Elastic: “Cybersecurity Is Not Just an Enterprise Problem, It’s an Ecosystem Problem”

Today’s IT environments, with the massive adoption of hybrid cloud and multi-cloud, have become the true enablers and drivers of business. However, they have also generated enormous complexity at different levels because corporate data and applications have been expanding and being distributed across multiple locations and repositories.

Faced with this problem, knowing what is happening with all these resources has become essential to respond to the chaos, make business decisions, and avoid data leaks or security breaches.

This is exactly what Elastic enables, combining enterprise search, observability, and security on the same platform by unifying all the data that organisations manage.

To find out more about this market and how its open source-based platform works, we had the opportunity to interview Ash Kulkarni, CEO of Elastic and a driving force behind developments to address the chaos generated by the hybrid cloud and multi-cloud.

-What is the state of the cybersecurity market today?

It is very dynamic, because at the end of the day cybersecurity is about how to ensure that all data, systems, and applications are protected and that the resilience of these assets ensures the resilience of the business.

That’s what cyber security has always been about, whether we go back 30 years when we talked about antivirus, pretty much the only thing to worry about, or today, where companies are moving to the cloud.

This is completely changing the context in which they have to think about cyber security because they no longer have all their data within the confines of the organisation.

Today, you have to worry about different end computing systems and users who are connecting to the core systems from anywhere in the world.

“Tools like ChatGPT are going to make it easier to carry out phishing attacks”.

But hybrid and multicloud cloud management is prone to more mistakes and macroeconomic stress is not helping in this regard. There is also greater concern about insider threats within organisations themselves, those that can lead to breaches and leaks of information critical to them. Finally, we are seeing what is happening with artificial intelligence and the use of advanced algorithms such as ChatGPT, which can increase the potential for attacks.

-Why should we be concerned about tools like ChatGPT?

Attackers can take advantage of the fact that they can fake human behaviour and make social engineering-based attacks even better.

Cyber attacks start with very simple social engineering-based things like phishing, where someone pretends to be someone else to convince the victim to give them their password or do something they’re not supposed to do.

And tools like ChatGPT are going to make it easier to carry out phishing attacks, among others, so the cybersecurity landscape is changing very dramatically. Keep in mind that the ‘bad guys’ also have access to advanced computing and the mathematics on which artificial intelligence is based. They are always looking to stay one step ahead to catch potential victims off guard.

The more vigilant we are as a society or as a company, the more focused we are on cyber resilience, the better off we are going to be, but I feel that these kinds of breaches are constantly increasing and the situation is going to become more and more dangerous.

-For Elastic, the visibility of what is going on is almost a matter of state…

Elastic’s vision focuses on two main issues. The first is to make sure that we help our customers and the industry get more visibility into what is happening in their systems, because it all starts with visibility. If I can monitor and understand what’s going on in my network, in my applications, and in my data, then I can do something about it.

The second is to make sure that we are transparent with our own code. If you look at some of the big attacks that have happened recently, like SolarWinds, these are insider threats where someone is manipulating private code, which is very difficult to detect. In fact, that problem was hidden for months without anyone knowing what was going on.

Elastic’s philosophy is based on everything being open, so our source code is open. Anyone can see it. There are hundreds of thousands of developers who have access to it and, among other things, can make sure that there are no vulnerabilities.

So companies that use our software can get great visibility into their systems, but also make sure that they are being transparent. This is very important for any kind of company, large or small. The idea is that data is visible and protected throughout the software supply chain, even as organisations are moving to the cloud and hybrid world.

-Visibility of what is happening internally in organisations is very important, but it is not easy to extend it to the whole supply chain, to resources that are outside the control of companies because they are managed by other organisations. What can you tell me about this?

Indeed, I believe that risks in the supply chain of organisations should be of great concern. Let’s take the case of the automotive industry. Any automotive manufacturer may have literally thousands of suppliers around the world and probably software integrations with all of them. Many of them are small companies that manufacture certain parts, dealerships, etc. It is a fact that all of these companies do not have as much budget as that large automobile manufacturer, who is able to acquire the right software and security equipment to keep their internal systems safe and gain visibility of what is going on inside their facilities.

