Reduce Security Risk with StrongDM Device Trust

We are thrilled to announce a new feature to our StrongDM® Zero Trust Privileged Access Management (PAM) Platform: Device Trust. This feature amplifies your organization's security posture by employing device posture data from endpoint security leaders CrowdStrike or SentinelOne. 

This ensures that access requests to your critical infrastructure, including databases, clouds, servers, clusters, and web applications, are not granted implicitly but rather granted explicitly after a robust evaluation of the user's device security to protect the target systems. 

What is Device Trust? 

With Device Trust, the authorization has a two-step affirmation: Trust the user, trust the device, and then grant access and authorization to continue operations. This feature provides a deeper context for every access request by analyzing the risk profile of the device utilized for the request. Organizations can ensure that only those devices that meet their device security and health requirements are allowed to connect for privileged operations. 

With insights from endpoint management solutions, StrongDM ensures that authenticated users are only authorized to gain access when risk falls below a certain threshold.

Key Benefits of Device Posture Trust Assessment

Context-based Access

• Gain a sharper focus on access by understanding who is accessing, from where, and what device they use. 
• Utilize risk signals from CrowdStrike or SentinelOne to intelligently decide access based on the device's risk score and location.
• Policies could also block access to resources if no security evaluation agent is running on the device. 

Continuous Risk-based Assessment

• Regular evaluation of connection health ensures that your security posture is always at its peak. 
• In real-time, revoke access automatically if the device risk score lowers beyond a specified threshold, keeping potential threats at bay.
• Assessment is done with the initial login/access attempt and continues throughout the session, so if risk goes up during the session, access can be blocked. 

Reduce the Attack Surface

• Minimize the risk of unauthorized access by denying or swiftly revoking access from high-risk devices.
• Mitigate potential threats efficiently and uphold your organization's security integrity.

Dynamic Security Policy

• Tailor StrongDM security policies based on endpoint insights regarding device posture, ensuring your operations are optimized according to your unique operational needs. You can implement stricter or more relaxed policies based on the device making the connection, or other attributes.

Why is Device Posture so important for authorization decisions? 

Devices come in all shapes and sizes; some are owned and provided by the agency or enterprise, and some are BYOD property of the user. It is essential in a Zero Trust framework to continuously assess the trustworthiness of all elements in a network, including user devices, as part of enforcing strict access control policies. 

Device posture—continuous, real-time evaluation of the security status of a device—must inform trust assessments to achieve the optimal stage of the CISA Zero Trust Maturity Model. It is crucial in determining whether to grant, deny, or limit access to sensitive systems and data.

User Device Risk Scenarios

Malware Infection:  If a device is infected with malware, viruses, or any other malicious software, it's crucial to immediately block access to prevent potential data breaches or further network infiltration.

Outdated Software: Devices running outdated software or operating systems, especially those with known vulnerabilities, pose a significant risk. Blocking access from such devices until they are updated is a crucial security measure.

Unpatched Systems: If a device hasn't been patched with the latest security updates, it may be vulnerable to exploitation. 

Insecure Configurations: Devices with insecure configurations, such as weak passwords, open ports, or disabled firewalls, can be easy targets for cyber adversaries.

Unauthorized Applications: Devices with unauthorized or blocked applications installed should be restricted from accessing sensitive systems to prevent potential security risks.

Rooted or Jailbroken Devices:  Rooted or jailbroken devices can bypass normal security restrictions; thus, they should be deemed high risk and blocked from accessing sensitive resources.

Absent or Disabled Security Software: A device without active security software like antivirus or anti-malware solutions is more susceptible to security threats.

Non-compliance with Corporate Policies: Devices that do not comply with the organization's security policies, such as those missing encryption or disabled screen locks, should be blocked from accessing sensitive systems.

Lost or Stolen Devices: Access from devices reported as lost or stolen should be immediately blocked to prevent unauthorized access.

Assessing Device Posture is a significant step toward Zero Trust, ensuring that your infrastructure remains resilient against threats. As part of the StrongDM Zero Trust PAM Platform, Device Trust combines user trust, device integrity, and dynamic access, leading to a new era of robust identity security.

We invite you to explore the Device Trust feature and experience firsthand how StrongDM is transforming privileged access.