Elastic Security has unveiled a groundbreaking feature called Automatic Import, aiming to simplify the complex process of data onboarding for its users. Leveraging the power of generative AI, Automatic Import enables effortless integration of custom data sources, outpacing any other security analytics solution in terms of speed.
Michelle Abraham, Research Director for Security and Trust at IDC, highlighted the significance of this development. "Automatic Import tackles a major headache when switching Security Information and Event Management (SIEM) systems: onboarding custom data sources," she said. "The feature automates the development of new data integrations, reducing the cost, complexity, and stress of migration." This new tool reportedly reduces the time to add custom data sources from days to under ten minutes, in stark contrast to legacy systems which often involve significant manual effort.
Nate Thompson, Senior Manager for Cybersecurity Analytics & Automation at Dana, shared his organisation's positive experience. "Automatic Import simplifies building and testing custom data integrations, enabling us to quickly enhance visibility across our environment," he commented. This real-world example underscores the value of the tool in modern security operations where diverse data formats and sources are commonplace.
The automatic import feature is powered by the Elastic Search AI Platform, which provides model-agnostic access to large language models (LLMs) and the ability to ground answers using retrieval-augmented generation (RAG). This capability allows Elastic to handle unstructured data effectively, offering insights through these advanced technological models.
Mike Nichols, Vice President of Product for Security at Elastic, acknowledged the challenges organisations face when transitioning to new systems. "Gaining visibility across an enterprise IT environment is inherently difficult, but regardless of the evolving attack surface, security teams cannot operate blind. Previously, onboarding custom data was costly and complex," Nichols observed. He noted that Automatic Import arrives at a pivotal moment as organisations seek to replace their legacy SIEM tools.
In addition to this new feature, Elastic Security boasts over 400 prebuilt data integrations. Automatic Import extends this capability by enabling the inclusion of technologies and applications relevant to evolving security concerns. The feature normalises data to the Elastic Common Schema (ECS), allowing for uniform analysis using dashboards, search functions, alerting, machine learning, and more.
The company emphasised that this tool will be particularly beneficial for large-scale organisations. One of Elastic's major security customers recently migrated nearly 200 data sources, including numerous custom technologies, using the new feature. According to Elastic, these customers can now save hundreds of hours in consulting time and drastically reduce implementation periods.
Automatic Import is currently available to all customers with an Enterprise licence. The tool supports JSON and NDJSON-based log formats and is launching with support for Anthropic models via Elastic's connector for Amazon Bedrock. This innovation promises to revolutionise the way organisations manage and analyse security data, paving the way for a more secure and efficient future.
