elastic · shainaraskas · Jun 6, 2025 · Jun 9, 2025 · Jun 14, 2025 · Jun 14, 2025
@@ -1,7 +1,9 @@
 {{ecloud}} has built-in security. For example, HTTPS communications between {{ecloud}} and the internet, as well as inter-node communications, are secured automatically, and cluster data is encrypted at rest.
 
+In both {{ech}} amd {{serverless-full}}, you can also configure [IP filtering network security policies](?) to prevent unauthorized access to your deployments and projects.
+
 In {{ech}}, you can augment these security features in the following ways:
-* Configure [traffic filtering](/deploy-manage/security/traffic-filtering.md) to prevent unauthorized access to your deployments.
+* [Configure private connections and apply VCPE filtering](/deploy-manage/security/traffic-filtering.md) to prevent unauthorized access to your deployments.
 * Encrypt your deployment with a [customer-managed encryption key](/deploy-manage/security/encrypt-deployment-with-customer-managed-encryption-key.md).
 * [Secure your settings](/deploy-manage/security/secure-settings.md) using {{es}} and {{kib}} keystores.
 * Use the list of [{{ecloud}} static IPs](/deploy-manage/security/elastic-cloud-static-ips.md) to allow or restrict communications in your infrastructure.

@@ -18,6 +18,7 @@ products:
   - id: cloud-kubernetes
   - id: cloud-enterprise
   - id: cloud-hosted
+  - id: cloud-serverless
 ---
 
 # Security

@@ -3,5 +3,5 @@
   * **The transport layer**: Used mainly for inter-node communications, and in certain cases for cluster to cluster communication.
   * In self-managed {{es}} clusters, you can also [Configure {{kib}} and {{es}} to use mutual TLS](/deploy-manage/security/kibana-es-mutual-tls.md).
 * [Enable cipher suites for stronger encryption](/deploy-manage/security/enabling-cipher-suites-for-stronger-encryption.md): The TLS and SSL protocols use a cipher suite that determines the strength of encryption used to protect the data. You may want to enable the use of additional cipher suites, so you can use different cipher suites for your TLS communications or communications with authentication providers.
-* [Restrict connections using traffic filtering](/deploy-manage/security/traffic-filtering.md): Traffic filtering allows you to limit how your deployments can be accessed. Add another layer of security to your installation and deployments by restricting inbound traffic to only the sources that you trust. Restrict access based on IP addresses or CIDR ranges, or, in {{ech}} deployments, secure connectivity through AWS PrivateLink, Azure Private Link, or GCP Private Service Connect.
+* [Secure your network using IP filtering and private connections](/deploy-manage/security/traffic-filtering.md): Network security allows you to limit how your deployments can be accessed. Add another layer of security to your installation and deployments by restricting inbound traffic to only the sources that you trust. Restrict access based on IP addresses or CIDR ranges, or, in {{ech}} deployments, secure connectivity through AWS PrivateLink, Azure Private Link, or GCP Private Service Connect.
 * [Allow or deny {{ech}} IP ranges](/deploy-manage/security/elastic-cloud-static-ips.md): {{ecloud}} publishes a list of IP addresses used by its {{ech}} services for both incoming and outgoing traffic. Users can use these lists to configure their network firewalls as needed to allow or restrict traffic related to {{ech}} services.
@@ -19,8 +19,8 @@ Select your deployment type below to see what's available and how implementation
 |------------------|------------|--------------|-------------|
 | **Communication** | TLS (HTTP layer) | Fully managed | Automatically configured by Elastic |
 | | TLS (Transport layer) | Fully managed | Automatically configured by Elastic |
-| **Network** | IP traffic filtering | Configurable | [Configure IP-based access restrictions](/deploy-manage/security/ip-filtering-cloud.md) |
-| | Private link | Configurable | [Establish a secure VPC connection](/deploy-manage/security/private-link-traffic-filters.md) |
+| **Network** | IP filtering | Configurable | [Configure IP-based access restrictions](/deploy-manage/security/ip-filtering-cloud.md) |
+| | Private connections and VPC filtering | Configurable | [Establish a secure VPC connection](/deploy-manage/security/private-link-traffic-filters.md) |
 | | Kubernetes network policies | N/A |  |
 | **Data** | Encryption at rest | Managed | You can [bring your own encryption key](/deploy-manage/security/encrypt-deployment-with-customer-managed-encryption-key.md) |
 | | Secure settings | Configurable | [Configure secure settings](/deploy-manage/security/secure-settings.md) |
@@ -36,8 +36,8 @@ Select your deployment type below to see what's available and how implementation
 |------------------|------------|--------------|-------------|
 | **Communication** | TLS (HTTP layer) | Fully managed | Automatically configured by Elastic |
 | | TLS (Transport layer) | Fully managed | Automatically configured by Elastic |
-| **Network** | IP traffic filtering | N/A | |
-| | Private link | N/A |  |
+| **Network** | IP filtering | Configurable | [Configure IP-based access restrictions](/deploy-manage/security/ip-filtering-cloud.md) |
+| | Private connections and VPC filtering | N/A |  |
 | | Kubernetes network policies | N/A |  |
 | **Data** | Encryption at rest | Fully managed | Automatically encrypted by Elastic |
 | | Secure settings | N/A |  |
@@ -53,8 +53,8 @@ Select your deployment type below to see what's available and how implementation
 |------------------|------------|--------------|-------------|
 | **Communication** | TLS (HTTP layer) | Managed | You can [configure custom certificates](/deploy-manage/security/secure-your-elastic-cloud-enterprise-installation/manage-security-certificates.md) |
 | | TLS (Transport layer) | Fully managed | Automatically configured by Elastic |
-| **Network** | IP traffic filtering | Configurable | [Configure IP-based access restrictions](/deploy-manage/security/ip-filtering-cloud.md) |
-| | Private link | N/A |  |
+| **Network** | IP filtering | Configurable | [Configure IP-based access restrictions](/deploy-manage/security/ip-filtering-cloud.md) |
+| | Private connections and VPC filtering | N/A |  |
 | | Kubernetes network policies | N/A |  |
 | **Data** | Encryption at rest | N/A |  |
 | | Secure settings | Configurable | [Configure secure settings](/deploy-manage/security/secure-settings.md) |
@@ -70,8 +70,8 @@ Select your deployment type below to see what's available and how implementation
 |------------------|------------|--------------|-------------|
 | **Communication** | TLS (HTTP layer) | Managed | [Multiple options](/deploy-manage/security/k8s-https-settings.md) for customization |
 | | TLS (Transport layer) | Managed | [Multiple options](/deploy-manage/security/k8s-transport-settings.md) for customization |
-| **Network** | IP traffic filtering | Configurable | [Configure IP-based access restrictions](/deploy-manage/security/ip-filtering-basic.md) |
-| | Private link | N/A |  |
+| **Network** | IP filtering | Configurable | [Configure IP-based access restrictions](/deploy-manage/security/ip-filtering-basic.md) |
+| | Private connections and VPC filtering | N/A |  |
 | | Kubernetes network policies | Configurable | [Apply network policies to your Pods](/deploy-manage/security/k8s-network-policies.md) |
 | **Data** | Encryption at rest | N/A |  |
 | | Secure settings | Configurable | [Configure secure settings](/deploy-manage/security/k8s-secure-settings.md) |
@@ -88,8 +88,8 @@ Select your deployment type below to see what's available and how implementation
 |------------------|------------|--------------|-------------|
 | **Communication** | TLS (HTTP layer) | Configurable | Can be automatically or manually configured. See [Initial security setup](/deploy-manage/security/self-setup.md) |
 | | TLS (Transport layer) | Configurable | Can be automatically or manually configured. See [Initial security setup](/deploy-manage/security/self-setup.md) |
-| **Network** | IP traffic filtering | Configurable | [Configure IP-based access restrictions](/deploy-manage/security/ip-filtering-basic.md) |
-| | Private link | N/A |  |
+| **Network** | IP filtering | Configurable | [Configure IP-based access restrictions](/deploy-manage/security/ip-filtering-basic.md) |
+| | Private connections and VPC filtering | N/A |  |
 | | Kubernetes network policies | N/A |  |
 | **Data** | Encryption at rest | N/A |  |
 | | Keystore security | Configurable | [Configure secure settings](/deploy-manage/security/secure-settings.md) |

@@ -1,3 +1,3 @@
 :::{tip}
-Elastic recommends that you use Kubernetes network policies over IP traffic filters for {{eck}}. This is because, in containerized environments like Kubernetes, IP addresses are usually dynamic, making network policies a more robust option.
+Elastic recommends that you use Kubernetes network policies over IP filters for {{eck}}. This is because, in containerized environments like Kubernetes, IP addresses are usually dynamic, making network policies a more robust option.
 :::