The problem is simple: all breaches start with initial access, and initial access comes down to two primary attack vectors – credentials and devices. This is not news; every report you can find on the threat landscape depicts the same picture.
The solution is more complex. For this article, we’ll focus on the device threat vector. The risk they pose is significant, which is why device management tools like Mobile Device Management (MDM) and Endpoint Detection and Response (EDR) are essential components of an organization’s security infrastructure.
However, relying solely on these tools to manage device risk actually creates a false sense of security. Instead of the blunt tools of device management, organizations are looking for solutions that deliver device trust. Device trust provides a comprehensive, risk-based approach to device security enforcement, closing the large gaps left behind by traditional device management solutions. Here are 5 of those limitations and how to overcome them with device trust.
1. Zero visibility into unmanaged devices
MDM and EDR solutions are effective for managing and securing devices that are enrolled and within the organization’s control. However, they cannot provide visibility and control over unmanaged devices, such as personal laptops or phones, contractor devices, and devices used by business partners.
Unfortunately, these devices are still accessing your corporate resources, and they are a major threat precisely because they are not company-managed. They may not adhere to the organization’s security policies (no disk encryption, no local biometric, hasn’t been updated in three years, etc), and you are none the wiser because you have no security footprint there, making them perfect entry points for attackers.
How device trust solves this problem:
Device trust provides coverage over all devices that are authenticating, including unmanaged, BYOD, and personal devices. The ideal way to achieve this is via a privacy-preserving, lightweight authenticator that has no remote wipe capabilities nor administrative privileges over the device. However, it should be able to capture device risk telemetry and support rapid remediation to provide risk visibility and security compliance enforcement for all devices in your fleet.
2. Incomplete coverage across operating systems
While many MDM and EDR tools offer support for popular operating systems like Windows and macOS, their coverage for Linux and ChromeOS devices is often limited in their capabilities or completely non-existent. This gap leaves organizations vulnerable, especially those that rely on diverse operating systems for their operations, such as software engineers and system administrators.
How device trust solves this problem:
Device trust delivers broad-based coverage across all commonly used operating systems, including Linux and ChromeOS. This provides administrators the ability to evaluate device risk in real-time on any device, regardless of operating system, and block access from devices that fail to meet the security threshold.
3. Lack of integration with access policy
MDM and EDR tools typically operate independently of access management systems, leading to a disconnect between device security posture and access controls. That is, even if your MDM or EDR flags a suspicious activity, event, or behavior from an endpoint, the signal is not available to your access management solution to make real-time decisions about the user’s access to resources.
Without a tightly coupled integration, organizations have no ability to enforce access policies based on real-time device risk assessments collected from device management tools.
How device trust solves this problem:
Device trust puts adaptive risk policy into practice by incorporating as many signals as available as part of access decisions. If a device is non-compliant, it can be prevented from accessing company data in the first place. And if a device falls out of compliance, its access should be able to be revoked instantly.
As a bonus, device trust enforced via access policy does not disrupt end-user productivity by forcing automatic updates. Instead, the device risk is contained because it cannot gain access while the user or their admin takes the steps needed for remediation.
4. Risk of device management tool misconfigurations
Configuration drifts happen. But misconfigurations in MDM and EDR solutions can create security blind spots, allowing threats to go undetected. These misconfigurations may result from human error, lack of expertise, or complex system requirements, and they often remain unnoticed until a security incident occurs.
For instance, CrowdStrike requires full disk access to be able to properly execute its detection and response functionality. Being able to evaluate not just the presence of the tool but its correct configuration is crucial to enforcing defense in depth.
How device trust solves this problem:
With a tightly coupled integration with device management solutions, device trust can ensure that not only is the tool present on the device, but all configurations are in place as intended. This provides an additional layer of security to defend against configuration drifts of security tooling.
5. Limited ability to detect advanced threats
MDM and EDR tools are designed to detect known threats. MDMs, in particular, offer coarse risk telemetry, with some variation across vendors. However, they give organizations no ability to identify or do anything about security risks such as:
- Identifying specific processes or sensitive files on a device
- Existence of unencrypted SSH keys
- Third-party MacOS extensions
- Evaluate the existence of applications with known CVEs
How device trust solves this problem:
Device trust delivers fine-grained device posture evaluation. In combination with a tightly coupled integration with access management, it allows organizations to enforce device security compliance beyond the scope of what device management tools allow.
Conclusion
In conclusion, while device management tools are important, they are not sufficient for ensuring device security. Organizations must adopt a device trust approach that provides comprehensive visibility, cross-platform support, integration with access management, vigilant configuration management, and advanced threat detection capabilities.
Beyond Identity is an access management platform that delivers robust device trust capabilities. To see the platform in action, contact us today for a demo.
About The Author
Original post here
