When managing access and permissions to critical applications, we tend to focus on human users. By authenticating and authorizing users through various methods like MFA, for example, we ensure that only verified individuals can access and consume sensitive information. However, there is another edge component that also needs authorizing – the device. Whether it is a desktop, mobile, wearable or other type of device – if it’s unauthorized, it could cause a data breach.
The way to ensure device security is through its posture. Device posture is a measurement of how secure and compliant the device is. By monitoring and enforcing device posture, organizations can prevent corrupt devices (and the attackers that leverage them) from accessing sensitive information and critical applications.
How to Get Started with Device Posture
There are many different criteria that can be evaluated when determining the security posture of a device. To help, we’ve compiled a checklist you can use to classify and assess your devices. Based on the results, you can determine how secure the device is and which permissions it should be given.
Device Posture: The Checklist
1. Patches and Updates
Make sure your operating system and installed applications are up-to-date, with all patches installed. Older device versions that have not been promptly updated are a common access point for attackers.
Ensure anti-malware and firewalls are up-to-date, compliant and active.
3. Disk Encryption
Install and turn on disk encryption.
4. Empty USB Ports
Remove any external devices plugged into the device.
5. User Authentication
Ensure users are authenticated before accessing the device, and that timeouts are configured and enabled.
6. Vulnerable Applications
Ensure no vulnerable application is running on the device.
Ensure anti-phishing is enabled and running.
8. Memory Utilization
Check if there is high memory utilization. This could indicate an external attacker is using the device.
9. Managed or Unmanaged?
Is the device managed or BYOD? Unmanaged devices have become more common with Covid-19 and remote work creating new work styles and connectivity needs. Determine security policies for unmanaged devices and monitor and improve them as needed.
10. Biometric Status
For mobile devices, ensure biometric information is updated and secure.
Device Posture and Zero Trust
The zero trust security framework authorizes both users and devices before enabling access to critical applications. Under the tenets of zero trust, only verified devices and users are granted access to assets, applications and systems. Even after they are authorized, devices and users don’t have access to the entire network, nor can they see it. In other words, zero trust serves as an extra layer of security on top of device posture and helps leverage it for maximum security and minimum blast radius.
Zero trust providers like Cyolo can ensure device posture and security are enforced more effectively than what is possible with VPNs. VPNs provide devices and users with network access, which means that attackers who succeed to breach the VPN could fairly easily gain access to critical applications and resources. Zero trust, by contrast, limit potential attackers by only providing access to specific applications and also by blocking lateral movement should they manage to enter the system.
When authorizing a device, Cyolo checks the its antivirus, encryption status, and the other criteria mentioned above. Only secure devices will be given access. In addition to securing the network, zero trust also helps enforce device posture security. Since devices are authorized everytime they want access, zero trust will deny insecure devices access, thus de facto alerting that a device’s posture is not strong enough.
To learn more about getting started with zero trust, read this short e-book.