To complete this intense 2024 year, Swiss Post Cybersecurity got the chance to be invited by Elastic as a partner to the ElasticON 2024, organized in Munich. With our COO, Manoé Zwahlen and our SIEM Architect, Romain Petro (me), we took the opportunity to meet Elastic partners and resellers on the German side, and also discover new features released by Elastic for the next year to come.
The event took place in the Motorworld, at Munich, the 14th of November 2024. Even if you are not an absolute fan of motor sports, or even nice cars, you cannot be insensitive to this environment.
Motorworld in Munich is a vibrant automotive-themed experience center celebrating car culture and mobility. It features a stunning display of classic, luxury, and sports cars, alongside specialty shops, workshops, and dealerships. Visitors can explore automotive exhibitions, enjoy dining options, and even host events in its unique industrial setting.
With such an interesting place, the day was rich in interesting discussions between partners, or even simple Elastic lovers.
Even with Elastic 9 probably coming during the year 2025, Elastic is not slacking because the version 8.16.0 was released the day before the convention. The opening keynote announced a lot of really cool features, some of them already in production, and others coming in the following weeks.
The biggest topic which appeared in our daily lifes this year was the Artificial Intelligence. Before arriving, i was honestly afraid to assist to several presentations selling the AI like a revolution, without giving any technical details to keep me interested. Fortunately, the AI madness seems to be behind us, and how Elastic proposes to use this technology is reassuring. Some applications may not be applicable to our business logic, but few tools like the Automatic Import, leveraging the AI model to normalize unknown data format to make it match the Elastic Common Schema sounds really promising to onboard new data sources.
The synthetics feature, allowing to trade RAM to win some storage space, sounds really promising to optimize the available resources on your cluster.
One of our main concerns is the Observability platform, as a part of our monitoring stack is relaying on the Elastic Observability.
The Observability platform can now use the Automatic Import, the A.I Assistant and also the ES|QL commands, which were clearly missing compared to the Discover or Security features. They also worked a lot to be compatible with the OpenTelemetry system, enhancing the open source mindset defended by Elastic.
Then, the Elastic Security module also unlocks the AI Assistant, and also the Automatic Import. The Attack Discovery feature brings an interesting incident response dimension, as alerts can be correlated to draw the whole attack chain, and understand exactly what happened.
A really convincing update concerning the automated responses now unlocks the full Elastic detection types, which means any EQL or ES|QL query rule can now response and blocks a potential threatened machine, opening whole new possibilities for the SOAR universe.
I tried to simplify as much as possible what we learned this day, but i assume you can feel my excitement through this concise article. To conclude, the way Elastic is taking seriously the cybersecurity topic by helping us to develop and enhance our SOC capabilities really motivated us to keep working hard and keep the pace, just like Max Verstappen actually:
I would like to address a huge thanks to Elastic for the opportunity to be part of this fantastic journey.