Security and Alerting for Elasticsearch and Kibana
Search Guard is a Security and Alerting Plugin that encrypts and protects your data and data flows from unauthorized access in the entire Elastic Stack.
Search Guard provides security on all levels
Search Guard provides an all-encompassing security solution to keep your most confidential data safe. Utilizing RBAC, Search Guard ensures the highest level of protection in your clusters, indices, and documents by adding encryption, authentication, authorization, audit logging, compliance as well as alerting and anomaly detection features.
Search Guard supports all industry standards
Search Guard supports all industry standards for authentication and authorization like LDAP, Active Directory, OpenID, SAML, Kerberos, JSON web tokens or client certificates. You can chose from a wide variety of modern and highly secure modern cipher suites.
Search Guard protects all components of the Elastic Stack
Search Guard implements full access control over your entire Elasticsearch environment. Protect all components of the Elastic stack, including Kibana, Logstash and Beats.
Search Guard is trusted by
Certified
Since 2013, Search Guard has been pushing the boundaries of Elastic Stack security.
Priority support
Our customers enjoy priority support with guaranteed service-level agreements and direct access to the Search Guard developer team.
Trusted by
Our clients span the globe, from Fortune 500s and federal entities to groundbreaking start-ups. They trust us with their most important projects - no matter the size or type.
Enterprise security on all levels
Licensing models
Search Guard Community Edition
- Covers all essential Security and Alerting needs
- Free of charge
- Integrated with the entire Elastic Stack
Search Guard Enterprise Edition
- Integrates with all major security standards
- Field-level and Document-level Security
- Management API and Kibana Multitenancy
Search Guard Compliance Edition
- Designed for meeting compliance regulations e.g. GDPR
- Record all read-and-write access to data
- Monitor integrity of Elasticsearch installation
We offer an
Academic & Scientific License
, as well asCustom Licenses
for your personal needs.What our clients say
Search Guard met all of our needs and more. Not only have we found open source tools that meet our needs, but we’ve found a partner that’s worked with us through the development of the new platform. They’ve been responsive and engaged every step of the way.- Security is paramount to the protection of our customer’s data. ICHEC chose Search Guard to protect its ELK-Stack environment because of its Single Sign-On authentication integration, access control measures and audit features. The licensing model is also flexible enough as we continue to grow our services.
- Security is the prerequisite for every project in the IT industry, especially when it comes to data. HEAnet chooses Search Guard to protect its ELK cluster because it provides node-to-node encryption (TLS) and more features such as multi-tenancy, compliance, unlike its competitors who only provide security on the REST layer.
- The Steinbuch Centre for Computing at KIT is using Search Guard to secure Elasticsearch instances operated in the World Wide LHC Computing Grid Tier-1 center "GridKa" and in the Large Scale Data Facility. Without fine-grained access control we would be unable to expose Elasticsearch to individual users or use single instances for both private and public data. The multitenancy features for Kibana offered by Search Guard are specially useful, enabling us to also use Kibana for public dashboards.
- Search Guard makes it possible for us to use the ELK-Stack in a productive environment. We chose Search Guard primarily because of the Active Directory and role-permission features. We find their licensing model incredibly helpful, as well as the fact that we are able to use an unlimited amount of nodes.
- We have chose SearchGuard because it matches our values of technical rigour, openness, and auditability. It is enabled us to ensure that data in transit is secure against eavesdropping in off-prem environments, to implement verifiable and granular access to our Elastic clusters, and most importantly to give our analysts access to restricted data sets with confidence that PII remains protected and confidential.
- In 2019 we planned to install one large logging infrastructure cluster for about 100TB of data. Not as SIEM, but mainly to have logs available centrally for developers and admins. We chose one Elasticsearch instance as a large log repository. We decided to install the 8 data nodes and 10 VMs with one contractor. He proposed us 2 solutions for the “role-based access control” software. After testing, we quickly adopted SearchGuard. We actually send all our critical logs to this cluster. About 15 users can login in the system and see what they are looking for. With SearchGuard we can easily limit the accesses to the logs of their applications only. The right segregation is working well, and we are happy with the solution we chose for the user’s access control.