Core Elastic Stack Security Features Now Available For Free Users As Well

Posted by & filed under Security News.

Elastic, the company behind the most widely used enterprise search engine ElasticSearch and the Elastic Stack, today announced that it has decided to make core security features of the Elastic Stack free and accessible to all users.

ELK Stack or Elastic Stack is a collection of three powerful open source projects—Elasticsearch, Logstash, and Kibana—that many large and small companies are using to format, search, analyze, and visualize a large amount of data in real time.

In recent months, we have seen how thousands of instances of insecure, poorly configured Elasticsearch and Kibana servers had left millions of users sensitive data exposed on the Internet.

Since the free version of Elastic Stack by default does not have any authentication or authorization mechanism, many developers and administrators fail to properly implement important security features manually.

The core security features—like encrypted communication, role-based access control, authentication realms—in previous versions required a paid Gold subscription, but the latest versions 6.8.0 and 7.1.0 of the Elastic Stack released today offers these features for free so that everyone can run a fully secure cluster without any hassle.

Here’s the list of core security features that are now free in the latest Elastic Stack versions as a part of the Basic tier:

  • TLS (Transport Layer Security) for encrypted communications.
  • File and native realm for creating and managing users.
  • Role-based access control for controlling users’ access to cluster APIs and indexes; also allows multi-tenancy for Kibana with security for Kibana Spaces.

 

These features now make it possible for users to “encrypt network traffic, create and manage users, define roles that protect index and cluster level access, and fully secure Kibana with Spaces.”

However, the company clarifies that its advanced security features like single sign-on, Active Directory/LDAP authentication, attribute-based access control, and field-level and document-level security remain available only for paid customers.

You can download versions 6.8.0 or 7.1.0 of the Elastic Stack to take advantage of the security features.

 

The information contained in this website is for general information purposes only. The information is gathered from The Hacker News while we endeavour to keep the information up to date and correct, we make no representations or warranties of any kind, express or implied, about the completeness, accuracy, reliability, suitability or availability with respect to the website or the information, products, services, or related graphics contained on the website for any purpose. Any reliance you place on such information is therefore strictly at your own risk.
Through this website, you are able to link to other websites which are not under the control of CSIRT-CY. We have no control over the nature, content and availability of those sites. The inclusion of any links does not necessarily imply a recommendation or endorse the views expressed within them.
Every effort is made to keep the website up and running smoothly. However, CSIRT-CY takes no responsibility for, and will not be liable for, the website being temporarily unavailable due to technical issues beyond our control.