Elastic: An advanced Distributed RESTful Search & Analytics
Robert Strange started his career as a tank commander in the Army and UK military. He left in 2007 after seven years of service at Tactical command, before moving as a civilian to strategic consultancy at Northward operational headquarters in the UK, before finally arriving at Elastic nearly six years ago to help build out the solutions architecture team.
At its core, Elastic is an advanced, distributed, RESTful search and analytics engine with many features and capabilities. “At the data core of Elastic is a search engine, this gives us enormous flexibility to ingest vast amounts of data while also presenting that in a way that’s relevant and valuable to our users,” says Robert Strange, Senior Director of Solution Architecture at UKMEA Elastic, “and it allows them to gain critical insights into their data, and consume the data in a way that is relevant to them, it’s about speed to value.”
These data insights enable Elastic to take that sort of core platform and to build curated experiences that sit on top of that. “Our latest project within the MOD is in the Cyber domain”” he says. “Security is fundamentally a data problem – and we deliver in both connected and disconnected environments. We’re available on all the main cloud vendors as well as self-managed and are runnable on everything from a laptop to a data centre.”
Elastic’s strategy can be broadly broken down into three parts: the first is data consolidation; the second is data value; and the third is concerned with digital culture.
One of the main projects that Elastic are currently working on with the MOD is theprovision of cyber protection to deployable headquarters. “It’s a complex problem in that it’s both a micro and a macro issue, both local and global” says Strange, “and it’s important to connect these HQs together across a security matrix.”
“One of the products that differentiates us is something called ‘Cross Cluster Search’, which allows us to take the query to the data - and not centralise the data to query centrally. Moving data around is expensive and problematic. So it allows higher headquarters to aggregate up threats over all Headquarters to provide that macro view over low bandwidth connections.”
A deployed environment may have an intermittent connection or may have restricted bandwidth. Therefore a direct connection to a higher headquarters that can’t be relied upon.
“So,” says Strange, “They’ve got to be able to operate independently whilst, as a higher headquarters, I want to be able to see what’s happening in multiple HQs at once. I need to look at that macro view. Is there an attack vector that’s currently being utilised across three or four of my headquarters? In which case, I need to share that information more widely and be able to utilise that and speed up the OODA loop”
Elastic is, at its roots, an open-source project and company, and at the epicentre of Elastic is Community and our focus on supporting the mission by accelerating innovation and raising skills through the power of collaboration – hence why Elastic has supported many communities around the globe. “The building of these communities is in Elastic’s DNA, as is the approach of fundamentally not driving, but being the facilitator of a wider conversation.”
“We’ve worked really hard to build a strong government-wide community, and the key is the sharing of information at organisational levels.”
Anyone wishing to attend a security ‘capture the flag’ event can contact Elastic at: www.elastic.co or uk.gov@elastic.co
Read the full British Army report HERE.