ECS delivers smarter security and cost transparency with Elastic Cloud

ECS uses Elastic Cloud to scale managed security operations while tracking usage, controlling costs, and delivering clear, data-driven chargeback transparency for customers.

When you’re providing 24/7 managed security services for your customers, visibility isn’t just about detecting threats. It’s about understanding how every byte of data is used, stored, and billed. For ECS, a leading provider of advanced technology solutions serving federal civilian, defense, intelligence, and commercial sectors, Elastic has become the foundation for both operational performance and financial accountability.

A managed security provider built to maximize Elastic

ECS delivers managed detection and response services for organizations across industries, combining threat detection, enrichment, and automation through its security operations center (SOC).

We cross-cluster customers’ Elastic Cloud (SIEM) to ECS’ Elastic Cloud, where we can deploy detections at scale from our GitHub repository, conduct IOC sweeps, and perform threat hunting operations. The ability to do this at scale and leverage Elastic’s cross-cluster capability is a significant factor in our ability to scale and conduct critical operations quickly.

Jason Bartlett, Director, Security Engineering, ECS

ECS engineers ensure health, upgrades, and performance while maintaining strict compliance and isolation requirements for each client.

Turning Elastic usage into a transparent chargeback model

As ECS scaled, it faced a challenge familiar to many service providers: how to fairly and transparently allocate Elastic usage costs across multiple customers sharing a single tenant.

To address this, ECS built an internal chargeback model that mirrors Elastic Cloud’s own billing principles. “We purchase Elastic credits, which go into a shared pool,” Bartlett says. “Clients using that shared tenant draw from that same pool. We track consumption per customer and charge them back based on their burn rate.”

This system allows ECS to offer smaller clients a flexible, cost-efficient option, consuming Elastic resources without needing to manage their own licenses or tenants while still maintaining transparency and accountability.

Tracking usage with Elastic and ServiceNow

Accurate tracking is critical in a shared tenant environment. ECS developed an internal consumption framework dashboard that consolidates Elastic metrics into ServiceNow, providing real-time visibility into credit usage and data ingestion rates.

Michael Scroggin, SIEM engineering manager at ECS, manages these dashboards closely:

We review consumption weekly. Elastic’s billing API and console improvements have made this process far easier. We can now segment usage by cluster, track overages, and communicate with customers before credits run out.

Michael Scroggin, SIEM Engineering Manager, ECS

Elastic’s recent billing enhancements, especially around detailed cluster-level usage, have reduced manual tracking and eliminated much of the uncertainty that used to come with managing a shared pool. “Earlier, the billing console showed everything as one big pool,” Scroggin adds. “Now, we can see cluster-level breakdowns, which makes cost allocation far more precise.”

Security and efficiency powered by Elastic

Beyond billing accuracy, ECS supports customers using Elastic Security and Elastic Observability solutions to both safeguard customer environments and optimize operational efficiency. With Elastic Security, ECS enables the monitoring and detection of Elastic customers across its managed SOC, correlating billions of events daily to identify threats faster and tune detection rules. Elastic’s native machine learning capabilities help automate anomaly detection and alert triage, giving ECS analysts real-time visibility into potential risks before they escalate.

At the same time, Elastic Observability provides deep insights into system performance, resource utilization, and data ingestion trends across ECS’s customer environments. This visibility enables ECS engineers to pinpoint inefficiencies, balance workloads, and right-size clusters, ensuring that customers are using the optimal amount of resources for their needs.

Christopher Granata, SIEM engineer at ECS, explains how this combination of visibility and intelligence drives smarter resource decisions:

The level of visibility we have now is a game-changer. We can break down usage by organization, cluster, deployment model, and even node activity. Elastic gives us everything we need to manage a multi-tenant environment efficiently.

Christopher Granata, SIEM Engineer, ECS

Through this unified Elastic stack, ECS continuously improves both performance and cost-effectiveness. Security events, operational metrics, and billing data flow into the same ecosystem, giving ECS a single source of truth for protecting customers and managing spend.

This proactive approach not only strengthens security outcomes but also deepens ECS’s partnership value, positioning the company as both a trusted managed security provider and a cost optimization partner.

Elastic at the core of secure service delivery

For ECS, Elastic isn’t just a SIEM platform. It’s the operational engine behind their SOC, customer analytics, and internal cost model, helping to manage and scale Elastic customers.

By combining Elastic Cloud’s scalability with custom-built automation, ECS ensures every customer’s data is protected, every credit is tracked, and every service is delivered with precision. “Our goal is simple,” Bartlett concludes. “Keep our customers secure, keep the data flowing, and make sure everyone gets the value they’re paying for.”

The release and timing of any features or functionality described in this post remain at Elastic's sole discretion. Any features or functionality not currently available may not be delivered on time or at all.

In this blog post, we may have used or referred to third party generative AI tools, which are owned and operated by their respective owners. Elastic does not have any control over the third party tools and we have no responsibility or liability for their content, operation or use, nor for any loss or damage that may arise from your use of such tools. Please exercise caution when using AI tools with personal, sensitive or confidential information. Any data you submit may be used for AI training or other purposes. There is no guarantee that information you provide will be kept secure or confidential. You should familiarize yourself with the privacy practices and terms of use of any generative AI tools prior to use.

Elastic, Elasticsearch, and associated marks are trademarks, logos or registered trademarks of elasticsearch B.V. in the United States and other countries. All other company and product names are trademarks, logos or registered trademarks of their respective owners.