Resolve issues in seconds
This U.S. Public Transit Agency dramatically reduced the time required to identify and resolve issues from hours to minutes with Elastic Security.
Unified insights from multiple security tools
With Elastic Security, this Public Transit Agency can unify and streamline data from both off-the-shelf and custom-built systems to monitor logs from a single source of truth.
Reduces security analyst 'alert fatigue'
With automated workflows, this Public Transit Agency reduces manual tasks and alleviates the burden on its small security team.
All destinations lead to Elastic: The direct route to a more secure and resilient IT infrastructure
Cybersecurity plays a central role in the network's resilience, and this U.S. Public Transit Agency recently partnered with Elastic to protect its IT infrastructure from criminals, hostile states, and other malicious actors.
The Manager of Cybersecurity at this agency is responsible for defending the organization's systems, applications, and networks. "One of our biggest issues is the rapid growth of new technologies, including AI, and the rise of threats that impact the transportation industry," says the Manager.
In recent years, transport networks in other major cities have been victims of cyber attacks, including ransomware and DDoS (Distributed Denial of Service) attacks. The agency wanted to future-proof its defenses against these and other emerging threats. "We chose Elastic Security because it was clearly the best protection against individuals and organizations seeking unauthorized access to our systems," says the Manager.
A single data repository and SIEM that repels multiple threats
Elastic Security is fully integrated with this agency's data flow, serving as the main log aggregation tool. It is also the primary security platform underpinning the organization's Security Information and Event Management (SIEM).
Rather than managing 20 different systems, the agency now aggregates data into a single location with Elastic. Elastic's automation features also reduce the burden on the security team while upskilling talent. "Elastic Security streamlines processes and eliminates the need for a subject matter expert for each specific system, making it much easier to operate and secure everything effectively," says the Manager.
"Elastic is my favorite tool. We chose it because of everything it offers and how well we can integrate it with our systems. We now have everything aggregated and protected in one place, which is key to everything we do in terms of protecting people."
Working closely with the Elastic Consulting team, they took advantage of a free trial to conduct a proof of concept and put Elastic Security through its paces. "Elastic Consulting was great. They went out of their way to ensure we had everything we needed, and that the product worked for us — even before we made the purchase," says the Manager.
They also highlight their experience with other security tools. "Elastic stands out for security effectiveness, functionality, support, and reliability. We were also impressed by the comprehensive ML & AI toolset and features that are included without the cost of additional licenses."
To begin, this agency deployed Elastic Security to monitor its business administration networks. This included developing SOAR playbooks for activities such as Powershell scripts running at odd times, unusual logins, and threat actor activities such as lateral movement and administrator account access. "Working with Elastic Consulting, it was much easier to set up our SIEM compared with other platforms," says the Manager.
The next stage involves logging and monitoring IoT sensors and field devices, such as card readers and access control hardware, to align with upcoming transportation industry mandates. Machine learning and AI in Elastic Security offers real-time correlations, while filtering out false positives and other data noise associated with IoT security. This enables their small team to target responses and alerts efficiently and recoup time to focus on more complex attacks.
Zero trust, zero worries
Since deployment, they have been impressed by the performance of Elastic Security, especially its speed. "If I need to troubleshoot a problem, I get a response to my search question in seconds. My team is often astonished when I bring them the information. I tell them that all the data is there; you just have to ask the right question to find it."
Thanks to Elastic's role-based access control (RBAC) features, this agency can enforce a zero-trust policy, giving them peace of mind that only authorized personnel can access sensitive data. "Role-based access control and zero trust are the two principles that we live by here," says the Manager. "Elastic really shines when used as the unifying data foundation for these operations."
Elastic seamlessly integrates with the agency's systems, reducing the burden — and alert fatigue — on their relatively small security team. "We don't have enough people to do everything manually. Elastic is adaptable to all our systems, whether they're off-the-shelf or custom-built, so everything is in one place," says the Manager.
Elastic's machine learning and visualization tools enable them to explain complex security stories to higher management. "Demonstrating the value of cybersecurity can be a tricky business. Elastic Security dashboards and reports break down data in digestible ways, demonstrating return on investment quickly and easily," says the Manager.
This Manager of Cybersecurity returns to Elastic's unique combination of people and technology. "It can be tough when it comes to getting what we need because we are protecting the livelihoods and safety of hundreds of thousands of people every day." From the very beginning, the support they received from the Elastic team has been exceptional. "They've always been available to us whenever we needed assistance, answering all our questions without hesitation."
