<img src="https://ws.zoominfo.com/pixel/6169bf9791429100154fc0a2" width="1" height="1" style="display: none;">

Life's like a box of chocolates 🍫 Your access shouldn't be. Register for our new webinar.

Search
Close icon
Search bar icon

Reduce Security Risk with StrongDM Device Trust

StrongDM manages and audits access to infrastructure.
  • Role-based, attribute-based, & just-in-time access to infrastructure
  • Connect any person or service to any infrastructure, anywhere
  • Logging like you've never seen

We are thrilled to announce a new feature to our StrongDM® Dynamic Access Management (DAM) platform: Device Trust. This feature amplifies your organization's security posture by employing device posture data from endpoint security leaders CrowdStrike or SentinelOne. 

This ensures that access requests to your critical infrastructure, including databases, clouds, servers, clusters, and web applications, are not granted implicitly but rather granted explicitly after a robust evaluation of the user's device security to protect the target systems. 

What is Device Trust

With Device Trust, the authorization has a two-step affirmation: Trust the user, trust the device, and then grant access and authorization to continue operations. This feature provides a deeper context for every access request by analyzing the risk profile of the device utilized for the request. Organizations can ensure that only those devices that meet their device security and health requirements are allowed to connect for privileged operations. 

With insights from endpoint management solutions, StrongDM ensures that authenticated users are only authorized to gain access when risk falls below a certain threshold.

Key Benefits of Device Posture Trust Assessment

Context-based Access

  • Gain a sharper focus on access by understanding who is accessing, from where, and what device they use. 
  • Utilize risk signals from CrowdStrike or SentinelOne to intelligently decide access based on the device's risk score and location.
  • Policies could also block access to resources if no security evaluation agent is running on the device. 

Continuous Risk-based Assessment

  • Regular evaluation of connection health ensures that your security posture is always at its peak. 
  • In real-time, revoke access automatically if the device risk score lowers beyond a specified threshold, keeping potential threats at bay.
  • Assessment is done with the initial login/access attempt and continues throughout the session, so if risk goes up during the session, access can be blocked. 

Reduce the Attack Surface

  • Minimize the risk of unauthorized access by denying or swiftly revoking access from high-risk devices.
  • Mitigate potential threats efficiently and uphold your organization's security integrity.

Dynamic Security Policy

  • Tailor StrongDM security policies based on endpoint insights regarding device posture, ensuring your operations are optimized according to your unique operational needs. You can implement stricter or more relaxed policies based on the device making the connection, or other attributes.

Why is Device Posture so important for authorization decisions? 

Devices come in all shapes and sizes; some are owned and provided by the agency or enterprise, and some are BYOD property of the user. It is essential in a Zero Trust framework to continuously assess the trustworthiness of all elements in a network, including user devices, as part of enforcing strict access control policies. 

Device posture—continuous, real-time evaluation of the security status of a device—must inform trust assessments to achieve the optimal stage of the CISA Zero Trust Maturity Model. It is crucial in determining whether to grant, deny, or limit access to sensitive systems and data.

User Device Risk Scenarios

Malware Infection:  If a device is infected with malware, viruses, or any other malicious software, it's crucial to immediately block access to prevent potential data breaches or further network infiltration.

Outdated Software: Devices running outdated software or operating systems, especially those with known vulnerabilities, pose a significant risk. Blocking access from such devices until they are updated is a crucial security measure.

Unpatched Systems: If a device hasn't been patched with the latest security updates, it may be vulnerable to exploitation. 

Insecure Configurations: Devices with insecure configurations, such as weak passwords, open ports, or disabled firewalls, can be easy targets for cyber adversaries.

Unauthorized Applications: Devices with unauthorized or blocked applications installed should be restricted from accessing sensitive systems to prevent potential security risks.

Rooted or Jailbroken Devices:  Rooted or jailbroken devices can bypass normal security restrictions; thus, they should be deemed high risk and blocked from accessing sensitive resources.

Absent or Disabled Security Software: A device without active security software like antivirus or anti-malware solutions is more susceptible to security threats.

Non-compliance with Corporate Policies: Devices that do not comply with the organization's security policies, such as those missing encryption or disabled screen locks, should be blocked from accessing sensitive systems.

Lost or Stolen Devices: Access from devices reported as lost or stolen should be immediately blocked to prevent unauthorized access.

Assessing Device Posture is a significant step toward Zero Trust, ensuring that your infrastructure remains resilient against threats. As part of the StrongDM Dynamic Access Management Platform, Device Trust combines user trust, device integrity, and dynamic access, leading to a new era of robust identity security.

We invite you to explore the Device Trust feature and experience firsthand how StrongDM is transforming privileged access.


About the Author

, Chief Product Officer (CPO), spearheads the StrongDM Dynamic Access Management platform. Previously, he was the Senior Director at Google, leading the Zero Trust and Identity and Access Management portfolio for GCP. His career includes executive roles at Netskope, driving its transition from CASB to SASE, and at Riverbed Technology. Amol was also a founding member at Tablus, a pioneer in Data Loss Prevention. To contact Amol, visit him on LinkedIn.

StrongDM logo
💙 this post?
Then get all that StrongDM goodness, right in your inbox.

You May Also Like

Vendor Access Management (VAM) Explained
Vendor Access Management (VAM) Explained
Vendor Access Management (VAM) is the systematic control and oversight of vendor access to an organization's systems, applications, and data. It involves processes such as onboarding and offboarding vendors, utilizing solutions for Just-in-Time access, ensuring security, and streamlining workflows to minimize operational inefficiencies.
What Is Fine-Grained Access Control? Challenges, Benefits & More
What Is Fine-Grained Access Control? Challenges, Benefits & More
Fine-grained access control systems determine a user’s access rights—to infrastructure, data, or resources, for example—once past initial authentication. Unlike coarse-grained access control (CGAC), which relies on a single factor, such as role, to grant access, FGAC relies on multiple factors. For example, it may consider policies (policy-based access control, or PBAC), attributes (attribute-based access control, or RBAC), or a user’s behavior in a certain context (behavior-based access control, or BBAC).
Implicit Trust vs. Explicit Trust in Access Management
Implicit Trust vs. Explicit Trust in Access Management
Trust is an essential cornerstone in access management. However, not all trust is created equal. When it comes to how you approach access, two types of trust stand out: implicit trust and explicit trust.
Joiners, Movers, and Leavers (JML) Process (How to Secure It)
Joiners, Movers, and Leavers (JML) Process (How to Secure It)
People come, and people go, and while digital identities should cease to exist after a departure, many times, this doesn’t happen. At any given time, organizations can have thousands of user identities to manage and track, so when processes aren’t automated, it’s easy for many identities to fall through the cracks. This phenomenon is called Identity Lifecycle Management, and when it comes to access and security, it’s worth the time to get it right.
How to Meet NYDFS Section 500.7 Amendment Requirements
How to Meet NYDFS Section 500.7 Amendment Requirements
The New York Department of Financial Services (“NYDFS”) Cybersecurity Regulation is a set of comprehensive cybersecurity requirements that apply to financial institutions operating in New York. The goal of the regulation is to ensure that the cybersecurity programs of financial institutions have robust safeguards in place to protect customer data and the financial sector.