How Hermes Germany Uses Elastic Security to Cut SIEM Costs by 50%

As Germany’s second-largest logistics provider and an entity classified under the country’s KRITIS critical infrastructure framework, Hermes Germany operates under strict security obligations. Its fleet of more than 40,000 delivery staff carries handheld scanners that generate continuous data streams, and its head office in Hamburg coordinates parcel flows across Germany and abroad. Any gap in security monitoring carries regulatory as well as operational consequences.

The incumbent on-premises SIEM had become a liability. The platform suffered frequent cluster outages, carried high license fees, and required separate infrastructure and energy costs to keep running. More fundamentally, ingesting scanner data from 40,000 field devices was prohibitively expensive, leaving an entire category of endpoint activity invisible to the security team. The volume and the price tag made it impossible to meet KRITIS compliance requirements through the existing tooling.

Hermes Germany evaluated several cloud-based SIEM providers and selected Elastic Security on Google Cloud Platform, citing the platform’s flexible data processing architecture and its ability to integrate with existing systems. The migration was conducted with direct support from the Elastic team, and the transition included moving scanner data ingestion into the platform from day one. Elastic Common Schema standardized incoming data across sources, enabling analysts to trace connection paths and destination IPs through a unified model without manual reformatting.

The results were immediate and measurable. Total platform costs fell by 50% compared with the previous on-premises solution, even before accounting for energy and infrastructure savings. The security team gained endpoint protection, device isolation, file retrieval, and process querying in a single interface. The Elastic AI Assistant, linked to Google Gemini, now helps analysts interpret log messages, optimize detection logic, and write incident reports through natural language. Attack Discovery clusters and triages alerts automatically using machine learning, reducing noise and surfacing only the signals that require human review.

Hermes Germany is now expanding Elastic Agent across its infrastructure to deepen visibility and enable one-click device isolation. The combination of automated triage and agentic investigation tools has allowed the security team to shift from reactive firefighting to structured, intelligence-driven operations—a critical shift for an organization whose continued availability is a matter of national importance.