Hybrid working practices pose significant security challenges to IT departments. Endpoint security and its access rules to internal resources are essential, but it can also be challenging to set up effectively. Failure to do so severely limits endpoint visibility in the network and prevents from setting up company-wide security policies.
Network administrators are working with limited information about who’s connecting and making assumptions about the trustworthiness of the new joining devices. As the device number is growing exponentially and with employees connecting from personal and company-owned tools, this is a true puzzle.
Let’s look at how network administrators establish trust rules when managing company networks and how NordLayer can help.
Trust states
The key problem is that device states change constantly — the same device could be secure or vulnerable based on different factors. The software setup could be identical, but the configurations might be different, which could make a distinction between trusted and untrusted states. Not to mention other problems like different resources requiring different security standards.
For this reason, it can be useful to consider several device trust states that could be attributed to any device.
Trusted state
Paradoxically, trust doesn’t mean that the device doesn’t have any vulnerabilities or is perfectly secure. It means that the device is known or recognized by the organization’s administrator. For instance, if an organization issued its own pre-configured devices, the device would be safe to allow into the network.
However, there can be a wide variety of trust conditions applied to your devices. In some cases, they may only have a password, while in others, the checks could be much more intricate to make the systems harder to penetrate.
Untrusted state
Some devices will fall outside the stated entry requirements when processing device posture checks. These can be classified as untrusted, which is also, by default, assigned to all incoming connections under the Zero Trust framework. This assumes that a device could pose risks of diverse nature, which should be taken into account. Often, when the security risks aren’t known, this also warrants flagging a device under an untrusted state.
Why is a device posture check important?
Performing device posture checks on all connecting devices allows clearer visibility of the company’s network. This also can act as a reliable inspection point blocking potentially problematic devices that could serve as launchpads for hacking attempts.
A well-rounded security posture can prevent threats before they cause any damage to important infrastructure resources. This is made possible by the fact that device posture checks help to enforce security policy rules. For instance, your account can’t be accessed if two-factor authentication isn’t enabled. This helps a great deal when securing large companies that use various managed and unmanaged devices.
Device Posture Monitoring with NordLayer
Administrators and logs can enable the Device Posture Monitoring feature to determine whether the connecting device complies with the predefined security rules.
Currently, the feature checks:
device’s operating system
its version
whether the supported NordLayer app version is used
It’s also possible to set up additional checks like:
privilege escalation status by checking if the device is not jailbroken (iOS) or rooted (Android)
whether the device contains specific files helped to identify the device
The feature significantly expands the possibilities of what network administrators are capable to achieve by using NordLayer.
How to make use of NordLayer’s Device Posture Monitoring
Device Posture Monitoring makes it easier for network administrators to keep their finger on the pulse regarding network security. The new feature alerts about unknown or non-compliant devices connecting to the network. The administrator can inspect a full list of unidentified or non-compliant devices and plan accordingly on how to deal with them.
They are also given a report of how many non-compliant devices were connected during a specific period. This allows administrators to draw certain conclusions about the scope of the risks associated with unmanaged endpoints.
How does NordLayer’s Device Posture Monitoring work?
Device Posture Monitoring captures various data from connecting devices. NordLayer aggregates this data and presents it in a digestible form to help network administrators to make a better-informed decision to protect the integrity of your organization’s network security. The feature supplements your currently used application access control lists. Various rules help keep strong entry boundaries to deter and increase the connected device’s visibility of the organization’s IT assets.
How to enable Device Posture Monitoring?
Administrators can only enable Device Posture Monitoring. Here’s how it can be done.
1. Head to Device security and click Profiles
2. Select the profile rules that you want to enable and click Apply rule changes
3. Once that is done, the system will instantly start enforcing select rules
Keep in mind that if you want to disable one of the enforced rules, the profile which was applied before disabling will be saved. This means that previously saved profiles will be automatically turned on.
