Teleport releases Teleport 13 with automatic vulnerability patching, enhanced DevOps security

Infrastructure access management company Teleport has announced the release of Teleport 13, the latest version of its Teleport Access Platform. Teleport 13 features scanning and automatic patching of Teleport vulnerabilities to enhance security and reduce operational overhead for DevOps teams responsible for securing cloud infrastructure, the firm said.

The solution aims to address the targeting of user credentials and other forms of secrets by attackers and is ideal for users that adopt the Teleport Open Source edition but do not want to host it themselves, according to Teleport.

Other features include Transport Layer Security (TLS) routing via a single TLS port and the ability to import applications/groups from Okta to application access and AWS OpenSearch support for secure database access. Users can also view and share Windows desktop session recordings with security teams and external auditors.

Maintenance window option eliminates manual patching

Teleport 13 offers regular vulnerability testing and self-updating and patching across the entire infrastructure, Teleport said in a press release. This feature eliminates the need for security teams to seek vulnerabilities and manually patch them, while automatic updates also allow developers to configure a maintenance window to control when agents are updated, the firm added.

“The patching and upgrading process automatically upgrades agents upon the release of new security updates, compatible with system-based Linux distributions using either apt or yum package managers, and Kubernetes clusters,” Ev Kontsevoy, CEO and co-founder of Teleport, tells CSO. “Automatic updates have an optional system service that’ll update the service for the user. This service can be used to perform dry-runs and manage update state. On-prem hosts their own version server and declare the cluster maintenance configuration manually – his determines when they want the agent updated.”

Setting up automatic updates is a two-step process, Kontsevoy says. First is creating release channel files. “A release channel contains two pieces of information: the targeted version and if the update is critical. Updaters subscribe to a release channel and will update to the provided version during a maintenance window if possible.” Second is configuring the maintenance schedule. “Agents can retrieve the maintenance schedule from the Teleport cluster and pass it to the updater. In this step users configure the maintenance schedule for the whole cluster.” Teleport can then be leveraged by teams to patch services for them if requested, as Teleport provides unified access to that infrastructure, Kontsevoy ads.

Patch management a significant challenge for organizations

Patch management is a vital yet often challenging security component for a lot of organizations, exacerbated by an ever-expanding attack surface generated by increasing applications, endpoints, and networks. The time and resources required to identify and patch vulnerabilities can be significant, with ineffective patching processes potentially exposing organizations to serious vulnerabilities for substantial periods of time. In Q1 2023, threat actors exploited almost 7,000 new CVEs in addition to older vulnerabilities in unpatched systems, according to the Reliaquest Quarterly Cyber-Threat Report. Privilege escalation was the most exploited vulnerability type, surpassing memory corruption (the leader in Q4 2022).

TLS routing, Okta/AWS integrations, offline Windows desktop session recordings

Teleport 13 also introduces support for server and Kubernetes access through application load balancers in TLS routing mode, in which the Teleport proxy multiplexes all client connections on a single TLS port. This simplifies network configurations while support for application load balancers allows customers to leverage load balancing at scale in AWS, automatically distributing incoming traffic across multiple targets, according to Teleport.

As for new integrations, Teleport 13 adds the ability to import applications and groups from Okta to application access and AWS OpenSearch support for database access. The former makes it easier to manage access to Okta web apps without manual configuration and setup, while the latter makes searching and analyzing large databases more secure, Teleport said.

Furthermore, Teleport 13 users can export Windows desktop session recordings to video format for offline playback, allowing them to view and share sessions with security teams and external auditors.