How To Detect Compromised Identities with Teleport

They access their infrastructure remotely without passwords or shared secrets, and replace shared credentials in CI/CD systems and workloads with mTLS. They eliminate the need for VPNs and enable Just-In-Time Access to web apps, cloud consoles, databases, and more.

In these times of remote work, organizations need to take even more precautions to prevent unauthorized access of applications and systems.

We have already discussed how impersonators can be detected in the organization using Teleport's built-in features. Let's expand on these ideas, presenting additional metrics that can be used to detect suspicious behavior among employees, along with some options for expanding detection capabilities beyond what Teleport natively offers. We will introduce some of Teleport's hardening mechanisms as well, which can significantly limit the damage potential of a malicious insider.

When attempting to identify rogue users within the organization, it's not possible to achieve 100% accuracy. Since compromised users possess legitimate privileges within the system, administrators we need heuristic methods to identify abnormal behavioral patterns. It's hard to determine baseline values, instead we can compare measured values to the mean of all employees.

Leave a Comment