,The rise of “Open Banking” has enabled banking customers to choose to share their previously inaccessible, locked down data with all sorts of third parties — from budgeting apps to mobile wallets, to peer to peer payment providers. This revolution has been a welcome boon for banks, customers, and financial services innovators alike. The ability to securely share access and permissions to accounts has fueled the rise and growth of an entire new industry — FinTech — as retail and institutional c
,While nearly one in five companies say they are releasing code 10 times faster than in the past, more software means more security flaws, and greater opportunity for bad actors to take advantage of them. The faster pace and increasing risks highlight the need for IT leaders to get serious about embracing DevSecOps, a management approach that makes security a shared responsibility among development, security, and IT operations teams. One indication that DevSecOps is gaining traction in the ente
,Version 7.16.3 of the Elastic Stack was released today. We recommend you upgrade to this latest version. The 7.16.3 patch release contains an updated version of Log4j (2.17.1) for both Elasticsearch and Logstash. For a full list of changes for each product, please refer to the release notes:7.16.3 release notesElastic StackElasticsearchKibanaBeatsLogstashElastic Enterprise SearchEnterprise SearchElastic ObservabilityAPMElastic SecurityElastic Security Solution https://www.elastic.co/blog/elasti
,Version 6.8.23 of the Elastic Stack was released today. We recommend you upgrade to this latest version. The 6.8.23 patch release contains an updated version of Log4j (2.17.1) for both Elasticsearch and Logstash. For a full list of changes for each product, please refer to the release notes:6.8.23 release notesElastic StackElasticsearchKibanaBeatsLogstash https://www.elastic.co/blog/elastic-stack-6-8-23-released
,Overview Following the discovery of Log4Shell, a vulnerability in Log4J2, Elastic released a blog post describing how users of our platform can leverage Elastic Security to help defend their networks. We also released an advisory detailing how Elastic products and users are impacted. In this blog, we expand on these initial posts and highlight how the combination of security and observability solutions can provide deep visibility into the exploited vulnerability and arm security analysts with v
,The early stages of an intrusion usually include initial access, execution, persistence, and command-and-control (C2) beaconing. When structured threats use zero-days, these first two stages are often not detected. It can often be challenging and time-consuming to identify persistence mechanisms left by an advanced adversary as we saw in the 2020 SUNBURST supply chain compromise. Could we then have detected SUNBURST in the initial hours or days by finding its C2 beacon?The potential for beaconi
,Today we had an exciting announcement at Elastic. Below is part of an internal email that we shared with our fellow Elasticians. First, hear from Shay: Almost two years ago, I decided to move to Israel because it was better for my family (that took time to happen, Covid!). At that time, I started thinking about how to do what is right for my family while being able to be a meaningful part of Elastic. Those of you who know me, know that Elastic is my life’s work. And we have only just begun. Ou
,We are thrilled to announce the first release candidate of 8.0.0 after the last beta release. Again, we want to remind you that this is not for production use. There is no guarantee that 8.0.0-rc1 will be compatible with other preview releases or with 8.0.0 general availability (GA). We’d love to get your feedback and tips on any bugs you find through our Pioneer Program. To become an Elastic Pioneer, try out the preview of any (preferably, every) part of the Elastic Stack and open issues as yo
,My first week at Elastic, I showed up to orientation and sat next to a trans woman with bright blue hair. That evening, at a welcome reception with executives all in casual attire, a male colleague arrived wearing a black skirt and combat boots. It was pretty obvious from Day 1 that Come as YOU Are was not lip service, it was truly part of our source code. As the years of my Elastic journey progressed, kindness, empathy and understanding for all employees has permeated the culture via emails, c
,Overview With our recent 7.16 Elastic Security product release, we improved our existing Linux malware feature by adding memory protection. In this blog, brought to you by Elastic’s Engineering Security Team, we lean into this recent advancement to show how we are protecting the world’s data from attack. Recent events such as the exploitation of the Open Management Infrastructure (OMI) agent through CVE-2021-38647, which is installed by many Azure Linux machines, represents how quickly adv