However, their suppliers may not have the ability to protect themselves and, as they are all connected to this automaker in some way, the risk may not come from within their organisation, it may come from one of their partners. Thinking about cyber security is not just an issue for each company, but for the ecosystem in which it operates. Breaches can be generated anywhere in that entire supply chain because there is often not complete visibility.

Therefore, having full visibility of all data and constantly monitoring the work of employees and connections with suppliers is of vital importance for companies.

-Speaking of employees, in terms of cybersecurity talent and skills there is a gap in the market, what can you tell me about this? How can companies solve this problem?

The answer to your question lies in open source. The biggest problem people face today is that cybersecurity products are expensive. Only organisations can afford them. Universities, colleges, and schools cannot.

Cybersecurity has to be something that is taught earlier in education. I think that’s where open source can play a major role because everybody has access to that technology. If we wait for people to come out of universities without sufficient knowledge of cyber security and start working on that, we have a problem.

On the other hand, I don’t think it’s possible to close that gap because at the same time that you are training people to protect companies, you are also training people who are going to cause problems in the future by becoming cybercriminals, which in turn will create more demand for professionals over time, but I think open source and teaching cybersecurity at the beginning of the educational cycles can have a positive impact, yes.

-Let’s move to the Elastic platform, which offers search, observability, and protection capabilities. I understand that the secret of Elastic’s success lies in being a platform that is able to provide these functionalities or services in a unified way. What can you tell me about this?

I tend to describe Elastic as an analytical search platform, so data is at the heart of our technology. We make it incredibly easy for companies to bring their data into our platform, regardless of its nature, and index it so that it can be advanced searched. It can be unstructured data such as PDFs, graphics, maps, audio files, and any other type, our platform is able to ingest it so that it is available for those searches.

On top of this engine we incorporate machine learning algorithms to analyse the data, search it, explore it, correlate it, and visualise results. This is the core of Elastic’s technology.

From there, observability comes into play, which is also related to the data. The question here is how do you monitor all that information end-to-end? Our platform is able to observe everything that happens from the infrastructure, public or private, to the application stack, including virtual machines, containers, microservices, databases… and all the way to the end customer’s device, such as smartphones or PCs.

The Elastic platform is able to monitor these signals: logs, application performance, metrics profiling, etc. It uses artificial intelligence to quickly find out what could be causing problems and launch alerts to make it easier for managers to fix them or improve their resources. This is also where security comes into play.

It is vitally important to understand who or what is causing problems in the network, in applications, how people are accessing data, or to find possible anomalies. For this observability to be effective, all data must be unified. From there and through AI algorithms it is much easier to detect malware, if privileges are being escalated without permission or what is happening in the public clouds used by organisations.

“Companies using Elastic understand that you have to marry business data with observability data.”

Companies that use Elastic not only want to make sure they monitor their most important applications, but they want to be able to do the same for their customers and suppliers. They are companies that understand that business data must be linked to observability data.

On the other hand, there are many observability tools on the market, but most of them are based on processing information at night to get results in the morning. With Elastic, companies can bring their data to our platform in milliseconds and get all the information in real-time, without the need for long waits.

Obviously, it is not necessary to bring literally all the data into the platform, only the most important ones, and also combine the use of APIs capable of connecting Elastic with our customers’ data.

-Finally, I would like to know what are Elastic’s business forecasts for 2023 and in which sectors you are going to focus.

Elastic recently surpassed the $1 billion mark in revenue, which is a great achievement for us. We have a lot of growth ahead of us and our goal is to generate billions of dollars in turnover.

If we take a look at the segments in which we are present (security, observability, and search), there is huge potential over the next few years and a great opportunity ahead of us.

As a company we see the applicability of our products across the board, but what I am most excited about is everything that is happening around hybrid cloud and multi-cloud. In terms of verticals, we see great opportunities in financial services, telecommunications, and the public sector. These are the three most important sectors for us globally.