How Bank Leumi Cuts Security Detection Time 60% with Elastic

Bank Leumi, founded in 1902, is Israel’s largest bank by assets, with more than 7,000 employees and over $195 billion in assets under management. Its operations span consumer, corporate, and investment banking, as well as a growing suite of digital banking services. The scale and diversity of those activities generate a continuous stream of data flowing between disparate systems — cloud and on-premises alike — all of which must remain secure, auditable, and available to a demanding security operations center (SOC).

As the bank’s infrastructure grew and shifted toward the cloud, its incumbent logging and SIEM solution struggled to keep pace. Semi-structured data generated within the cloud platform was particularly difficult to handle. When security analysts needed to track down logs for forensic investigation, the process took hours and sometimes required external support, further slowing the SOC team. Dudi Levi, Head of Data in the Cyber Division, described the core friction: the bank needed a better way to handle all kinds of data while giving internal customers the flexibility to filter and analyze themselves rather than depending on specialists.

Elasticsearch was already in use at Bank Leumi as a data lake by several teams. When Levi evaluated options to replace the SIEM, Elastic Security emerged as the strongest all-round fit — and one that let the team build on existing expertise. The deployment expanded Elastic’s footprint across the bank, adding structured log ingestion pipelines, Kibana dashboards for Security and Operations teams, and pre-packaged MITRE ATT&CK-mapped detection rules covering threats from DDoS and ransomware to zero-day attacks. Machine learning rules were layered on top for advanced attack scenarios. ES|QL, Elastic’s query language, enabled analysts to filter, aggregate, and analyze data across time series directly from the Kibana interface.

The operational shift was immediate. Log hunting that previously consumed hours now takes minutes. Sapir Dagan, an Information Security Specialist, described the change bluntly: if Elastic Security were taken away, the SOC team would start shouting for its return. Self-service analytics through Kibana let technical groups across the bank manage and detect threats independently, reducing the burden on the Security Data Team. In aggregate, the bank cut log detection and analysis time by 60%, reduced time spent resolving security issues by 50%, and achieved a 40% reduction in total cost of ownership by consolidating its SIEM and data logging operations onto a single platform.

Bank Leumi is now migrating its infrastructure to AWS, with plans to carry Elastic along into the same cloud environment. The team intends to use Elastic searchable snapshots and S3 buckets to extend data availability and retention, and expects the steady cadence of new Elastic Security features and detection rules to sustain its defensive posture as the threat landscape evolves.