Apache Kafka has become the de facto message broker for event-driven microservice architectures, such as the SMACK stack. Kafka natively provides basic security features such as Java SSL, Kerberos/SASL, and simple ACLs. However, as we move into dynamic microservice environments with multiple tenants and clusters, native mechanisms can be difficult to operationalize and inadequate in regulated environments.

The Banyan Secure Service Mesh platform provides deep visibility and security controls for Kafka in such ephemeral, polyglot, security-conscious environments. We enable enterprises meet their security and compliance requirements without compromising development velocity or performance.

Transparent, Secure
mTLS encryption

Encrypt data-in-motion between Kafka clients, brokers, and zookeeper, with zero changes to code/configs and secure certificate management

access controls

Use intuitive RBAC/ABAC, topic-level policies to provide leased access for short periods to specific producers and consumers

High performance

Leverage optimizations for high-speed TLS to achieve better than Java native SSL performance.


Visualize real-time and historical data via network maps and generate alerts to protect against security threats.

Integration with
container platforms

Leverage Banyan's connectors to Kubernetes, Mesos, and Docker clusters to easily control ephemeral containers accessing Kafka.

Audit trails and

Use Banyan's events stream to create audit logs and generate GDPR, PCI-DSS, FIPS, and SOC compliance reports.

"We use Kafka extensively for microservices messaging, but security has been a major problem. Banyan provides a real benefit in being able to insert and control security at the infrastructure layer without being so dependent on applications level changes."
Head of Security, Global Technology Company

Banyan seamlessly integrates with Kafka distros and vendors