Business and Enterprise
Protect your company from cybercriminals.
Start Free TrialSimpler, more secure deployment for a better price. Switch to Keeper Connection Manager today!
Keeper provides thousands of enterprises and millions of users with robust connection management and privileged access management (PAM) capabilities, integrated into the world’s most secure enterprise password management and secrets management platform. Keeper Connection Manager, Keeper's remote access gateway, is fully integrated into the Keeper ecosystem, which protects organizations from password-related data breaches and cyberthreats.
Teleport is a stand-alone connection tool for software engineers that provides access to infrastructure through the use of short-lived certificates.
Keeper Connection Manager is 100% agentless and clientless. No configuration or 3rd party services need to be installed on the target instances, and there is no risk of breach from 3rd party agents. Keeper Connection Manager only requires a simple Docker container to be installed in the target environment.
Teleport requires installation of agent software on every endpoint that will be accessed. In addition, it requires the installation of an auth server and a proxy server. Depending on what your users are accessing, you may also need to install clients like ‘tsh.’
Like the rest of the Keeper ecosystem, Keeper Connection Manager is both zero-knowledge and zero-trust. Keeper cannot access the infrastructure that is managed by the customer. When coupled with Keeper Secrets Manager for credential storage, Keeper provides zero-knowledge encryption of service account passwords and other access credentials.
Teleport Cloud is hosted by Gravitational and routes all connections through a centralized proxy. Unauthorized access to the Auth Server grants certificates that can login to any managed host. Depending on the use case, the TLS session may be decrypted on the server.
Keeper Connection Manager is easy to deploy on any device using a lightweight Docker container.
Teleport's deployment model is extremely complex and requires an agent, a central proxy, and a central auth server. Additionally, per Teleport’s own documentation, the solution utilizes features that are not considered "production-ready." Teleport software must be deployed on every instance.
Keeper Connection Manager uses standard RDP connections that do not require an admin to reconfigure the organization’s entire data environment. The credentials used to access the destination server are managed by the admin and are never exposed to the end user. Session recordings are available for auditing purposes.
For RDP access, Teleport requires access to the domain controller, a Linux instance, GPO changes, approval of a Teleport CA, and implementation of Smart Card APIs. This method of desktop access is extremely complex and works outside of the norm for the typical enterprise setup. Additionally, Teleport’s RDP sessions cannot be recorded for auditing purposes.
The Keeper Connection Manager gateway can be completely locked down to the customer's infrastructure to limit access between the client device and the target server. Secrets that are used to connect to the target servers can be managed within the Keeper Secrets Manager encrypted vault. Pass-through credentials also provide dynamic access to the target instances for any user without storage of secrets anywhere in the gateway.
Teleport Auth Server issues short-lived credentials and is a single point of compromise. Compromise of Teleport Auth Server would permit access to any node running the Teleport agent. This system also hosts a User CA -- this is a long-lived key, and exfiltration of this signing key permits an attacker to mint their own credentials to any Teleport-managed host. The Teleport architecture provides a much larger attack surface.
Keeper offers extensive reporting on privileged user behavior. In addition to providing aggregate security audits, Keeper also provides event logging for over 140 event types, event-based alerts, and integration with popular 3rd party SIEM solutions. Keeper’s compliance reporting functionality also allows admins to monitor and report the access permissions of privileged accounts across the entire organization, in a zero-trust and zero-knowledge security environment.
Teleport has limited reporting and monitoring tools. It offers no password event data logging or robust compliance reporting functionality.
Keeper Secrets Manager is a fully managed, cloud-based, zero-knowledge platform for securing infrastructure secrets such as API keys, database passwords, access keys, certificates and any type of confidential data, integrated directly into Keeper.
Teleport does not offer secrets management or encryption of digital assets.
Keeper has had the longest-standing SOC2 and ISO 27001 certification in the industry. Keeper utilizes best-in-class security, with a zero-trust framework and zero-knowledge security architecture that protects customer data with multiple layers of encryption keys at the vault, shared folder and record levels.
Keeper Security Government Cloud is FedRAMP Authorized and supports compliance with the United States International Traffic in Arms Regulations (ITAR).
Teleport has only been SOC2 certified since 2021, and this does not cover their cloud platform.
*Source: https://goteleport.com/blog/soc2-certification-table-stakes-for-b2b-saas/
Switch to Keeper Now