Teleport recently introduced a major update to its platform that provides security teams with unprecedented insight into how identities behave as they move across identity provider, code, Cloud, and infrastructure environments.
With this latest release, Teleport Identity Security becomes reportedly the first solution to solve this with full identity chain observability: a real-time view of every step an identity takes as it traverses technology platforms, including authentication, role and privileges, developer code, and infrastructure actions. Together, these features give security teams the ability to accelerate incident response by spotting and responding to risky activity within minutes, instead of spending hours stitching together fragmented logs or building custom correlation rules.
“Identity is now the leading attack vector, but most cybersecurity products see only a part of the picture,” said Ev Kontsevoy, CEO of Teleport. “Teleport connects the dots, letting security teams detect risky behaviour across fragmented systems in real time and accelerate intervention.”
Currently, identities are fragmented across different tools, such as identity providers (like Okta), cloud services (like AWS), developer platforms (like GitHub), and infrastructure resources (databases, servers, Kubernetes, workloads). These siloed identity interactions typically get tracked in siloed logs, impeding the ability to answer crucially important questions such as:
- Who accessed this database and through what permissions?
- Is this behavior regular or anomalous for this identity?
- What is the summary of all activity done in this session?
- What accounts still have access to production after an org change?
- Are there unmanaged keys or tokens granting backdoor access?
With identity chain observability, security and infrastructure teams can quickly gain insights without the manual work of correlating logs, accelerate forensic investigation through evaluation of correlated data, and expose and eliminate new identity vulnerabilities that are currently hidden.
“One of our customers, within fifteen minutes of deployment, flagged two engineers whose accounts retained super-admin maintainer rights across 1,800 repos, far beyond their intended read-only access. This points to the significant impact Teleport Identity Security can have in reducing the attack surface and other vectors of compromise in complex infrastructure environments,” explained Ben Arent, Director of Product, Teleport.
Key capabilities
Teleport Identity Security is especially relevant for security teams focused on:
- Detecting lateral movement and insider threats
- Accelerating forensic investigations
- Preventing over-privileged access across cloud services
- Meeting compliance standards like SOC 2, NIST, and ISO 42001
Teleport Identity Security’s new features include:
- Cross-platform identity tracing — unifies log data across identity providers (e.g,, Okta), code (e.g., GitHub), Cloud (e.g., AWS) and infrastructure access (e.g., Teleport) and reconstructs identity behaviour across this identity chain
- Identity weaknesses detection and investigation — flags anomalies and accelerates investigation, reducing the time involved in log analysis
These features build upon existing capabilities:
- Access graph — a real-time visual map showing the relationships between users, machines, roles, and resources, with SQL Editor
- Crown Jewel monitoring — tracks access changes to critical systems in real time
- SSH key & shadow access discovery — surfaces unmanaged or legacy keys that bypass controls
There’s plenty of other editorial on our sister site, Electronic Specifier! Or you can always join in the conversation by visiting our LinkedIn page.