SecurityBrief Australia - Technology news for CISOs & cybersecurity decision-makers
Australia

Guides

#
cloud security
#
cybersecurity
#
endpoint protection
#
firewalls
#
ransomware

Search

Modern security operations centre analysts monitoring threat detection ai
#
SIEM
#
Cloud Security
#
Advanced Persistent Threat Protection

Elastic launches EASE to boost security with AI-powered SOC tools

Mon, 11th Aug 2025
Author image
By Sean Mitchell, Publisher

Elastic has introduced the Elastic AI SOC Engine (EASE), a serverless security tool designed to enhance security operations centres' capacity to detect and investigate threats without requiring a full migration from existing systems.

EASE is built to operate alongside current security information and event management (SIEM) and endpoint detection and response (EDR) platforms such as Splunk, Microsoft Sentinel, and CrowdStrike. Instead of replacing these systems, EASE is intended to integrate with them, bringing AI-powered threat detection, triage, and investigation to existing operations.

Integration and features

Elastic states that EASE provides agentless integrations, enabling organisations to ingest alerts natively from third-party SIEM and EDR platforms for immediate AI-powered analysis. The EASE package introduces Elastic's AI-driven alert correlation technology, branded as Attack Discovery, which assists with triaging, correlating, and prioritising alerts that security teams receive.

The tool also includes an AI Assistant feature that supports security analysts in their investigations. This assistant can enrich alerts using internal company knowledge sourced from platforms such as Jira, GitHub, and SharePoint. Analysts are able to interact naturally with the assistant, using natural language queries and retrieval-augmented generation (RAG) based search across organisational data to gather context quickly.

A notable feature of EASE is its transparent AI implementation. Users have the option to select their preferred large language model (LLM), either from their own infrastructure or via the Elastic Managed LLM, and all AI Assistant responses are referenced clearly so that users know exactly what data informed each action. In addition, all queries, responses, and token usage are logged and trackable for auditing and compliance.

Operational dashboards are also included, which provide out-of-the-box metrics detailing time savings, detection improvements, and return on investment. These are intended to help security teams demonstrate the business value of EASE to their organisations.

Industry commentary

Santosh Krishnan, General Manager, Observability & Security at Elastic, described the pressures faced by security operations teams and explained how EASE is designed to address these challenges. He said,

"SOC analysts are overwhelmed by high alert volumes and lack the AI support they need from their existing SIEM and EDR solutions to investigate threats effectively. EASE brings Elastic's proven AI capabilities into the security tools teams already use, to automatically prioritise threats, correlate alerts, and accelerate investigations, reducing the load on teams. When ready, teams can seamlessly migrate to Elastic Security for a unified, AI-driven platform that brings together SIEM, XDR, and cloud security, without missing a beat."

Michelle Abraham, Senior Research Director, Security and Trust at IDC, commented on the significance of integrating AI capabilities with established security tools. She said,

"Elastic is tackling a common challenge: how to bring open and transparent AI into the SOC without starting from scratch. EASE helps teams with faster detection and investigation using the tools they already have."

Deployment and use cases

EASE is designed for rapid deployment and aims to provide immediate value, particularly for organisations already operating SIEM and EDR solutions from other providers. Its agentless data connectors allow for a quick start, and the addition of AI analysis means that security operations centres can begin applying new capabilities without the need to reconfigure their current security stacks.

Through Elastic Cloud, EASE is positioned as a means for security teams to boost the value of their present investments, enabling prioritisation of threats, reducing alert fatigue, and improving investigation times. The company envisions that when organisations are ready, they may move on to Elastic Security for a consolidated security platform, but EASE is focused on working within customers' existing infrastructure in the short term.

Elastic's offering reflects a growing trend among security vendors to utilise artificial intelligence for managing high volumes of security alerts and complex, coordinated threats, particularly in environments where a wholesale technology replacement is not immediately feasible or desirable.

Related stories
HackerOne launches safe harbour to protect AI testers
AI arms race to reshape Australia’s cyber defences by 2026
Closing the visibility gap in board-level cyber risk
Arete, SentinelOne launch APAC on-prem threat defence
Practical DevSecOps launches hands-on security course

Top stories

New Zero Trust framework secures Private 5G & Wi-Fi
LinkedIn DMs abused to spread Python-based malware
UK online shopping scams soar 416% amid ad fraud surge
Sophos unveils browser-led suite to govern AI & SaaS
NETSCOUT boosts 5G slicing visibility for operators