How Doctolib Built an In-House SOC with Elastic Security, Cutting False Positives by 50%
Doctolib, Europe’s leading e-health platform connecting 90 million patients with 400,000 healthcare professionals, replaced an outsourced OpenSearch-based SOC with an in-house security operations center built on Elastic Security. The migration cut false positives by 50%, extended data retention from one month to one year, and enabled Doctolib to manage 12 times more log data while reducing cost per terabyte by 83%.
Tools & Technologies
1AI Categories
Challenge
Doctolib’s outsourced SOC on OpenSearch generated frequent false positives, limited data retention to one month, and couldn’t scale cost-effectively with the platform’s growth—leaving a 90-million-patient e-health platform underprotected and analysts overloaded with noise.
Solution
Elastic Security was deployed as Doctolib’s in-house SIEM, centralizing log collection across all data sources, applying machine learning for automated threat detection, and running on AWS to enable elastic scaling of both data volume and retention period.
Full Story
Doctolib operates as the dominant digital health platform in Europe, serving 90 million patients and 400,000 healthcare professionals across France, Germany, Italy, and the Netherlands. As a platform handling sensitive patient data under strict healthcare regulations, the security demands are acute—and the consequences of a breach extend beyond financial loss into patient safety.
Access 451+ AI use cases, 424+ tools, and adoption signal rankings.