Read the Report — State of Applied AI →
Financial ServicesSecurity Operations

How Bank Leumi Cuts Security Detection Time 60% with Elastic

BL
Bank LeumiSource: ELASTICMay 2026

Bank Leumi, Israel’s leading bank with more than 7,000 employees and $195 billion in assets, replaced its aging SIEM with Elastic Security to gain unified visibility across a cloud-and-on-premises infrastructure generating vast volumes of semi-structured data. By deploying Elastic Security alongside Kibana dashboards and MITRE ATT&CK-aligned detection rules, the bank cut log detection and analysis time by 60%, reduced security incident resolution time by 50%, and lowered total cost of ownership by 40%.

Impact

-60%

Log detection and analysis time

-40%

Total cost of ownership

-50%

Time resolving security issues

Challenge

Bank Leumi’s incumbent SIEM struggled to handle the semi-structured data generated by a growing cloud infrastructure, leaving SOC analysts spending hours — sometimes with external support — to track down logs for forensic investigation, while lacking self-service analytics capabilities for distributed security teams.

Solution

Bank Leumi deployed Elastic Security as its core SIEM, building on an existing Elasticsearch data lake foundation with Kibana dashboards, MITRE ATT&CK detection rules, ML-based threat detection, and ES|QL for ad hoc forensic analysis — giving every security team member self-service access to log analytics and threat investigation.

Tools & Technologies

ESElastic SecuritySecurityEElasticsearchSearch & Vector Database

What Leaders Say

We can accomplish so much more in less time. With Elastic, everything is just so intuitive and fast compared with the previous solution.

Dudi Levi, Head of Data - Cyber Division, Bank Leumi

Like any bank, we have a highly demanding SOC team. If Elastic Security was taken away, we would start shouting for it to be returned. It’s so much faster than the previous tool.

Sapir Dagan, Information Security Specialist, Bank Leumi
Get the full context.

Sign up to read complete case studies, access detailed metrics, and unlock all use cases.

Full Story

Bank Leumi, founded in 1902, is Israel’s largest bank by assets, with more than 7,000 employees and over $195 billion in assets under management. Its operations span consumer, corporate, and investment banking, as well as a growing suite of digital banking services. The scale and diversity of those activities generate a continuous stream of data flowing between disparate systems — cloud and on-premises alike — all of which must remain secure, auditable, and available to a demanding security operations center (SOC).

As the bank’s infrastructure grew and shifted toward the cloud, its incumbent logging and SIEM solution struggled to keep pace. Semi-structured data generated within the cloud platform was particularly difficult to handle. When security analysts needed to track down logs for forensic investigation, the process took hours and sometimes required external support, further slowing the SOC team. Dudi Levi, Head of Data in the Cyber Division, described the core friction: the bank needed a better way to handle all kinds of data while giving internal customers the flexibility to filter and analyze themselves rather than depending on specialists.

Elasticsearch was already in use at Bank Leumi as a data lake by several teams. When Levi evaluated options to replace the SIEM, Elastic Security emerged as the strongest all-round fit — and one that let the team build on existing expertise. The deployment expanded Elastic’s footprint across the bank, adding structured log ingestion pipelines, Kibana dashboards for Security and Operations teams, and pre-packaged MITRE ATT&CK-mapped detection rules covering threats from DDoS and ransomware to zero-day attacks. Machine learning rules were layered on top for advanced attack scenarios. ES|QL, Elastic’s query language, enabled analysts to filter, aggregate, and analyze data across time series directly from the Kibana interface.

The operational shift was immediate. Log hunting that previously consumed hours now takes minutes. Sapir Dagan, an Information Security Specialist, described the change bluntly: if Elastic Security were taken away, the SOC team would start shouting for its return. Self-service analytics through Kibana let technical groups across the bank manage and detect threats independently, reducing the burden on the Security Data Team. In aggregate, the bank cut log detection and analysis time by 60%, reduced time spent resolving security issues by 50%, and achieved a 40% reduction in total cost of ownership by consolidating its SIEM and data logging operations onto a single platform.

Bank Leumi is now migrating its infrastructure to AWS, with plans to carry Elastic along into the same cloud environment. The team intends to use Elastic searchable snapshots and S3 buckets to extend data availability and retention, and expects the steady cadence of new Elastic Security features and detection rules to sustain its defensive posture as the threat landscape evolves.

Similar Cases

SB
State Bank of India
64 million
app downloads

State Bank of India partnered with IBM to build YONO, a comprehensive mobile platform combining banking, financial services, and marketplace that achieved 64 million downloads and a USD 40-50 billion valuation.

Financial ServicesIAIBM API ConnectICIBM Consulting
S
Stripe
1,370
engineers deployed

Stripe collaborated with Anthropic to create a signed enterprise binary of Claude Code, deploying it to 1,370 engineers with zero configuration. One team migrated 10,000 lines of Scala to Java in 4 days instead of 10 weeks.

Financial ServicesCCClaude Code
NB
Norges Bank Investment Management
20%
weekly time savings per employee

Norges Bank Investment Management deployed Claude Enterprise to 600+ employees across all departments, achieving 20% weekly time savings on analytical and operational tasks. The $1.7 trillion sovereign wealth fund uses Claude for investment research synthesis, ESG compliance across 9,000 portfolio companies, and multilingual information processing. Business users can now prototype AI solutions independently without IT bottlenecks.

Financial ServicesCEClaude Enterprise
C
Campfire
3 days
reduction in monthly close time

Campfire embedded Claude into its accounting platform to automate monthly closes, bank reconciliation, and financial reporting. Customers now close their books 3 days faster, reconcile bank statements 90% faster, and generate reports 50% faster. Claude powers Ember, Campfire's AI chat interface for natural language financial queries.

Financial ServicesCAClaude API
SC
Suncoast Credit Union
75%
fraud loss reduction

Suncoast Credit Union deployed UiPath agentic automation for end-to-end fraud detection, reducing fraud losses 75% over two years, preventing $3.3M in fraud, and achieving 100% automated review coverage.

Financial ServicesUPUiPath Platform
N
nCino
3.5x
faster document filing

nCino, a cloud-based banking platform serving 2,800+ financial institutions, built domain-specific AI tools on Databricks and AWS leveraging 13 years of proprietary banking data. Their Banking Advisor delivers role-based AI insights natively within the platform, while Continuous Credit Monitoring automates risk alerts across the loan lifecycle. The result is 3.5x faster document processing and a shift from reactive to proactive portfolio management.

Financial ServicesAAWSSSalesforce
N
N26
70%
task automation in targeted processes

N26 deployed Claude via AWS Bedrock across 15+ internal use cases in its first year, automating up to 70% of tasks in targeted customer service processes and cutting manual processing by 50% across 24 European markets. New AI implementations now go from ideation to evaluation in 1–2 weeks.

Financial ServicesABAmazon BedrockCEClaude Enterprise
F
Fiserv
$10M
sla penalties avoided

Fiserv built safe, scalable AI automation on UiPath Platform with built-in governance, avoiding $10M in SLA penalties and onboarding 20,000+ QSR locations on schedule.

Financial ServicesUPUiPath Platform