i-SIEM empowered by Elastic- the Integration

What is the nature of the OEM between
empow and Elastic?

empow is the only NG SIEM company with which Elastic – the leading data search company – has an OEM partnership. Our partnership makes sure that your NG SIEM includes the fully supported Elastic stack version (Platinum or Enterprise subscriptions).

Single point of contact by empow
with Elastic’s 24X7 vendor Platinum support
The highest available Elastic stack performance with the all extra features
Seamless integration into your existing
Elastic stack infrastructure
Cost savings

Don’t yet have an Elastic subscription?

The empow license enables you to get a “2 in 1” – both the most advanced SIEM in the market and the leading data search solution under one license.

Already an Elastic customer?

The integration will upgrade your stack to be NG-SIEM, provide renewal savings going forward, and your exiting Elastic license cost will be refunded.

How does the integration work?

i-SIEM comes with out of the box integration with Elastic’s core components: Elasticsearch, Kibana, Beats, and Logstash (also known as the ELK Stack). Our NG SIEM engines are tightly integrated with these technologies, and packages the solution for easy deployment and ongoing operations.

The following illustrates the integration
and the values

Integration with Logstash

Logstash is one of the original components of the Elastic Stack, and used to parse, enrich and process data. i-SIEM uses Logstash to ingest logs of all sizes, formats and sources.

On top of the standard LS enrichments, empow’s i-SIEM brings high quality threat enrichments based on our UEBA, NTA, and NLP processes that digest constant feeds of Threat Intelligence information. empow’s classification proprietary technologies enriches security alerts logs, user activity logs and network traffic logs – all information is transformed into one common schema, the Elastic Common Schema (ECS).

That means that i-SIEM adds its own attacker intent enrichment during the ingestion stage (using MITRE terminology) that gives each log a security context, making it easily searchable by security analysts.

 

Integration with Elasticsearch

i-SIEM stores all the classified enriched logs into Elasticsearch indices, creating a powerful data lake which includes security context and complete identity enrichment. More importantly, all attack stories and entities that are detected and prioritized by i-SIEM are stored in Elasticsearch. This allows the analyst to work much faster on the data , covering many more potential and real incidents.

Our tight and optimized integration with Elasticsearch provides scale-out architecture with full redundancy, which is especially important for security data lakes due to the massive volume of data ingestion and the required data retention.

 

Integration with Kibana

Beyond customizing your own dashboard and reports with Kibana, i-SIEM provides its own predefined Kibana dashboards that are built to provide visibility into the environment and interactively investigate any security use case. i-SIEM utilizes Canvas for reports as well as exports to CSV, PDF and PNG. All Kibana x-pack features such as machine learning, graph, watcher, security, etc. are also available for non-security needs.

How is empow’s i-SIEM different
from Elastic’s SIEM?

In mid-2019 Elastic released their “Elastic SIEM”. This is an opensource tool that provides manual hunting capabilities and is a complimentary tool to empow’s i-SIEM.

empow’s i-SIEM brings the necessary automation tools, as well as built-in threat intelligence, UEBA, NTA powered by our DPI (Deep Packet Inspection) that enable the platform to bypass a lot of the manual work involved in hunting operations, and lower the number of false positives and the burden on the security team. This is what makes i-SIEM the only next generation SIEM solution that can be managed by less than one security analyst.