As part of version 9 of its open source access management platform, Teleport is looking to treat human and machine access in the same way to create more secure infrastructure and applications. Credit: Natali Mis / Getty Images Teleport, an open-source platform designed to provide zero trust access management for servers and cloud applications, has announced the availability of Teleport 9, the latest version of its unified access plane. The latest version features a new feature, called Machine ID, which delivers identity-based access and audit for infrastructure resources like servers and databases, CI/CD automation, service accounts, and custom code in microservices-based applications. With Machine ID, Teleport aims to consolidate identity-based credentials for engineers and their applications, closing the sort of security loopholes that can compromise key infrastructure and code. “Just as a contract developer should not be able to access production environments using a shared credential that masks their identity, neither should a CI/CD worker or a microservice have access to more than the minimum set of resources needed,” said Ev Kontsevoy, CEO and cofounder of Teleport. “By providing a unified identity-aware access solution that both humans and machines can use, Teleport Machine ID enables organizations to easily implement security and compliance without worrying about backdoors that outmoded solutions encourage.” Teleport is aiming to help organizations move beyond perimeter security approaches to machine-to-machine access using hardcoded shared credentials like passwords and API keys. Instead, it looks to automate Certificate Authority (CA), to programmatically issue and renew SSH and X.509 short-lived certificates. Machine ID “vastly simplifies certificate management for IT infrastructure, just as Let’s Encrypt simplified website certificates,” Kontsevoy said. Teleport 9 adds Desktop Access and new database access features Teleport combines Secure Shell Protocol (SSH), Kubernetes, and HTTPs technology to provide secure access to servers, Kubernetes clusters, applications, and databases, complete with an audit log. The events collected include authentication attempts, file transfers, network connections, and file system changes made during an SSH session.In addition to Machine ID, Teleport 9 includes a Desktop Access option, allowing users to access and audit Windows servers and desktops, including Windows session recordings, Clipboard copy-and-paste, and multi-factor authentication. Teleport 9 now also supports database access for Redis, MariaDB, and Microsoft SQL Server, as well as an auto-discovery capability for Amazon Redshift clusters to onboard new Redshift instances without manual registration. “Teleport has significantly upgraded their flagship product,” says Gary McAlum, senior analyst at TAG Cyber. “Machine ID simplifies and automates a scalable approach to access digital certificate management. Additionally, improved compliance reporting for the Windows environment should also be well-received by the audit teams.” Related content news analysis Water system attacks spark calls for cybersecurity regulation The Iranian CyberAv3ngers group’s simplistic exploitation of Unitronics PLCs highlights the cybersecurity weaknesses in US water utilities, the need to get devices disconnected from the internet, and renewed interest in regulation. By Cynthia Brumfield Dec 11, 2023 11 mins Regulation Cyberattacks Critical Infrastructure feature Accenture takes an industrialized approach to safeguarding its cloud controls Security was once a hindrance for Accenture developers. But since centralizing the company's compliance controls, the process has never been simpler. By Aimee Chanthadavong Dec 11, 2023 8 mins Application Security Cloud Security Compliance news analysis LogoFAIL attack can inject malware in the firmware of many computers Researchers have shown how attackers can deliver malicious code into the UEFI of many PCs though BIOS splash screen graphics. By Lucian Constantin Dec 08, 2023 8 mins Malware Vulnerabilities news Google expands minimum security guidelines for third-party vendors Google's updated Minimum Viable Secure Product (MVSP) program offers advice for working with researchers and warns against vendors charging extra for basic security features. By John P. Mello Jr. Dec 08, 2023 4 mins Application Security Supply Chain Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe