Last month, the Elastic Security Protections Team prevented an attempted ransomware attack targeting an organization monitored by one of our customers, an IT Managed Service Provider (MSP). We analyzed the alerts that were generated after an adversary’s process injection attempts were prevented by Elastic Endpoint Security on several endpoints. Adversaries often attempt to inject their malicious code into a running process before encrypting and holding the victim’s data to ransom.

We are pleased to announce the general availability of external collection for Elastic Stack Monitoring. With this announcement comes the ability to monitor Elasticsearch, Kibana, Logstash, APM server, and Beats all via Metricbeat modules. Using external collection, users now have the capability to collect and send monitoring data for their Elastic Stack without having to depend on the health of the monitored services.

We’re excited to announce the general availability of version 7.5 of the Elastic Stack. Along with the introduction of Kibana Lens, a fast and intuitive way to craft visualizations, this release offers significant enhancements to our Observability and Security solutions and Elastic Enterprise Search joins the 7.5 release train. Read on to see the highlights and dive into the detailed release posts for all the details.

We recently launched Elastic Security, combining the threat hunting and analytics tools from Elastic SIEM with the prevention and response features of Elastic Endpoint Security. This combined solution focuses on detecting and flexibly responding to security threats, with machine learning providing core capabilities for real-time protections, detections, and interactive hunting. But why are machine learning tools so important in information security? How is machine learning being applied?

Back on September 4th, we filed a lawsuit against floragunn GmbH, the makers of Search Guard, a security plugin for Elasticsearch and Kibana, for a multi-year pattern of copying our proprietary code. After filing the claim, we have continued to investigate floragunn’s actions. Today, we have updated our lawsuit in two important ways. First, we have identified additional copying by floragunn with respect to the separate, proprietary code base for our Kibana product.

What does the revamped, modern technology stack of a 185-year-old Australian news corporation look like? In an industry that faces serious competition from anyone with a WordPress site and something to say, Nine Publishing, producer of Australia’s three largest news sites, sought to preserve a competitive edge by understanding how to enrich the experiences of their readers and journalists, while simultaneously identifying pain points and spotting problems before they happen.

This is a technical deep dive into the authentication process — a necessary first step before addressing the authorization decisions that are at the core of Elasticsearch security. The following will be a very detailed explanation of the inner workings of a key part of the authentication process: realms. If you'd prefer to start with a broader view of authentication (and authorization) in Elasticsearch, you may want to check out Demystifying authentication and authorization in Elasticsearch.

​Have you used Elastic Maps in Kibana yet? I am very excited about multiple layer support. Heat maps, vector layers from the Elastic Maps Service, and even individual documents all in the same interface! What a fantastic way to analyze and visualize your data. But what about geospatial data that’s not in Elasticsearch? Maybe you want to overlay a shapefile of regional sales territories with sales aggregations.

As users adopt Kubernetes, Elastic products move fast to support their evolving needs. Whether you are trying to run Elasticsearch workloads to Kubernetes or want to gain better visibility into container workloads running across different environments, we are doubling down on building cloud native tools to support these efforts. This blog covers recent advancements to support Kubernetes initiatives: