Enterprise Overview

KafkaGuard On-Prem is the primary enterprise offering — a fully self-hosted, air-gapped Kafka compliance platform deployable in minutes with a single installer. Built for security teams, compliance auditors, and platform engineers managing mission-critical Kafka deployments in regulated environments.

KafkaGuard On-Prem

KafkaGuard On-Prem combines the full-featured CLI scanner with a web dashboard, central API, and team management — all deployed on your own infrastructure with no internet dependency.

Dashboard

Manage all your Kafka clusters from a single compliance dashboard. Track compliance scores, explore findings, manage scans, and control team access — entirely on-premises.

Key Capabilities

• Web Dashboard — Cluster overview with compliance scores, findings explorer, and scan timeline
• Central API — REST API for scan upload, querying, and reporting
• Team Management — Role-based access (Admin, Operator, Read-only) with full activity attribution
• Air-Gapped — Bundled Docker images, offline RSA-signed licensing, no phone-home
• Backup & Restore — One-command backup/restore, auto-backup before upgrades
• HTTPS/TLS — Built-in nginx with TLS termination (self-signed or your own certs)

For full installation and configuration details, see the On-Prem Setup Guide.

Enterprise Value Proposition

KafkaGuard Enterprise delivers enterprise-grade capabilities designed for organizations that need:

• Advanced Security - 40+ production-ready controls covering security, reliability, and operational best practices
• Compliance Ready - Built-in mappings for PCI-DSS, SOC2, and ISO 27001 compliance frameworks
• Production Performance - Scans complete in ~10 seconds with minimal resource footprint
• Audit-Ready Reports - Generate PDF, HTML, JSON, and CSV reports for compliance audits
• Enterprise Authentication - Full support for SASL, TLS, mTLS, and Kerberos authentication

Key Enterprise Benefits

Security & Compliance

• 40+ Security Controls - Comprehensive coverage of security, reliability, and operational controls
• Compliance Mapping - Automated mapping to PCI-DSS, SOC2, and ISO 27001 requirements
• Audit-Ready Reports - Generate PDF reports with compliance attestation for auditors
• Policy Tiers - Choose from baseline-dev (20 controls), enterprise-default (40 controls), or finance-iso (50 controls)

Performance & Reliability

• Fast Scans - Complete scans in ~10 seconds for typical 3-node clusters
• Lightweight - Single static binary under 50MB, memory usage under 200MB
• Multi-Platform - Support for Linux, macOS, and Docker deployments
• CI/CD Native - Seamless integration with GitHub Actions and other CI/CD pipelines

Enterprise Features

• Enterprise Authentication - Support for SASL (PLAIN, SCRAM-SHA-256, SCRAM-SHA-512), TLS, mTLS, and Kerberos
• Multiple Report Formats - JSON for automation, HTML for web viewing, PDF for audits, CSV for analysis
• Custom Policies - Create organization-specific policies tailored to your compliance requirements
• Automation Ready - Structured JSON output and exit codes for automated decision-making

Enterprise Capabilities

Security Posture

KafkaGuard validates your Kafka cluster's security configuration:

• Authentication - SASL mechanisms (PLAIN, SCRAM-SHA-256, SCRAM-SHA-512, Kerberos)
• Encryption - SSL/TLS with certificate validation and mutual TLS (mTLS) support
• Access Control - ACL validation and wildcard ACL detection
• Certificate Management - TLS certificate expiry validation and protocol version checks

Compliance Frameworks

Built-in compliance mappings for major regulatory standards:

• PCI-DSS 4.0 - 9 requirements mapped to KafkaGuard controls
• SOC2 Type II - 12 Trust Service Criteria covered
• ISO 27001:2013 - 34 requirements mapped across 5 domains

For detailed compliance mappings, see the Compliance Documentation.

Policy Tiers

Choose the right policy tier for your environment:

• baseline-dev (20 controls) - Development and testing environments
• enterprise-default (40 controls) - Production environments with security requirements
• finance-iso (50 controls) - Regulated industries

Learn more about Policy Tiers.

Enterprise Use Cases

Security Teams

• Validate security configurations across all Kafka environments
• Enforce security policies consistently
• Identify security vulnerabilities before they impact production
• Generate security audit reports

Compliance Auditors

• Generate audit-ready reports with compliance mappings
• Document compliance posture for PCI-DSS, SOC2, and ISO 27001
• Track compliance over time with scheduled scans
• Export findings for compliance tracking systems

Platform Teams

• Maintain consistent standards across multiple clusters
• Automate compliance validation in CI/CD pipelines
• Monitor cluster health and configuration drift
• Integrate with existing monitoring and ticketing systems

Get Started

Ready to secure your Kafka infrastructure?

• View Enterprise Features - Learn about enterprise capabilities
• Request Pricing - Contact us for enterprise pricing
• Get Support - Enterprise support options
• View Case Studies - Customer success stories

Contact Us

Have questions about KafkaGuard Enterprise?

---

Get in touch

• GitHub: KafkaGuard Releases
• Email: sales@kafkaguard.com
• Docs: Quick Start Guide

---

Next Steps:

• Enterprise Features - Detailed feature overview
• Pricing - Enterprise pricing and contact
• Support - Support options and resources
• Quick Start Guide - Get started in 5 minutes

Ready to get started? Download KafkaGuard and scan your first cluster in under 5 minutes. Download CLI | Quick Start Guide