As part of version 9 of its open source access management platform, Teleport is looking to treat human and machine access in the same way to create more secure infrastructure and applications. Credit: Natali Mis / Getty Images Teleport, an open-source platform designed to provide zero trust access management for servers and cloud applications, has announced the availability of Teleport 9, the latest version of its unified access plane. The latest version features a new feature, called Machine ID, which delivers identity-based access and audit for infrastructure resources like servers and databases, CI/CD automation, service accounts, and custom code in microservices-based applications. With Machine ID, Teleport aims to consolidate identity-based credentials for engineers and their applications, closing the sort of security loopholes that can compromise key infrastructure and code. “Just as a contract developer should not be able to access production environments using a shared credential that masks their identity, neither should a CI/CD worker or a microservice have access to more than the minimum set of resources needed,” said Ev Kontsevoy, CEO and cofounder of Teleport. “By providing a unified identity-aware access solution that both humans and machines can use, Teleport Machine ID enables organizations to easily implement security and compliance without worrying about backdoors that outmoded solutions encourage.” Teleport is aiming to help organizations move beyond perimeter security approaches to machine-to-machine access using hardcoded shared credentials like passwords and API keys. Instead, it looks to automate Certificate Authority (CA), to programmatically issue and renew SSH and X.509 short-lived certificates. Machine ID “vastly simplifies certificate management for IT infrastructure, just as Let’s Encrypt simplified website certificates,” Kontsevoy said. Teleport 9 adds Desktop Access and new database access features Teleport combines Secure Shell Protocol (SSH), Kubernetes, and HTTPs technology to provide secure access to servers, Kubernetes clusters, applications, and databases, complete with an audit log. The events collected include authentication attempts, file transfers, network connections, and file system changes made during an SSH session.In addition to Machine ID, Teleport 9 includes a Desktop Access option, allowing users to access and audit Windows servers and desktops, including Windows session recordings, Clipboard copy-and-paste, and multi-factor authentication. Teleport 9 now also supports database access for Redis, MariaDB, and Microsoft SQL Server, as well as an auto-discovery capability for Amazon Redshift clusters to onboard new Redshift instances without manual registration. “Teleport has significantly upgraded their flagship product,” says Gary McAlum, senior analyst at TAG Cyber. “Machine ID simplifies and automates a scalable approach to access digital certificate management. Additionally, improved compliance reporting for the Windows environment should also be well-received by the audit teams.” Related content news Okta launches Cybersecurity Workforce Development Initiative New philanthropic and educational grants aim to advance inclusive pathways into cybersecurity and technology careers. By Michael Hill Oct 04, 2023 3 mins IT Skills IT Skills IT Skills news New critical AI vulnerabilities in TorchServe put thousands of AI models at risk The vulnerabilities can completely compromise the AI infrastructure of the world’s biggest businesses, Oligo Security said. By Shweta Sharma Oct 04, 2023 4 mins Vulnerabilities news ChatGPT “not a reliable” tool for detecting vulnerabilities in developed code NCC Group report claims machine learning models show strong promise in detecting novel zero-day attacks. By Michael Hill Oct 04, 2023 3 mins DevSecOps Generative AI Vulnerabilities news Google Chrome zero-day jumps onto CISA's known vulnerability list A serious security flaw in Google Chrome, which was discovered under active exploitation in the wild, is a new addition to the Cybersecurity and Infrastructure Agency’s Known Exploited vulnerabilities catalog. By Jon Gold Oct 03, 2023 3 mins Zero-day vulnerability Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe