How UOL Uses Elastic AI to Cut Security Incident Resolution Time by 80%
UOL Group is Brazil’s largest digital media, technology, and payments platform, serving eight out of ten Brazilian internet users monthly across more than 200 applications and thousands of cloud and on-premises resources. After migrating from Splunk to Elastic Security and deploying Elastic AI Assistant and Attack Discovery with Amazon Bedrock integration, UOL reduced security incident resolution time by 80% — from days to minutes — and cut false positive alert volume in half.
Impact
80%
Incident resolution time reduction
50%
False positive reduction
200+
Applications monitored
Challenge
UOL’s security analysts worked across two or three disconnected platforms to investigate a single incident, spending hours or days manually pulling logs, correlating data, and building dashboards before they could diagnose and resolve threats.
Solution
UOL deployed Elastic Security, Elastic AI Assistant, and Elastic Attack Discovery integrated with Amazon Bedrock, consolidating observability and security on a single platform with AI-driven natural language alert investigation, automated threat triage, and generative AI root cause analysis.
Tools & Technologies
Amazon BedrockWhat Leaders Say
“With Elastic, the time needed to fix actual security events has been reduced by 80%, and false positives are down 50%.”
“We went from responding to incidents in days to resolving them in minutes. Our analysts no longer juggle two or three different systems because everything they need is finally in one place.”
“Before Elastic with Amazon Bedrock, it would take days or hours to grab a log, search for the issue, put it on a dashboard and start analyzing. It now takes just minutes.”
Sign up to read complete case studies, access detailed metrics, and unlock all use cases.
Full Story
UOL Group sits at the center of the Brazilian internet. Eight out of ten Brazilian internet users visit UOL each month to read news, stream sports and entertainment, and access email and financial services. Managing that infrastructure means keeping 200-plus applications and thousands of containers, cloud resources, and on-premises servers running reliably — some of those systems have been in production for over two decades. The scale and heterogeneity of the environment made security operations particularly demanding.
For years, UOL’s security and observability workflows ran on separate platforms. Analysts moved between two or three systems to investigate a single alert, manually pulling logs, searching for patterns, and building dashboards before they could even begin analysis. A complex incident could consume hours or days. False positives were a chronic drain on analyst time, and the friction between disparate tools created blind spots and slowed response.
UOL migrated from Splunk to Elastic Security and consolidated observability and security onto a single Elastic cluster. On top of that foundation, the team deployed Elastic AI Assistant — which allows analysts to investigate alerts, generate queries, and respond to incidents using natural language — and Elastic Attack Discovery, an AI-powered triage layer that surfaces and prioritizes real threats while filtering noise. UOL also integrated Attack Discovery with Amazon Bedrock, leveraging large language models to power AI features across the platform.
The operational shift was immediate. What previously took hours or days — pulling a log, searching for the issue, correlating it across systems, building a dashboard — now takes minutes. “We went from responding to incidents in days to resolving them in minutes,” said Bruna Donatti, UOL’s Blue Team Coordinator. Incident resolution time dropped 80%. False positive volume fell 50%, freeing analysts to focus on real threats. And because observability and security now share a single platform, cross-team collaboration between operations, DevOps, and development teams improved significantly.
The cultural shift has been as notable as the technical one. Teams that were initially reluctant to change now compete to onboard into the platform. UOL’s security team transitioned from delivering set features to building team-specific rules and alerts based on internal customer requests — a more responsive and intelligence-driven security model. For Brazil’s largest digital platform, AI-powered security is now embedded in how the organization operates, not just layered on top of it.