Case Study: Léargas Security combats COVID-19 fraud and scales to 6TB/day with Elastic

Léargas Security chooses Elastic, replaces Splunk to battle COVID-19 fraud

Léargas Security provides converged cyber and physical threat intelligence, using NLP and near‑real‑time correlation of dark web, social media, TOR and other sources to surface indicators of compromise and behavioral risks. When COVID‑19 spawned waves of phishing, credential‑stuffing and malware campaigns, Léargas needed scalable, cost‑effective search and analytics to process massive, fast‑moving streams of unstructured data and to detect multi‑contextual attacks across customers’ environments.

The team replaced Splunk with the Elastic Stack (Elasticsearch, Beats, Kibana), enabling ingestion and normalization of diverse sources at scale—processing well over 6 TB of COVID‑19‑related logs per day—while improving search performance and reducing licensing and hardware constraints. With Elastic they rapidly correlated domains, hashes, TTLs and email patterns to stop phishing and credential theft, exported actionable feeds in STIX, extended behavioral detections with Zeek data, and published public threat feeds to help other defenders.

Léargas Security

Patrick Kelley

Founder