Mastering change at Elastic: AI and teamwork in focus

Mandy Andress, Chief Information Security Officer, Elastic. Image courtesy of Elastic.

Technology changes so rapidly that enterprises often find themselves grappling with what to do next. For instance, the advent of generative AI in the enterprise sector saw a rush to adopt the technology, often regardless of cost.

Such a scenario underscores a truism in business— that change is constant. However, how can organisations effectively prepare for sudden shifts in the landscape?

Mandy Andress, Chief Information Security Officer at search analytics firm Elastic, believes that keeping one’s ear to the ground is crucial, especially to stay abreast of market trends. In a discussion with Frontier Enterprise, she shared insights on several strategic pivots that Elastic had to undertake in response to market demands, as well as their approach to integrating generative AI into their operations.

Elastic has grown from being Elasticsearch to a complete stack. What gaps in the market or in customer needs presented this opportunity? Any comments on Cisco’s acquisition of Splunk? Has it changed your product or go-to-market strategy in any way?

Elastic’s evolution from Elasticsearch to a comprehensive stack was propelled by a keen understanding of customer needs and market dynamics. Customers were grappling with the challenge of unifying diverse data types — such as application logs, traces, and metrics — to gain a holistic understanding of their system’s performance. Elastic recognised this as a fundamental data problem and seized the opportunity to offer a solution.

Observability addresses a fundamental data challenge, requiring organisations to integrate diverse data types from various sources, whether in their data centres or the public cloud. Additionally, the shift in focus was further defined by Elastic’s expansion into security applications, notably through the integration of SIEM (security information and event management) capabilities. Today, Elastic is deriving a larger proportion of its revenue from security and observability, which account for 25% and 40% of its business, respectively.

Generative AI is clearly at the forefront of everyone’s minds right now, and it looks to be a contributing factor to this deal (i.e., Cisco’s purchase of Splunk) and yet another testament to the value of AI-powered search, observability, and cybersecurity security tools. This acquisition validates this market as a highly dynamic one, with many opportunities ahead. As with any transaction at this scale, it will take some time before the industry starts to see any impact.

Generative AI exploded in popularity in 2023. Are there unique ways in which Elastic is using this technology to enhance its security?

While generative AI tools like ChatGPT are becoming widely used, they also present opportunities for threat actors to exploit security weaknesses. Our ongoing efforts in integrating AI have continued to resonate with our customers, contributing to their engagement with Elastic. I continue to stress the importance of automating security workflows to respond swiftly to threats. Safely implementing generative AI tools in security processes can enable teams to detect vulnerabilities and anomalies in real time, significantly reducing response times to security breaches. As we harness the power of generative AI, security is non-negotiable. Establishing a secure and unified data platform is indispensable for both effective data management and robust security in today’s complex digital landscape.

We recently introduced the Elastic AI Assistant, a generative AI tool that uses the Elasticsearch Relevance Engine to support cybersecurity efforts across various skill levels. This tool’s open framework is designed to be adaptable, facilitating the connection to new models and enabling the comparison and adoption of specialised models for a range of different applications.

Can you share a recent challenge Elastic faced in the enterprise tech space that required out-of-the-box thinking, and how your team addressed it?

One recent challenge Elastic faced revolved around complex compliance requirements, which could potentially impact the organisation’s cost structure and efficiency significantly. To address this challenge, our team adopted an approach that prioritised understanding the “why” behind the compliance requirements.

Rather than treating compliance as a burdensome process, we delved into the objectives behind each requirement. By understanding the underlying goals, we were able to align compliance efforts with the company’s operating philosophy. The key to success in navigating compliance complexities was a two-fold approach: examining the existing business processes and fostering greater collaboration.

Furthermore, this collaborative approach ensured that compliance measures were not merely added-on extra processes but seamlessly integrated into operations. By addressing the “why” of each requirement and making necessary changes in close collaboration with business owners, we achieved a solution that not only met compliance standards but also enhanced overall operational efficiency. This experience showcased our team’s ability to think innovatively and pragmatically.

What do you see are the most significant security risks that enterprises are facing today, and what is your team doing to safeguard Elastic from them?

Two significant challenges stand out for enterprises today: the complexity and sprawl of infrastructure, and the rapid pace of technological change. As data decentralises across on-premises, SaaS, as well as hybrid and multi-cloud environments, enterprises are grappling with the imperative of securing this distributed landscape effectively. The core of these challenges lies in the difficulty of maintaining visibility across intricate and dispersed systems.

At Elastic, we recognise that securing our environment hinges on our ability to see and understand the entirety of our data landscape. To address these challenges, our team is actively utilising tools and practices that provide deeper visibility and control over our varied data environments. This approach not only allows us to comprehend potential risks and threats more comprehensively but also strengthens our security posture with actionable insights.

During your 13-year journey at MassMutual in various security-related leadership roles, What key lessons learned there are you able to apply at Elastic?

The key lesson I learned at MassMutual is that it’s all about the people. Early on in my career I focused too much on technology and process. While those are very important, the people are critical. Nothing can be successful without them. Communicating an engaging vision and leading through change are often much more important than having a specific technology.

Could you discuss any exciting developments from Elastic’s R&D labs that are particularly significant for cybersecurity?

Elastic Security Labs is focused on both long- and short-form publications that cover threat actors and their actions in substantial detail. These publications dissect global threat actors’ patterns and offer detection methodologies aimed at reducing their presence and impact on the internet, which in turn diminishes the effectiveness of their systems and tools.

Most recently, Elastic released its annual Global Threat Report, summarising findings from millions of events and sharing critical findings to the cybersecurity community. The report comes with recommendations, findings, and reference materials that can be used to detect and respond to active threats.