When managing access and permissions to critical applications, we tend to focus on human users. By authenticating and authorizing users through various methods like MFA, for example, we ensure that only verified individuals can access and consume sensitive information. However, there is another edge component that also needs authorizing – the device. Whether it is a desktop, mobile, wearable or other type of device – if it’s unauthorized, it could cause a data breach.
The way to ensure device security is through its posture. Device posture is a measurement of how secure and compliant the device is. By monitoring and enforcing device posture, organizations can prevent corrupt devices (and the attackers that leverage them) from accessing sensitive information and critical applications.
There are many different criteria that can be evaluated when determining the security posture of a device. To help, we’ve compiled a checklist you can use to classify and assess your devices. Based on the results, you can determine how secure the device is and which permissions it should be given.
Make sure your operating system and installed applications are up-to-date, with all patches installed. Older device versions that have not been promptly updated are a common access point for attackers.
Ensure anti-malware and firewalls are up-to-date, compliant and active.
Install and turn on disk encryption.
Remove any external devices plugged into the device.
Ensure users are authenticated before accessing the device, and that timeouts are configured and enabled.
Ensure no vulnerable application is running on the device.
Ensure anti-phishing is enabled and running.
Check if there is high memory utilization. This could indicate an external attacker is using the device.
Is the device managed or BYOD? Unmanaged devices have become more common with Covid-19 and remote work creating new work styles and connectivity needs. Determine security policies for unmanaged devices and monitor and improve them as needed.
For mobile devices, ensure biometric information is updated and secure.
The zero trust security framework authorizes both users and devices before enabling access to critical applications. Under the tenets of zero trust, only verified devices and users are granted access to assets, applications and systems. Even after they are authorized, devices and users don’t have access to the entire network, nor can they see it. In other words, zero trust serves as an extra layer of security on top of device posture and helps leverage it for maximum security and minimum blast radius.
Zero trust providers like Cyolo can ensure device posture and security are enforced more effectively than what is possible with VPNs. VPNs provide devices and users with network access, which means that attackers who succeed to breach the VPN could fairly easily gain access to critical applications and resources. Zero trust, by contrast, limit potential attackers by only providing access to specific applications and also by blocking lateral movement should they manage to enter the system.
When authorizing a device, Cyolo checks the its antivirus, encryption status, and the other criteria mentioned above. Only secure devices will be given access. In addition to securing the network, zero trust also helps enforce device posture security. Since devices are authorized everytime they want access, zero trust will deny insecure devices access, thus de facto alerting that a device’s posture is not strong enough.
To learn more about getting started with zero trust, read this short e-book.
Dedi Yarkoni is CTO and co-founder of Cyolo. Prior to Cyolo, Dedi worked as the Cyber Lab Research Team Leader at GE Digital and the Applicational Security Technical Program Manager at AWS. He is also a certified ethical hacker and a veteran of the Israeli Navy.