Infrastructure access management company Teleport has released Teleport 13, the newest version of its Teleport Access Platform. The new release includes automatic scanning and patching capabilities designed to enhance security and decrease operational overhead for DevOps teams responsible for securing cloud infrastructure. The solution targets attackers that focus on user credentials and other forms of secrets and is ideal for users that adopt the Teleport Open Source edition but do not want to host it themselves.
Patch management is a significant challenge for many organizations, and the time and resources required to identify and patch vulnerabilities can be substantial. In Q1 2023, threat actors exploited almost 7,000 new CVEs in addition to older vulnerabilities in unpatched systems, according to the Reliaquest Quarterly Cyber-Threat Report. Privilege escalation was the most exploited vulnerability type, surpassing memory corruption, the leader in Q4 2022.
Teleport 13 offers regular vulnerability testing and self-updating and patching across the entire infrastructure. This feature eliminates the need for security teams to seek vulnerabilities and manually patch them. Automatic updates also allow developers to configure a maintenance window to control when agents are updated. Thus, reducing the need for manual intervention and overhead while increasing security.
“The patching and upgrading process automatically upgrades agents upon the release of new security updates, compatible with system-based Linux distributions using either apt or yum package managers, and Kubernetes clusters,” said Ev Kontsevoy, CEO and co-founder of Teleport. “Automatic updates have an optional system service that’ll update the service for the user. This service can be used to perform dry-runs and manage update state. On-prem hosts their own version server and declare the cluster maintenance configuration manually – this determines when they want the agent updated.”
Setting up automatic updates is a two-step process. The first step is creating release channel files. A release channel contains two pieces of information: the targeted version and if the update is critical. Updaters subscribe to a release channel and will update to the provided version during a maintenance window if possible. The second is configuring the maintenance schedule. Agents can retrieve the maintenance schedule from the Teleport cluster and pass it to the updater. In this step, users configure the maintenance schedule for the whole cluster.
Teleport 13 also introduces support for server and Kubernetes access through application load balancers in TLS routing mode. In this mode, the Teleport proxy multiplexes all client connections on a single TLS port, simplifying network configurations. Support for application load balancers allows customers to leverage load balancing at scale in AWS, automatically distributing incoming traffic across multiple targets.
Additionally, Teleport 13 adds the ability to import applications and groups from Okta to application access and AWS OpenSearch support for database access. The former makes it easier to manage access to Okta web apps without manual configuration and setup, while the latter makes searching and analyzing large databases more secure.
Furthermore, Teleport 13 users can export Windows desktop session recordings to video format for offline playback. This feature allows them to view and share sessions with security teams and external auditors.
In summary, Teleport 13 provides enhanced security and decreased operational overhead for DevOps teams responsible for securing cloud infrastructure. With regular vulnerability testing and automatic self-updating and patching, users can focus on application development and innovation without compromising security. Overall, Teleport 13’s features will provide organizations with an effective solution to the challenge of patch management.