- Role-based, attribute-based, & just-in-time access to infrastructure
- Connect any person or service to any infrastructure, anywhere
- Logging like you've never seen
If you’re looking for a Teleport alternative, you’re either frustrated with configuration, management, and protocol limitations, or you are looking for a solution to secure access management and want to see if there’s a better option on the market.
Teleport is an Open Infrastructure Access Platform used by DevSecOps teams for SSH, Kubernetes, databases, internal web applications, and Windows. Here are some of Teleport’s features:
- Certificate authentication for SSH and Kubernetes
- Access to databases, internal web applications, and Windows
- Role-based access control
- Just-in-Time access through ChatOps
- Session recording
- Audit logs
If you're looking for a solution that solves these use cases better, our list of Teleport alternatives will help you find the solution you need.
StrongDM is a Dynamic Access Management (DAM) platform that extends Privileged Access Management (PAM) to work across any environment on-premises and in the cloud. It is designed to make access least-privilege by default with role-based, attribute-based, and just-in-time access controls. Companies like Humana, SentinelOne, and more have adopted StrongDM to secure access management to all their critical infrastructure.
"Like AWS for computing power and Kubernetes for container orchestration, StrongDM is the gold standard for access and auditing. Developers won’t tolerate tools that slow them down or force them to use substandard workflows. StrongDM is the only security product that actually makes their lives easier.”
- Drew Blas, Director of Internal Engineering, Betterment
Reasons to Choose StrongDM Over Teleport
- Agentless Architecture: StrongDM does not require agents on end resources. Agentless architecture means fewer administrative headaches in managing the solution and faster time-to-value for the product.
- Identity Lifecycle Management: StrongDM offers a SCIM integration with major Identity providers like Okta and Azure where user groups and roles are synced directly with StrongDM. Teleport requires the management of roles in both the IdP and Teleport without the ability to support SCIM.
- Reliability: StrongDM updates without any downtime, whereas Teleport requires downtime to update. This is problematic when trying to access resources and adhere to compliance policies.
- Customer Control: StrongDM allows customers to store certificates with StrongDM or their vault of choice. Conversely, Teleport is configured to accept x.509 certificates, which forces you to have Teleport manage the root certificates.
Some of StrongDM’s Features
- Access to databases, cloud, servers, clusters, and internal web applications.
- Role-based access control: StrongDM supports role-based access controls and attribute access controls so that only the right users have access to the resources they need. StrongDM also supports change management. If users switch teams, their access is revoked, and they are assigned resources based on their new role.
- Just-in-Time access: Request access to resources through StrongDM’s Access Workflows. Automate access or require manager approval based on the resource type.
- Session recording: All SSH, RDP, and Kubernetes sessions are recorded with the ability to playback and text-search each session. Helping customers reduce Mean Time To Investigate (MTTI) and Mean To Respond (MTTR) for incident investigations.
- Audit Logs: Every activity and query is captured in StrongDM audit logs. StrongDM also offers the ability to stream your logs to an S3 bucket.
- 51 reviews (at the time of writing)
- 4.8 / 5 stars
StrongDM offers simple per-user pricing, starting at $70/license, including support for all resource types.
Users have the option to sign up for a free 14-day trial.
2. Teleport Community Edition
Brief product summary
The open-source Community Edition of Teleport is the same as the Enterprise edition, with the following exceptions:
- No RBAC
- No SSO integration
- No paid support available
Because Teleport CE is nearly identical to the Teleport Enterprise version, the same use cases apply.
- Open source code (https://github.com/gravitational/teleport).
- The same minuses as the other version of Teleport apply.
- Because it’s available free, only community support is available.
- The free version is missing important enterprise features (see above).
- Only uses local users or GitHub for identity-based authentication.
3. Bastion Host
Brief product summary
A bastion host is simply a Linux/UNIX server that mediates access to sensitive servers/database access by requiring the user to first log into the bastion host then ‘jump’ to additional resources in the network controlled by the bastion. Organizations simply need to set up an additional server that is both accessible from external sources and is able to connect to internal resources.
- Mediate access to protected resources on a restricted network segment.
- Database clients and similar tools can work via bastion host by using port forwarding over the SSH connection.
- Free, or nearly so: the only requirement is the cost for the hardware (or virtual server) underlying the bastion host.
- Straightforward access for users who are familiar with SSH.
- Because all access to protected resources requires first logging in via command line to the bastion host, the user must have an account on the bastion and a certain level of technical acumen, especially if employing port forwarding for database access.
- The bastion host represents a single point of failure; if it is unavailable all resources behind it are inaccessible. Setting up multiple bastion hosts to mitigate against this possibility means another set of credentials to manage.
- In the case of problems, support is limited to whatever support may be available for the underlying OS running on the bastion host.
- Session logs and database/other protocol activity are not captured.
About the Author
Andrew Magnusson, Director, Global Customer Engineering, has worked in the information security industry for 20 years on tasks ranging from firewall administration to network security monitoring. His obsession with getting people access to answers led him to publish Practical Vulnerability Management with No Starch Press in 2020. He holds a B.A. in Philosophy from Clark University, an M.A. in Philosophy from the University of Connecticut, and an M.S. in Information Management from the University of Washington. To contact Andy, visit him on LinkedIn.