The identity governance and security offering will automate access requests, detect weak access patterns, and help with incident response. Credit: Jacob Lund / Shutterstock Cloud infrastructure and access management firm Teleport announced that it is adding a new identity governance and security offering to its identity-native infrastructure access management platform, which is designed to protect enterprises from privileged access cyberattacks. Teleport identity governance and security, the company said, will help reduce attack response times by providing customers a control plane mapped with every access point and identity used in the organization. “The launch of Teleport Identity Governance and Security comes as cloud cyberattack patterns are in a state of flux,” said the company in a press statement. Attackers shifting focus to “exploiting cloud users and service credentials has left organizations of all sizes without a unified solution that controls and manages identities across all users, services, and protocols.” The new offering is already available as an add-on to the existing “enterprise” subscription to the platform. New offering auto-provision access Teleport identity governance and security offering is designed to replace the mix of credentials-based authorization methods organizations heavily use today with password-less and certificate-based access. According to the company, this allows detailed auditing and session recording with fine-grained authorization down to a single container or device. “We’ve long known that passwords are an insecure form of authentication. That’s why the industry is rapidly transitioning to passwordless authentication,” said Jack Poller, an analyst at ESG. “Whether biometrics such as facial and fingerprint recognition used by iOS and Android devices and Windows Hello, or FIDO passkeys, or certificate-based, passwordless authentication is generally considered to be phishing-resistant.” Owing to this capability, the new offering features the ability to auto-provision access for pre-determined time slots. This includes automating access requests for the security teams for various services and integrations like Okta groups, AWS, databases, and Kubernetes clusters. Access automatically expiring after a pre-defined time shortens the access window to reduce the risk of a breach, thereby limiting the attack surface area, according to Teleport. Add-on aids in incident detection and response Identity governance through the new offering will offer central visibility of the entire access plane, enabling teams to chart out potential weak points and address those issues. “Teleport Identity Governance and Security can help alleviate the risk of shadow identity exploitation by providing the requisite visibility of all identities and access points throughout the environment. With visibility comes control and security,” Poller said. The ability further allows teams to take immediate action by locking suspicious or compromised identities and stopping them in their tracks, across the entire organizational infrastructure, Teleport added. Poller appreciated Teleport’s attempt at password-less access and said it is a necessity in changing times. “Teleport’s use of certificate-based authentication is an important step in improving security and reducing organizational risks of attack via social engineering, password reuse, and other authentication attacks,” he added. Related content news Did hackers steal 33TB of data from the Federal Reserve? The central banking system is allegedly negotiating with the ransomware gang LockBit to restore 33 terabytes of confidential banking data. By Shweta Sharma Jun 25, 2024 4 mins Data Breach Hacker Groups feature 6 ways the CISO role is evolving today Top IT security execs are rising in prominence, increasing their business acumen, and branching into new arenas, as they become the company’s key purveyor of trust. By Esther Shein Jun 25, 2024 12 mins CSO and CISO Careers IT Leadership news US investigates China Mobile, China Telecom, and China Unicom over data misuse concerns The latest action reflects the administration’s ongoing approach to regulating Chinese companies that access sensitive data for business operations in the US. By Prasanth Aby Thomas Jun 25, 2024 1 min Data Privacy Telecommunications Industry opinion Evaluating crisis experience in CISO hiring: What to look for and look out for Here’s what psychology tells us about having crisis experience, a critical and oft-overlooked variable that shapes the cybersecurity employee supply chain — and it’s not what you might expect. By Christopher Whyte Jun 25, 2024 8 mins CSO and CISO Human Resources Security Practices PODCASTS VIDEOS RESOURCES EVENTS SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe