ZERO TRUST ACCESS
Secretless SSH Access
SSH into servers running anywhere, from clouds and data centers to third party private networks behind NAT and firewalls.
Teleport allows us to comply with the regulatory hurdles that come with running an international stock exchange. The use of bastion hosts, integration with our identity service and auditing capabilities give us a compliant way to access our internal infrastructure.
Brendan Germain
Systems Reliability Engineer
CHALLENGES
OT and industrial control
Oil wellheads, grid-connected energy systems, and industrial control infrastructure where uptime and safety are paramount and legacy protocols are in use.
Eliminate key rotation overhead
Centralizes management of SSH access
Eliminates SSH key sprawl
Adheres to company security policy while eliminating overhead of SSH key management
SSH keys go unmanaged
SSH key sprawl results when engineers create and store static credentials in ungoverned ways. Engineers may set up key pairs, which remain at the conclusion of a project or when engineers leave the company.
Eliminate static credentials and secrets altogether
Teleport eliminates static and shared credentials. Users and services authenticate to Teleport through physical world attributes (biometrics for humans, and secure enclaves for machines). SSH key creation and management becomes a thing of the past.
SSH key pairs are often shared
Engineers need to get their products to market or resolve issues quickly. So, they might share credentials to make life easier. However, sharing credentials means companies lose visibility of who did what in their infrastructure.
Make SSH access fully auditable
Teleport eliminates shared credentials, granting access based on the identity and authorization of the individual requesting the access, with actions preserved with session recording.
Most privileged is often the default
Engineers may implement broad default privileges for convenience, which creates an attack surface that can be easily exploited.
Least privileged access hardens security
JIT access requests for servers
Per-session MFA for accessing critical resources
Identify weak access patterns or require access from specified trusted devices
Activity is difficult to trace
Many companies report that it is challenging to figure out who has access to what in their infrastructure, and time-consuming to conduct forensic analysis for compliance or breach remediation.
Make audits or forensic investigation a breeze
See what's happening and who is responsible with the live session views, recorded sessions, and the audit for filesystem changes, data transfers, and command executions. Pass audits easily with ready access to fine-grained data.
Secure, On-Demand Access to Infrastructure
- Granular Access Control: Get precise definitions of roles and permissions, ensuring users have only the access they need.
- Unified Access Management: Provide centralized control over access to all Kubernetes clusters, simplifying management and improving security posture.
- Auditable Access: Log all access events for a comprehensive audit trail.
- Secure Authentication: Integrate with Single Sign-On (SSO) and multi-factor authentication (MFA).
- Session Recording: Record all user sessions within the Kubernetes clusters, for real-time monitoring and forensic analysis.