The identity governance and security offering will automate access requests, detect weak access patterns, and help with incident response. Credit: Jacob Lund / Shutterstock Cloud infrastructure and access management firm Teleport announced that it is adding a new identity governance and security offering to its identity-native infrastructure access management platform, which is designed to protect enterprises from privileged access cyberattacks. Teleport identity governance and security, the company said, will help reduce attack response times by providing customers a control plane mapped with every access point and identity used in the organization. “The launch of Teleport Identity Governance and Security comes as cloud cyberattack patterns are in a state of flux,” said the company in a press statement. Attackers shifting focus to “exploiting cloud users and service credentials has left organizations of all sizes without a unified solution that controls and manages identities across all users, services, and protocols.” The new offering is already available as an add-on to the existing “enterprise” subscription to the platform. New offering auto-provision access Teleport identity governance and security offering is designed to replace the mix of credentials-based authorization methods organizations heavily use today with password-less and certificate-based access. According to the company, this allows detailed auditing and session recording with fine-grained authorization down to a single container or device. “We’ve long known that passwords are an insecure form of authentication. That’s why the industry is rapidly transitioning to passwordless authentication,” said Jack Poller, an analyst at ESG. “Whether biometrics such as facial and fingerprint recognition used by iOS and Android devices and Windows Hello, or FIDO passkeys, or certificate-based, passwordless authentication is generally considered to be phishing-resistant.” Owing to this capability, the new offering features the ability to auto-provision access for pre-determined time slots. This includes automating access requests for the security teams for various services and integrations like Okta groups, AWS, databases, and Kubernetes clusters. Access automatically expiring after a pre-defined time shortens the access window to reduce the risk of a breach, thereby limiting the attack surface area, according to Teleport. Add-on aids in incident detection and response Identity governance through the new offering will offer central visibility of the entire access plane, enabling teams to chart out potential weak points and address those issues. “Teleport Identity Governance and Security can help alleviate the risk of shadow identity exploitation by providing the requisite visibility of all identities and access points throughout the environment. With visibility comes control and security,” Poller said. The ability further allows teams to take immediate action by locking suspicious or compromised identities and stopping them in their tracks, across the entire organizational infrastructure, Teleport added. Poller appreciated Teleport’s attempt at password-less access and said it is a necessity in changing times. “Teleport’s use of certificate-based authentication is an important step in improving security and reducing organizational risks of attack via social engineering, password reuse, and other authentication attacks,” he added. Related content news CISA, FBI urge developers to patch path traversal bugs before shipping The advisory highlights how developers can follow best practices to fix these vulnerabilities during production. By Shweta Sharma May 03, 2024 3 mins Vulnerabilities news Microsoft continues to add, shuffle security execs in the wake of security incidents The company has appointed new product security chiefs as well as a customer-facing CISO as it continues to respond to high-profile attacks on its products and own network. By Elizabeth Montalbano May 03, 2024 4 mins CSO and CISO feature Malware explained: How to prevent, detect and recover from it What are the types of malware? How does malware spread? How do you know if you’re infected? We've got answers. By Josh Fruhlinger May 03, 2024 18 mins Ransomware Phishing Malware brandpost Sponsored by Cyber NewsWire LayerX Security Raises $26M for its Browser Security Platform, Enabling Employees to Work Securely from Any Browser, Anywhere Early adoption by Fortune 100 companies worldwide, LayerX already secures more users than any other browser security solution and enables unmatched security, performance and experience By Cyber NewsWire May 02, 2024 4 mins Cyberattacks Security PODCASTS VIDEOS RESOURCES EVENTS SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe