Securing the distributed perimeter: How Elastic scaled proactive detection with ProjectDiscovery Cloud

About Elastic

Elastic is the company behind Elasticsearch, the open-source search and analytics engine powering millions of applications. Since launching in 2012, Elastic has grown into a global, publicly traded company (NYSE: ESTC) with almost 4,000 employees and a fast-expanding suite of products spanning search, observability, and security.

Its flagship Elastic Stack (formerly the ELK Stack: Elasticsearch, Logstash, and Kibana) helps thousands of organizations, from startups to Fortune 500s, monitor, secure, and gain insights from massive volumes of data.

Elastic's security challenges

Elastic runs on a truly global infrastructure, with around 50,000 servers deployed across AWS, Azure, and GCP. That kind of scale introduces complexity that most traditional security tools just weren’t built to handle.

With assets constantly shifting and threats evolving daily, Elastic’s security team faced growing pressure to stay proactive and precise. Among the key challenges:

• Coordinating vulnerability detection across a large multi-cloud environment
• Maintaining a live, accurate inventory of external-facing assets
• Responding quickly to zero-days and risky misconfigurations
• Proactively identifying issues that external researchers were catching through Elastic’s public bug bounty program
• Navigating the limitations of legacy scanners like BitSight and SecurityScorecard, which often produced more noise than actionable insight
• Scanning and validation workflows that were too slow and resource-intensive to keep up with the pace of modern threats
• Staying in sync as a globally distributed team, where response coordination added an extra layer of complexity

The power of Nuclei

Before going all-in on ProjectDiscovery Cloud, Elastic had already embraced Nuclei, the open-source vulnerability scanner built for customization and speed, along with other ProjectDiscovery tools like naabu and httpx. 

Nuclei gave the team a strong foundation. They could create custom detection templates and tap into rapid community contributions without the noise of false positives. But operating it at scale came with trade-offs.

“The ease of use and strong community backing are huge advantages. With Nuclei, I can easily write my own templates while benefiting from rapid coverage provided by community-driven templates.”
— Clement Fouque, Principal Information Security Analyst at Elastic

Their setup started out simple with bash scripts, cron jobs, and a devbox running scheduled scans. But over time, challenges emerged:

• Cloud providers sometimes blocked or rate-limited the devbox, cutting off visibility
• Scans often took days to complete, slowing down response
• Revalidating fixes was slow and repetitive, especially when timing mattered most
• Maintaining scripts, schedules, and infrastructure drained time from higher-impact work
• Follow-up was challenging since findings were hidden in JSON files

What started as a simple DIY solution became a bottleneck. The team needed the power of Nuclei, but without the drag of running it themselves.

Enter ProjectDiscovery Cloud

ProjectDiscovery Cloud delivered exactly what Elastic needed: the scalability of an enterprise platform with the flexibility and speed of open source.

Having already used Nuclei extensively, the switch felt less like a migration and more like a natural evolution.

“We were already invested in Nuclei. ProjectDiscovery Cloud was the missing piece that let us scale it seamlessly across our environment,” said Clement Fouque, Principal Information Security Analyst at Elastic.

ProjectDiscovery’s philosophy also matched Elastic’s open-source DNA. Their team valued:

• Community-powered agility: The open-source community moved fast, and new templates were often available within hours of a CVE dropping.
• Accurate detections: ProjectDiscovery’s internal team reviewed every submission for accuracy and quality
• Template-first customization: Nuclei’s YAML templates made it easy to write and tweak detections tailored to Elastic’s needs.
• A true partnership: ProjectDiscovery’s engineering team welcomed feedback, shipped improvements quickly, and felt like an extension of Elastic’s own team

Impact at scale

With ProjectDiscovery Cloud, Elastic's detection workflows were transformed almost overnight.

• Real-time perimeter view: Automated asset discovery gave Elastic a reliable, always up-to-date view of their perimeter, streamlining audit prep and reducing the manual overhead of proving controls.
• Rapid response: During the Next.js CVE-2025-29927 disclosure, Elastic scanned 14,500 assets in under five minutes. What used to take days was done in minutes, with accuracy that saved dozens of hours in manual triage.
• Confidence from the attacker’s perspective: Because scans run from the cloud, there was no risk of being blocked or rate-limited. Elastic knew exactly what an attacker would see, and whether it's vulnerable.
• Instant validation: Retest scans completed in seconds, giving the team near real-time confirmation on whether a vulnerability has been fixed.
• Right-sized response: Fast scan results meant incident response teams were looped in only when necessary, reducing coordination overhead and freeing up security resources when responding to emerging threats
• Automated remediation workflows: GitHub tickets were created automatically for issues meeting certain severity thresholds (Critical, High, Medium)
• Faster, more flexible detections: With the AI Template Editor, Elastic could quickly generate and customize Nuclei templates to match their security workflows, unlocking broader coverage without adding complexity
• Bug bounty acceleration: Findings from external researchers were turned into reusable templates, helping the team surface similar issues across the environment fast.

Elastic’s experience demonstrates how lean security teams can effectively manage vulnerability detection at massive scale by strategically leveraging open-source innovation, community-driven insights, and automation.

What’s next

Elastic isn’t slowing down. With the foundation in place, the team is already planning new ways to extend and scale their detection capabilities, including:

• Building an elastic agent integration to push findings directly into the Elastic Stack
• Expanding coverage with custom technology detection templates, focusing on their most critical technologies and applications first
• Using ProjectDiscovery Cloud’s integrations with cloud infrastructure providers to broaden the scope of monitoring and scanning

As their environment grows, so does their confidence, supported by a scalable detection platform that evolves with them.