Rock solid enterprise security on all levels

Search Guard gives you full security control over your entire Elasticsearch environment. Whether you just want to encrypt data in transit, authenticate users against Active Directory, use Kerberos or JSON web tokens for Single Sign On or need to monitor and log malicious access attempts, Search Guard is your one-stop-shop solution.

View plans & pricing Read the official documentation

Search Guard puts “Security First”. Your data is too valuable and sensitive to take any shortcut.

Completely
Open Source

 

Worried about backdoors or hidden functionalities? Want to check that  Search Guard does not “call home”? Need to do an internal audit before using it in production? We think that security software has to be Open Source by definition, so all of our code is available for you to download, inspect, evaluate and audit.

Compliance
Features

 

Security compliance regulations like GDPR, HIPAA, PCI-DSS or SOX require a business to protect, track and control access to sensitive data. Search Guard offers an extensive range of features that will help you to meet the technical requirements of compliance regulations.

Fortune
500 companies

 

A wide variety of enterprises, from Fortune 500 companies to the most innovative start-ups around the world, are trusting in Search Guard to secure their environments, and for good reason. Search Guard runs on high-scale mission-critical production clusters protecting sensitive data in the finance, healthcare, pharmaceutical, aviation, telecommunications, security, and data intelligence sectors.

What do you get with Search Guard?

Search Guard is your one-stop-shop solution when it comes to security and compliance. Versatile, flexible and battle-proven.

Search Guard is licensed per production cluster, not per node. The license has no node-limit, so you don’t need to worry about ever increasing prices. Scale your cluster, not your cost! All other systems, like development, staging, integration, test and the like, are also included at no additional cost.

Read more

We support TLS encryption for all data in transit, on REST and also on Transport layer. Make sure your traffic cannot be stolen or tampered with, and that only trusted nodes can join your cluster. Take the first step towards compliance!

Read more

Search Guard supports encryption at rest on a file system level by using libraries like dm-crypt.

Leverage your existing Active Directory or LDAP servers for Elasticsearch authentication and authorization. Our flexible configuration makes it possible to map nearly any Directory structure to Search Guard roles. We support role subtrees, attribute-based roles and also nested roles.

Read more

Especially in Windows environments, Kerberos is the authentication method of choice. Search Guard supports Kerberos and SPNEGO natively, so it integrates perfectly with any Windows-based Single Sign On infrastructure.

Read more

Search Guard provides fine-grained role-based access to any index in your cluster. Control exactly what a user is able to do with your valuable data by using either pre-defined permission sets like READ, WRITE, DELETE, or by granting access based on individual Elasticsearch actions.

Read more

Document-level security restricts a user’s access to certain documents within an index. Field-level security enables you to include or exclude fields from the documents in the search result. This gives you full control over which roles can see what data, all the way down to individual fields.

Read more

Audit logging enables you to track access to your Elasticsearch cluster, log security related events and provide evidence in case of an attack. Audit logging helps you to stay compliant with security regulations like GDPR, HIPAA, ISO, PCI or SOX.

Read more

Document-level security restricts a user’s access to certain documents within an index. Field-level security enables you to include or exclude fields from the documents in the search result. This gives you full control over which roles can see what data, all the way down to individual fields.

Read more

Sometimes logging audit events is not enough, and you need to keep track of what is going on in your cluster at a deeper level. For example, to maintain compliance with GDPR. Search Guard can monitor and store any read or write access at document and field level. You know exactly which user has seen or modified which documents and fields, and when. This is compliance implemented in the right way.

Read more

Any change to your Elasticsearch and Search Guard infrastructure can be monitored and recorded. Need to prove that your security configuration has not been altered? Want to know what access permissions a particular role had seven months ago? Or need to make sure that critical security patches have been installed on time? Our compliance features enable you to do all of these things.

Read more

Before returning results to the client Search Guard can anonymise fields on a per-role basis. No need to anonymise at ingest time anymore!

Read more

Tired of Kibana users being able to see all your dashboards and visualizations? Meet Search Guard multitenancy, which allows you to set up different spaces in Kibana which are only accessible for certain roles. Want to separate dashboards by department or role? With Search Guard multitenancy you can!

Read more

We support Kibana Single Sign-On and offer a variety of technologies to choose from, including SAML, OpenID, Kerberos, JWT or Proxy authentication.

Search Guard supports SAML and integrates perfectly with identity providers like Okta, Auth0, Keycloak, OneLogin or any other SAML compliant provider.

Read more

JSON Web Tokens (JWT) are an open, industry standard method for implementing lightweight Single Sign On solutions. We support JWT out of the box, so Search Guard integrates perfectly with any Identity Provider that supports JWT or OpenID.

Read more

The REST management API is a great tool to automate the management of users, roles and permissions in your running cluster. Integrate Search Guard with tools like Ansible, Chef or Puppet, or configure any aspect of Search Guard with a simple curl command.

Read more

Search Guard can be configured by using our powerful command line tools from any machine that has access to your cluster. But sometimes you want a more visual way of configuration, or give your users and customers self-access. Meet our Kibana-based configuration GUI which makes it super-easy to manage all aspects of Search Guard.

Read more

Search Guard is compatible with the Elastic stack, including Kibana, Logstash, Beats and X-Pack.

Search Guard is compatible with Cross Cluster Search and tribe nodes. You can use all Search Guard features without limitations.

Read more

Search Guard runs perfectly on virtualised or containerised environments like Docker or AWS.

Our licensing model

Search Guard offers several licensing models to fit your infrastructure and requirements.

Search Guard

Community Edition

Your basic needs are covered,
completely free of charge.

Install now!

Search Guard

Enterprise Edition

Unlimited nodes.
Scale your cluster, not your cost.

Get a quote now!

Search Guard

Compliance Edition

Stay compliant with
Data Protection Regulations.

Get a quote now!

If you need a custom solution because your infrastructure
doesn’t fit in with any of the editions, get in touch with us.
If you need an academic license, please fill in the form here.

Find a distribution partner near you Interested in an OEM contract?

Search Guard in use

Search Guard is in use worldwide, by companies of all sizes and in a broad range of industry sectors.

Main industry sectors

Finance

Healthcare

Science

Governmental

Big Data

Aerospace

E-Commerce

Legal

Telecommunications

Education

What people say

Sign up for our newsletter

Sign up for the Search Guard newsletter. We will only send out useful updates, and never spam you. And that's a promise!

pmeloAccueil