunch.