Elastic Helps Users Improve Security Posture and Productivity Using HAQM Bedrock and Anthropic’s Claude 3 Models

Elastic, an AWS Partner, supports conventional keyword and text-based searches as well as vector search capabilities using its AI-powered Elasticsearch Relevance Engine (ESRE), which runs on AWS. “The number-one challenge security teams face today is figuring out the meaning behind all the alerts that are activated,” says James Spiteri, Elastic’s director of product management for security. Powered by ESRE, the security analytics solution Elastic Security aims to help users make sense of security alerts and alleviate time-consuming and complex security operations tasks.

Elastic wanted to provide a user-friendly way to complement its threat detection analytics, cloud security, and endpoint protection capabilities. Elastic customers need the ability to select which high-performing model is best for a particular use case while maintaining best practices in privacy and security. Additionally, through its patent-pending Attack Discovery feature, Elastic provides users the ability to automatically sort hundreds of alerts to identify which are significant attacks.

Using generative AI, the Elastic AI Assistant helps security operations teams with alert triage and investigation, provides suggestions for optimal code efficiency, and converts queries from other platforms into Elastic syntax. ESRE uses retrieval-augmented generation (RAG) to fetch company data to enrich prompts and responses while considering the privacy and permissions of the underlying content. In HAQM Bedrock, users can ask Anthropic’s Claude questions in natural language, such as: “Can you summarize what has happened in my environment today?” By talking to large bodies of content, Claude can summarize, perform question and answering, forecast trends, compare multiple documents, and much more.

From a simple drop-down menu, users can automatically access the latest model of Anthropic’s Claude and relay a large volume of information to the model, which provides a 200,000-token context window, equivalent to around 150,000 words or 500 pages of text. “We benefit from the scalability, performance, accuracy, and privacy of HAQM Bedrock,” says Uday Theepireddy, senior principal solutions architect at Elastic. “Because HAQM Bedrock is a fully managed service from AWS, we don’t worry about updating or customizing models. We can rely on HAQM Bedrock to have the latest and most cutting-edge FMs in the world available to us and our customers.”

Using Model Evaluation on HAQM Bedrock, Elastic customers can compare high-performing LLMs using automatic evaluation with predefined metrics such as accuracy, robustness, and toxicity or human evaluation through subjective metrics such as friendliness or style. “The ability to select from the top-performing FMs like Anthropic’s Claude 3 models in HAQM Bedrock has been extremely beneficial,” says Spiteri. “We can compare the outputs, metrics, and associated costs across different models so that we make an informed decision on which model would be most suitable for what we are trying to accomplish. This has significantly streamlined our process, saving us considerable time in deploying our applications.”

Elastic customers using HAQM Bedrock default to AWS PrivateLink, which provides private connectivity between virtual private clouds, supported AWS services, and on-premises networks without exposing customers’ traffic to the public internet. “We wouldn’t have integrated HAQM Bedrock if we didn’t have confidence in its privacy policy and security permissions,” says Spiteri. Customers using HAQM Bedrock through Elastic adjust to data residency requirements by establishing connectors from multiple AWS Regions. “Using HAQM Bedrock, we are changing the game for security investigations,” says Spiteri. “It’s no longer cat and mouse; our customers get answers more quickly and in context of why they asked.”

Using HAQM Bedrock to access Anthropic’s latest state-of-the-art Claude models, the Elastic AI Assistant can review security logs, analyze data, and accurately answer questions in seconds. “Having access to Claude in HAQM Bedrock with the Elastic AI Assistant helps teams close the blind spots and give details about the security landscape that they might not see as a human,” says Theepireddy. As a result, customers significantly reduce the average time to respond, saving analysts hours. Analysts can now write reports and generate queries more quickly, especially for users who are unfamiliar with Elastic’s syntax. “I can’t talk enough about how helpful the Elastic AI Assistant, built on HAQM Bedrock and Anthropic’s Claude, has been for our users,” says Spiteri. “We are always discovering new ways of streamlining, adding more functionality, and solving more problems using HAQM Bedrock.”

Elastic’s Attack Discovery feature also uses Claude 3. Attack Discovery analyzes patterns and correlates events in near real time, displaying pertinent information for users in an intuitive interface. In addition to productivity gains, security teams have improved incident management.