Threat research

Prepare for what's next

Understand threat actor's most recent targets and attack behaviors with the 2024 Elastic Global Threat Report — designed to provide your cybersecurity team with crucial insights for the upcoming year.

Get the free report

Watch the webinar

Insights you can't get anywhere else

We're revealing real-world adversary actions through billions of data points from Elastic's unique telemetry, built on the Search AI Platform.

89
%
of Linux behaviors involved Brute Force.
70
%
of endpoint behaviors were Defense Evasion, Execution, and Persistence.
47
%
of Microsoft Azure failures were tied to storage account misconfigurations.

Major insights for 2025

Prepare your security team with exclusive insights from the Global Threat Report.

Adversaries are utilizing off-the-shelf security tools to abuse
Researchers found that offensive security tools (OSTs) like Cobalt Strike and Metasploit made up ~54% of observed alerts.

50% of checks failed to meet CIS benchmarks
The new section on cloud security posture management (CSPM) revealed that enterprises are misconfiguring cloud environments, allowing threat actors to thrive.

Attackers are leaning into legitimate credentials to infiltrate
Defense Evasion techniques fell 6% year over year, and Credential Access rose in both endpoint and the cloud.

The LLM Safety Assessment

Explore LLM implementation risks, the top 10 most common attacks, and how to mitigate them all with this report.

Protect your LLMs

Short on time?

Adversary Actions in the 2024 Elastic Global Threat Report
What are adversaries doing in environments?
Gather crucial intel
Threat trends for SOC Leaders
See key insights and suggestions in this two page overview.
Prepare your organization
Elastic's CISO speaks on the Global Threat Report
Mandy Andress shares crucial details and how she's using them to strategize for 2025.
See her strategies
A sneak peek of the forecasts
Elastic Security's General Manager covers a few of the key recommendations.
Prepare for 2025

Frequently asked questions

What is cybersecurity

What is the Elastic Global Threat Report?

The Elastic Global Threat Report is a report from Elastic Security Labs that explores a full year of telemetry. The Global Threat Report provides a comprehensive look at several threat topics, including malware, cloud, endpoint, and adversaries campaigns. It also provides cybersecurity forecasts for the upcoming year.

Where does Elastic get the threat data from?

What months make up the Global Threat Report?

Where can I find previous reports?

Explore Elastic Security

Empower your SOC
Resist advancing threats with AI-driven security analytics, the future of SIEM.
SIEM, simplified
Work smarter with AI
Detect sooner, investigate faster, and respond before threats have a chance with the Elastic Search AI Platform.
AI for SecOps
Fueled by Elastic Security Labs
Apply novel research on threats, malware, and protections from our expert security researchers.
Explore our articles

The Search AI Company

Generative AI

Search

Security

Observability

By solution

Industries

Threat research

Prepare for what's next

Insights you can't get anywhere else

Major insights for 2025

Adversaries are utilizing off-the-shelf security tools to abuse

50% of checks failed to meet CIS benchmarks

Attackers are leaning into legitimate credentials to infiltrate

The LLM Safety Assessment

Short on time?

Adversary Actions in the 2024 Elastic Global Threat Report

Threat trends for SOC Leaders

Elastic's CISO speaks on the Global Threat Report

A sneak peek of the forecasts

Frequently asked questions

What is the Elastic Global Threat Report?

Where does Elastic get the threat data from?

What months make up the Global Threat Report?

Where can I find previous reports?

Explore Elastic Security

Empower your SOC

Work smarter with AI

Fueled by Elastic Security Labs

Follow us

About us

Join us

Partners

Trust & Security

Investor relations

EXCELLENCE AWARDS