Try For Free
Compare
Teleport vs. CyberArk
Companies evaluating Teleport and CyberArk are frequently considering how to address privileged access requirements. Privileged access refers to special access or abilities above and beyond that of a standard user, for example an database admin user or a site reliability engineer who needs access to a production server. Governance of privileged access enables businesses to secure their infrastructure, data and applications. Effective privileged access management is often a requirement for achieving compliance objectives like SOC2, ISO 27001, and FedRAMP.
Key Differences
Credentials
Uses passwords to identify users. Stores passwords in a vault.
Identity
Cryptographic identity
Generates cryptographic identity for all users, devices, machines, and resources, with secretless authentication. Embeds a certificate authority with KMS and HSM as a foundational part of the product architecture.
Credentials are the primary target of identity attacks. Cryptographic identity eliminates this attack surface.
Network
Depends on the network to connect users and resources.
Connectivity
Zero trust
Employs zero trust for each connection from a user or machine to a resource, as well as between resources.
Network access does not prevent bad actors from a breach and pivot strategies. Zero trust access reduces the blast radius, preventing bad actors from accessing other resources in the event of a breach.
Manual elevation
Enables elevation of privileged access through manual access request workflows. Elevated privileges are governed by credentials, with manual approval and revocation of access.
Privileges
Automated workflows, backed by short-lived certificates
All access to infrastructure is privileged. Teleport supports automation and configuration of approval workflows for access requests. Privileges are authorized with short-lived certificates, that protect access with cryptographic identity and that automatically expire at the specified time.
Flexibility in workflow configuration enables organizations to eliminate friction and reduce time to approval for access requests. Ephemeral privileges backed by certificates are a more secure, seamless way to govern on-demand access.
Limited
Traditional IT deployment with limited scalability.
Deployment Ease & Scalability
Highly scalable
Teleport ships with Infrastructure-as-code cloud-native high availability multi-region deployment with Helm charts, K8s operators and modern cloud managed backends - DynamoDB, RDS, CockroachDB, Firestore, Cloud and self-hosted scales to hundreds of thousands ephemeral resources and many regions.
Teleport is designed for large-scale, cloud-native multi-region deployments in modern cloud and self-hosted environments.
Limited
Supports common IAM apps used in IT.
Supported Infrastructure
Broad
Supports 170+ different types of infrastructure resources, like Kubernetes, Cloud CLIs with AWS IAM, GCP and Azure support and modern cloud databases (e.g Amazon RDS, AWS DynamoDB, AWS Aurora, GCP Cloud SQL MySQL, GCP Cloud SQL PostgreSQL, Microsoft Azure PostgreSQL, Microsoft Azure MySQL, Azure Cache for Redis and many more).
Teleport is designed for modern compute infrastructure, supporting diverse access needs including SSH, databases, clouds, Kubernetes, applications, and Windows.
Impedes Productivity
Manual access request process and credential handling interferes with preferred developer workflows.
Developer Experience
Improves productivity
Integrates seamlessly with developer workflows and DevOps tools and eliminates the need to monitor different access paths and credentials, improving productivity,
Teleport eliminates the need to remember access paths or credentials, interfacing seamlessly with preferred developer tools and workflows.
Offers CIEM features
Companies that want to add identity security need to integrate additional technologies. Offers cloud entitlement management for AWS, GCP, Azure, with preferred developer workflows.
Governance
Unified access, identity and policy platform
Teleport offers built-in governance with Teleport Identity and Teleport Policy. Teleport policy integrates with AWS, with a developer-friendly SQL interface, with built-in threat response.
Teleport is a unified platform addressing both access and governance needs. Teleport provides a user-friendly visual mapping of access relationships, which can be queried using standard SQL.
Teleport's Unique Features
Dual Authorization
Workflows that requires the approval of multiple team members to perform some critical actions.
Kernel-level logging
By using eBPF, Teleport enhanced session recording doesn’t just record what happens in the terminal, which can be obfuscated, but what happens down the kernel level.
Per-session MFA
Teleport supports requiring additional multi-factor authentication checks when starting a new session to protect users against compromises of their on-disk Teleport certificates. One of many extra options as part of Teleport role-based access control system, along with Device Trust and IP Pinning.
Session Moderation
Requires one or more other users to be present in a session. Depending on the requirements, these users can observe the session in real-time, participate in the session and terminate the session at will.
Session Locking
System administrators can disable a compromised user or node — or prevent access during cluster maintenance — by placing a lock on a session, user or host identity using Teleport’s API.
Strict session recordings
Administrators can optionally elect to terminate ssh sessions if there is a problem with a recording, such as a full disk error.
Common Features
Device verification
Teleport Device Trust requires that only registered devices can be used to access infrastructure resources.
SSO Support
Teleport offers a range of support for SAML and OIDC SSO Providers. Including Okta, GitHub, Microsoft Azure AD and Google Workspace.
Full Identity-provider
Teleport can be used as a complete replacement for existing identity management tools. As an SSO SAML identity provider, Teleport can be used by teams as an identity provider to access internal and Saas apps.
Conclusion
Teleport is purpose-built for modern compute infrastructure that is growing exponentially in complexity and scale. Teleport supports on-demand, least privileged access on a foundation of cryptographic identity and zero trust, with built-in identity security and policy governance. Teleport supports more than 170 different types of infrastructure technologies, and interfaces with the preferred tooling and workflows of DevOps engineers, delivering a win/win for infrastructure security and infrastructure operations teams.
Start your free 14-day Trial of Teleport here.
