In an attempt to disrupt Splunk, Elastic makes another acquisition

The vendor behind the Elasticsearch open source project buys behavioral analytics vendor Prelert. The move allows it to provide intelligence on top of the data it provides.

In an attempt to disrupt Splunk, Elastic makes another acquisition

Elastic is the commercial vendor that sits behind the Elasticsearch, Kibana, Logstash and Beats open source projects. Elasticsearch was created back in 2010 by Shay Banon, co-founder and CTO of the Elastic company, and is built upon the Apache Lucene information retrieval project. All of the different projects focus on taking structured and unstructured data and delivering search, logging and analytics on top of it.

Since that time, its commercial products—Elastic Stack, X-Pack and Elastic Cloud—have seen over 70 million cumulative downloads.

Elastic has been smart about making strategic acquisitions. It acquired visualization vendor Kibana, and a year or so ago it acquired Norwegian company Found, which was commercializing Elasticsearch and offering it as a service on top of Amazon Web Services. This strategy appears to have worked, and it is interesting to look at the graph below that tracks the relative exposure of Elasticsearch and one of the competitive offerings, Splunk.

elasticsearch versus splunk

Given that Splunk is a big, publicly listed company and that the machine data use case is only one of the areas Elastic goes after, this is impressive and an indication of the company’s importance.

Elastic is today expanding that commercial applicability with another acquisition, this time of behavioral analytics vendor Prelert.

I first talked with Prelert last year and wrote a story about how its offering was being applied within small banks to reduce the fraud they face. Interestingly, Prelert was integrated into Splunk a year or so ago. The company, however, decided Elastic as a company, and Elasticsearch as a project, was better aligned with it and jumped “all in” with the Elastic community.

Prelert was founded in 2008 to create technology that automates the discovery of anomalies in large, complex datasets; predicts actions and outcomes; and provides enterprises and their end users with a consumable application that doesn’t require them to perform data science.

Using unsupervised machine learning techniques applied to a customer’s historical and real-time continuous data, Prelert’s predictive models perform behavioral analytics to understand the probability of failures and events occurring with built-in alerting and notifications for end users to explain why something has happened and what to do with that information.

Banon said he “discovered” Prelert while the company was exhibiting at a previous Elastic conference. He was impressed by how well the company was executing. In particular, he said Prelert, even as an outside party, felt like a native integration into the Elastic family.

Providing intelligence on top of data

Given the Prelert team’s proof of execution and the fact that machine learning opens up a whole new angle of effort around the mass of data Elastic already handles, this acquisition made sense. It allows Elastic to move on from merely search and visualization and start offering intelligence on top of all that data.

For his part, Prelert CEO Steve Dodson was similarly complimentary of his new boss. He said both Elasticsearch and Prelert, despite being somewhat pigeon-holed by commentators into one particular vertical, are generally broad products that can be applied to many different use cases. With the addition of the 30-person Prelert team, Elastic can target these different opportunities and go head to head with not only Splunk, but also other vendors as they target machine learning, Internet of Things, fraud detection and other specific use cases.

Dodson founded Prelert in 2008. Before that, he was a founding member of the Riversoft engineering team, which created root-cause analysis technology used today within IBM Tivoli, HP OpenView and Cisco tools. That previous experience, plus the past years’ learnings from Prelert, will be integrated into the Elastic product line and business. From a product perspective, Elastic will integrate the Prelert technology into the Elastic Stack and will offer it as part of its subscription packages in 2017.

What this means for product offerings

Prelert integrated into Elastic’s Kibana will be targeted. Some broad-ranging use cases include the following:

  • Detecting advanced security threat activities and anomalies in log data
  • Discovering hidden fraud patterns in highly sensitive data
  • Identifying anomalous systems or metrics and their root cause across IT systems
  • Linking together complex series of events in data to expose early-warning signals
  • Automatically pinpointing where and why critical system outages are occurring
  • Detecting unexpected drops in transactional activity

While not calling out Splunk in particular, Prelert points to the benefit that open-source solutions bring to this space.

“With the shift to enterprises standardizing on open-source solutions like the Elastic Stack for logging and security use cases, we saw a tremendous opportunity to add value on top of the Elastic Stack,” said Dodson. “We are very excited to join the Elastic team and embed our behavioral analytics engine into the Elastic Stack so that Elastic’s customers can gain powerful and proactive insights, and solve new use cases.”

This is a great acquisition by a company that has been growing like weeds—a company that has some pretty exciting product opportunities. It will be interesting to see the progress of integrated Elastic/Prelert solutions when they come to market next year.

Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.

Copyright © 2016 IDG Communications, Inc.