Case Study: The Nature Conservancy achieves centralized security visibility and scalable log management with Elastic

How a Few Geeks Learned to Elastic Stack Logs

The Nature Conservancy (TNC), a global conservation nonprofit with ~4,000 staff in 70+ countries, faced a security visibility problem: systems logged locally but there was no centralized SIEM, so attacks were hard to predict, scope and resolve. Limited sensors and disparate log sources left incident response and forensic questions unanswered.

TNC implemented an Elastic Stack pipeline guided by a CARVE model (Collect, Aggregate, Refine, Visualize, Enhance), deploying Bro and Snort sensors, Beats, Logstash with RabbitMQ, Elasticsearch, Kibana and X‑Pack plus parsing and enrichment filters. The rollout (targeting ~100 offices and tens of terabytes of logs) enabled cross‑office compromise tracking, rich operational metrics, cradle‑to‑grave event tracking and faster incident response, with plans to extend host‑level sensors and apply machine learning.

The Nature Conservancy

Daniel Shirer

Security Analyst