Expedient innovates with Elastic Observability to deliver better management, monitoring, and more to customers

Observability has emerged as a critical component for businesses striving to maintain a competitive edge. Modern observability extends beyond traditional monitoring, offering a more granular and real-time understanding of health across systems and enabling organizations to not only detect issues but also understand their impact, root causes, and the context in which they occur.

In parallel, we have seen a surge in cloud computing, IoT devices, and distributed architectures that has led to more intricate and dynamic IT environments. Navigating these complexities requires a level of visibility that traditional tools cannot provide.

Elastic Observability is uniquely positioned as a comprehensive solution designed to provide full-stack observability powered by AI. It unifies logs, metrics, traces, profiling, and business data, offering context-aware insights leveraging GenAI coupled with retrieval augmented generation (RAG) to integrate organization specific knowledgebases and runbooks for greater accuracy and relevance. Elastic Observability eliminates tool silos, efficiently stores data, and ensures unified visibility across hybrid and multi-cloud environments, enabling 24/7 monitoring of digital experiences.

With organizations lacking skills, expertise, and maturity, many industry analysts have cited an emerging trend where organizations are seeking to outsource their observability needs to managed service providers (MSPs). MSPs are well-positioned to assist organizations, with many businesses relying on them to manage their infrastructure, cybersecurity, and observability.

By integrating Observability as a Service into their service offerings, MSPs can offer scalable solutions that adapt to changing needs and technologies, enabling their clients to focus on core operations while ensuring their digital ecosystems are robust, reliable, and conducive to growth.

One such partner that is leading in observability is Expedient, an Elastic Verified MSP that is productizing Observability as a Service.

Q: What solution did Expedient use before Elastic, and why wasn't it a good fit?

A: Prior to Elastic, we used native tooling of individual platforms for monitoring. For Windows management, we leveraged Microsoft tooling. For Linux, we used Red Hat tooling. This led to tooling sprawl and disparate views of what was happening in a client’s environment, and because these tools weren’t built for multi-tenancy, clients had no views into the tooling and relied on us to send them tickets when there were issues. We also had to maintain network connectivity and accounts into our clients’ environments, and it created challenges around security and ensuring we only had the rights and connectivity needed to provide the service. 

We create alarm rules for clients and send the alerts to our ticketing systems. Clients can also configure the alerts to send to their own ticket systems like ServiceNow or collaboration tools like Slack or Microsoft Teams.

Q: In what other ways is Expedient using Elastic today, and how has it helped streamline operations?

A: Prior to Elastic acquiring them, we had Endgame as our endpoint security platform. Endgame was a great product with strong behavior and signature based protections. Elastic was very quick to bring all of the tooling that was in Endgame into the Elastic Agent itself, allowing us to manage through Fleet. And so it became this really, really great way to kind of blend both the observability and security pieces together. 

We’ve also extended Elastic into a SIEM service to collect and alert on issues seen in security logs. One of the biggest benefits of Elastic is that the Elastic Agent can do so many different things, allowing our clients to grow into additional services without a ton of overhead or headaches getting there. It’s simply providing the views and support needed to enable those use cases. We use it for our own workloads, and our security teams have loved being able to quickly generate reports and use Osquery to search for vulnerable versions of software to ensure they get upgraded to safe versions.

We’re also very excited for the Elastic AI Assistant capabilities for Observability and Security. Correlating events isn’t easy, and this tooling will help our clients sort through the noise and get to resolution faster and catch things they may not have otherwise seen.

Q: What would be some practical tips you can share for organizations looking to implement or improve their observability practices?

A:

• Understand what you’re looking for: Logs won’t give you CPU usage, and metrics won’t tell you what went wrong. It’s by combining those together that you can actually build better observability. Leverage the native dashboards to get an initial level of visibility, and then build custom dashboards for your specific needs.

• Communicate across silos: Application and infrastructure teams have to work together. Correlation of application events to infrastructure events helps resolve problems faster. Elastic’s application monitoring can pull in logs and traces and correlate to logs and metrics from the infrastructure to build a fuller picture than what two different tools would be able to put together.

• Leverage an MSP: Building any observability platform takes time, effort, and capital before you even pull in your first log or metric. Using an MSP can get you onboarded faster and keeps your team’s effort focused on what sources to collect from, what dashboards are needed, and what alerts should be configured and away from patching or worrying about space available on the platform. You can start small and grow into your full needs, allowing you to optimize your spend along the way.

The release and timing of any features or functionality described in this post remain at Elastic's sole discretion. Any features or functionality not currently available may not be delivered on time or at all.

In this blog post, we may have used or referred to third party generative AI tools, which are owned and operated by their respective owners. Elastic does not have any control over the third party tools and we have no responsibility or liability for their content, operation or use, nor for any loss or damage that may arise from your use of such tools. Please exercise caution when using AI tools with personal, sensitive or confidential information. Any data you submit may be used for AI training or other purposes. There is no guarantee that information you provide will be kept secure or confidential. You should familiarize yourself with the privacy practices and terms of use of any generative AI tools prior to use. 

Elastic, Elasticsearch, ESRE, Elasticsearch Relevance Engine and associated marks are trademarks, logos or registered trademarks of Elasticsearch N.V. in the United States and other countries. All other company and product names are trademarks, logos or registered trademarks of their respective owners.