Teleport’s new offering to help reduce attack response times

Cloud infrastructure and access management firm Teleport announced that it is adding a new identity governance and security offering to its identity-native infrastructure access management platform, which is designed to protect enterprises from privileged access cyberattacks.

Teleport identity governance and security, the company said, will help reduce attack response times by providing customers a control plane mapped with every access point and identity used in the organization.

"The launch of Teleport Identity Governance and Security comes as cloud cyberattack patterns are in a state of flux," said the company in a press statement. Attackers shifting focus to "exploiting cloud users and service credentials has left organizations of all sizes without a unified solution that controls and manages identities across all users, services, and protocols."

The new offering is already available as an add-on to the existing "enterprise" subscription to the platform.

New offering auto-provision access

Teleport identity governance and security offering is designed to replace the mix of credentials-based authorization methods organizations heavily use today with password-less and certificate-based access. According to the company, this allows detailed auditing and session recording with fine-grained authorization down to a single container or device.

"We've long known that passwords are an insecure form of authentication. That's why the industry is rapidly transitioning to passwordless authentication," said Jack Poller, an analyst at ESG. "Whether biometrics such as facial and fingerprint recognition used by iOS and Android devices and Windows Hello, or FIDO passkeys, or certificate-based, passwordless authentication is generally considered to be phishing-resistant."

Owing to this capability, the new offering features the ability to auto-provision access for pre-determined time slots. This includes automating access requests for the security teams for various services and integrations like Okta groups, AWS, databases, and Kubernetes clusters.

Access automatically expiring after a pre-defined time shortens the access window to reduce the risk of a breach, thereby limiting the attack surface area, according to Teleport.

Add-on aids in incident detection and response

Identity governance through the new offering will offer central visibility of the entire access plane, enabling teams to chart out potential weak points and address those issues.

"Teleport Identity Governance and Security can help alleviate the risk of shadow identity exploitation by providing the requisite visibility of all identities and access points throughout the environment. With visibility comes control and security," Poller said.

The ability further allows teams to take immediate action by locking suspicious or compromised identities and stopping them in their tracks, across the entire organizational infrastructure, Teleport added.

Poller appreciated Teleport's attempt at password-less access and said it is a necessity in changing times. "Teleport's use of certificate-based authentication is an important step in improving security and reducing organizational risks of attack via social engineering, password reuse, and other authentication attacks," he added.