Some Elasticsearch security features are now free for everyone

Company makes TLS support and fine-grained user/role management free for everyone.
Written by Catalin Cimpanu, Contributor
Image: Elastic, ZDNet

Elastic NV, the company behind the Elasticsearch document-oriented database and search engine technology, announced yesterday plans to make access to some its product's top security features free to everyone.

Before this week, access to these security features required a paid Gold subscription plan, but starting Monday, access to these security features will be available to all Elasticsearch users, Steve Kearns, VP of Product Management at Elastic, said in a blog post yesterday.

"This means that users can now encrypt network traffic, create and manage users, define roles that protect index and cluster level access, and fully secure Kibana with Spaces," he said.

The company released versions 6.8.0 and 7.1.0 of the Elastic Stack yesterday that added access to these security features for everyone. More exactly, these new versions added:

  • TLS for encrypted communications
  • File and native realm for creating and managing users
  • Role-based access control for controlling user access to cluster APIs and indexes; also allows multi-tenancy for Kibana with security for Kibana Spaces

Access to other security features, such as single sign-on authentication, Active Directory/LDAP authentication, field- and document-level security, still require a Gold or Platinum subscription.

A tutorial for deploying and configuring these new security features is available, along with a video tutorial, embedded below.

Besides new security features, Elastic also announced a new project called the Elastic Cloud on Kubernetes (ECK), which Kearns described as "the official Kubernetes Operator for Elasticsearch and Kibana (Elasticsearch's web-based UI)."

"ECK is designed to automate and simplify how Elasticsearch is deployed and operated in Kubernetes," Kearns said.

The company released a first alpha version on Monday.

Elasticsearch has a big security problem

Developed to be deployed on internal networks, ElasticSearch installations have often exposed customers' data. The technology has been at the heart of a large number of breaches in recent months. For example:

With this week's new releases, Elastic hopes to cut down on the number of Elasticsearch users accidentally exposing their systems.

Data leaks: The most common sources

Related cybersecurity coverage:

Editorial standards