<img src="https://ws.zoominfo.com/pixel/6169bf9791429100154fc0a2" width="1" height="1" style="display: none;">
Curious about how StrongDM works? 🤔 Learn more here!
Search
Close icon
Search bar icon

Reduce Security Risk with StrongDM Device Trust

StrongDM manages and audits access to infrastructure.
  • Role-based, attribute-based, & just-in-time access to infrastructure
  • Connect any person or service to any infrastructure, anywhere
  • Logging like you've never seen

We are thrilled to announce a new feature to our StrongDM® Zero Trust Privileged Access Management (PAM) Platform: Device Trust. This feature amplifies your organization's security posture by employing device posture data from endpoint security leaders CrowdStrike or SentinelOne. 

This ensures that access requests to your critical infrastructure, including databases, clouds, servers, clusters, and web applications, are not granted implicitly but rather granted explicitly after a robust evaluation of the user's device security to protect the target systems. 

What is Device Trust

With Device Trust, the authorization has a two-step affirmation: Trust the user, trust the device, and then grant access and authorization to continue operations. This feature provides a deeper context for every access request by analyzing the risk profile of the device utilized for the request. Organizations can ensure that only those devices that meet their device security and health requirements are allowed to connect for privileged operations. 

With insights from endpoint management solutions, StrongDM ensures that authenticated users are only authorized to gain access when risk falls below a certain threshold.

Key Benefits of Device Posture Trust Assessment

Context-based Access

  • Gain a sharper focus on access by understanding who is accessing, from where, and what device they use. 
  • Utilize risk signals from CrowdStrike or SentinelOne to intelligently decide access based on the device's risk score and location.
  • Policies could also block access to resources if no security evaluation agent is running on the device. 

Continuous Risk-based Assessment

  • Regular evaluation of connection health ensures that your security posture is always at its peak. 
  • In real-time, revoke access automatically if the device risk score lowers beyond a specified threshold, keeping potential threats at bay.
  • Assessment is done with the initial login/access attempt and continues throughout the session, so if risk goes up during the session, access can be blocked. 

Reduce the Attack Surface

  • Minimize the risk of unauthorized access by denying or swiftly revoking access from high-risk devices.
  • Mitigate potential threats efficiently and uphold your organization's security integrity.

Dynamic Security Policy

  • Tailor StrongDM security policies based on endpoint insights regarding device posture, ensuring your operations are optimized according to your unique operational needs. You can implement stricter or more relaxed policies based on the device making the connection, or other attributes.

Why is Device Posture so important for authorization decisions? 

Devices come in all shapes and sizes; some are owned and provided by the agency or enterprise, and some are BYOD property of the user. It is essential in a Zero Trust framework to continuously assess the trustworthiness of all elements in a network, including user devices, as part of enforcing strict access control policies. 

Device posture—continuous, real-time evaluation of the security status of a device—must inform trust assessments to achieve the optimal stage of the CISA Zero Trust Maturity Model. It is crucial in determining whether to grant, deny, or limit access to sensitive systems and data.

User Device Risk Scenarios

Malware Infection:  If a device is infected with malware, viruses, or any other malicious software, it's crucial to immediately block access to prevent potential data breaches or further network infiltration.

Outdated Software: Devices running outdated software or operating systems, especially those with known vulnerabilities, pose a significant risk. Blocking access from such devices until they are updated is a crucial security measure.

Unpatched Systems: If a device hasn't been patched with the latest security updates, it may be vulnerable to exploitation. 

Insecure Configurations: Devices with insecure configurations, such as weak passwords, open ports, or disabled firewalls, can be easy targets for cyber adversaries.

Unauthorized Applications: Devices with unauthorized or blocked applications installed should be restricted from accessing sensitive systems to prevent potential security risks.

Rooted or Jailbroken Devices:  Rooted or jailbroken devices can bypass normal security restrictions; thus, they should be deemed high risk and blocked from accessing sensitive resources.

Absent or Disabled Security Software: A device without active security software like antivirus or anti-malware solutions is more susceptible to security threats.

Non-compliance with Corporate Policies: Devices that do not comply with the organization's security policies, such as those missing encryption or disabled screen locks, should be blocked from accessing sensitive systems.

Lost or Stolen Devices: Access from devices reported as lost or stolen should be immediately blocked to prevent unauthorized access.

Assessing Device Posture is a significant step toward Zero Trust, ensuring that your infrastructure remains resilient against threats. As part of the StrongDM Zero Trust PAM Platform, Device Trust combines user trust, device integrity, and dynamic access, leading to a new era of robust identity security.

We invite you to explore the Device Trust feature and experience firsthand how StrongDM is transforming privileged access.


About the Author

, Chief Product Officer (CPO), spearheads the StrongDM Zero Trust PAM platform. Previously, he was the Senior Director at Google, leading the Zero Trust and Identity and Access Management portfolio for GCP. His career includes executive roles at Netskope, driving its transition from CASB to SASE, and at Riverbed Technology. Amol was also a founding member at Tablus, a pioneer in Data Loss Prevention. To contact Amol, visit him on LinkedIn.

StrongDM logo
💙 this post?
Then get all that StrongDM goodness, right in your inbox.

You May Also Like

What Is Network Level Authentication (NLA)? (How It Works)
What Is Network Level Authentication (NLA)? (How It Works)
Network Level Authentication (NLA) is a security feature of Microsoft’s Remote Desktop Protocol (RDP) that requires users to authenticate before establishing a remote session. By enforcing this pre-authentication step, NLA reduces the risk of unauthorized access, conserves server resources, and protects against attacks like credential interception and denial of service. While effective in securing RDP sessions, NLA is limited to a single protocol, lacks flexibility, and can add complexity in diverse, modern IT environments that rely on multiple systems and protocols.
How to Automate Continuous Compliance in AWS with StrongDM
How to Automate Continuous Compliance in AWS with StrongDM
Enterprises seek ways to effectively address the needs of dynamic, always-evolving cloud infrastructures, and StrongDM has developed a platform that is designed with built-in capabilities to support continuous compliance in AWS environments.
IP Whitelisting: Meaning, Alternatives & More
IP Whitelisting: Meaning, Alternatives & More [2024 Guide]
IP whitelisting is a security strategy that restricts access to a network/system to a specified list of trusted IP addresses. This approach ensures that only individuals using the approved addresses can access certain resources.
Mitigating Shadow Access Risks with Zero Trust PAM
Mitigating Shadow Access Risks with Zero Trust PAM
Discover how StrongDM's Zero Trust PAM and fine-grained authorization secure cloud data plane access and mitigate shadow access risks without hindering productivity.
Why Just-in-Time Access Is Key for Zero Trust Security in AWS
Why Just-in-Time Access Is Key for Zero Trust Security in AWS
Learn why Just-in-Time (JIT) access is essential for Zero Trust security in AWS environments. Discover how StrongDM's JIT access enhances security, optimizes workflows, and ensures compliance with Zero Trust principles.