Secure your cloud with Cloud Workload Protection in Elastic Security

Elastic Security's 8.2 release introduces Cloud Workload Protection capabilities, enhancing cloud security by detecting, preventing, and responding to attacks on workloads across cloud and data centers. This update includes the integration of eBPF for efficient runtime data collection on Linux, which is fundamental for high-performance and secure workload protection. The Elastic Common Schema (ECS) is employed to extend the Linux logical event model, enabling comprehensive data searches and indexing in Elasticsearch. The new Session View feature, now in beta, offers a detailed, terminal-like view of process executions, aiding security practitioners in investigating user and service behaviors on Linux workloads. Session View is seamlessly integrated with Elastic Security workflows, enhancing alert triage and host exploration with rich contextual information. To implement these features, users can follow a detailed setup guide, which includes starting a Cloud Trial or upgrading to Elastic Security 8.2 and configuring Endpoint Security for AWS EC2 instances, ensuring robust workload protection through prebuilt and machine learning rules based on the MITRE framework.