With the release of Elastic Stack versions 6.8 and 7.1, Elasticsearch has made several security features freely available in the default distribution, focusing on encryption, authentication, and authorization. TLS encryption is now integrated into Elasticsearch and Kibana, eliminating the need for complex proxy setups to secure communications within clusters. Native authentication is also freely accessible, allowing for more streamlined user management without relying on potentially insecure proxy configurations. The authorization system has been enhanced to offer robust, flexible control over data access down to individual documents and fields, moving away from fragile, proxy-based solutions. Despite these advancements, traditional security measures like using VPNs, firewalls, and data backups remain essential, as they add additional layers of security. The introduction of new tools and services, such as the official Kubernetes Operator and enhanced scripting restrictions, aims to simplify securing Elastic Stack deployments. As the landscape of security constantly evolves, Elastic Stack continues to adapt by updating its practices and offering advanced security features to both cloud and on-premises users.