What is Device Posture Check?

pixabay | TheDigitalArtist
(Image credit: pixabay | TheDigitalArtist)

The plague of wide-spreading cybersecurity breaches that coincided with the Covid-19 pandemic was a massive reminder to all Web users across the world of the increasing importance of cybersecurity. Although the pandemic has accelerated technological adoption, it also exposed cyber vulnerabilities and our failure to prepare for fighting cyber threats. As cyber risks continue to rank high, cybersecurity has become a board-level issue for small and large businesses alike.

As more and more workers are choosing to work from the comfort (and safety) of their homes, overcoming cybersecurity challenges has become even more challenging. Although being online always comes with a certain risk, at work you’re usually using a network safeguarded by anti-malware, firewalls, and automatic backup systems. With all this, a cyber threat such as malware is less likely to corrupt your software and you are less likely to become a victim of data theft.

At home, where workers are using their own devices it’s a completely different story, so it’s critical to find a suitable solution for this gap in security. Meet Device Posture Check (DPC), a solution that collects and inspects security-related data from all connected devices allowing administrators to enforce application access, control policies, and disconnect any device that’s considered dangerous.

TechRadar needs yo...

Share your thoughts on Cybersecurity and get a free copy of the Hacker's Manual 2022. Help us find how businesses are preparing for the post-Covid world and the implications of these activities on their cybersecurity plans. Enter your email at the end of this survey to get the bookazine, worth $10.99/£10.99.

Perimeter 81 is one of TechRadar's choices for the best SWG providers

Perimeter 81 is one of TechRadar's choices for the best SWG providers

Protect your employees and network from web-based attacks with a Secure Web Gateway. Filter out malicious threats. Monitor all employee activity. Streamline compliance. Secure your entire workforce, whether on-prem or remote with Perimeter 81, TechRadar's top-rated business VPN. Deploy in minutes. Start now.

What exactly is DPC? 

DPC can be defined as a procedure or a piece of software that performs checks on connecting devices. It can perform them once per connection or constantly at intervals scheduled by the network administrator. The administrators’ job is here to make sure that only devices that comply with pre-establish security policies can connect to the systems that are monitored and maintained. The aim is to ensure that systems stay secure while enabling access to applications and data that are needed.

These security policies can differ between different users and user groups, ensuring to a greater extent that a network and its sensitive resources are protected with an additional layer of security. For instance, an administrator may allow network access from devices that have specific antivirus software, possess a particular authorization file, have an encrypted hard drive, or other suitable certificates that are underlined by the administrator. After this, the devices that are allowed access to the network are classed as trusted devices.

What is a trusted device? 

Whether trusted or untested, a device is always a machine, be it a smartphone, a tablet, laptop, desktop, or Internet of things (IoT) sort of device that’s often used to connect to a company’s network. With the rise of remote work and bring-your-own-device (BYOD) becoming a worldwide trend, the number of devices that could access a company’s IT assets has considerably increased while cybersecurity declined.

To confront this challenge, it was necessary to classify the devices as secure (or trusted) prior to being allowed access to the company’s network and its resources. And, for a device to be marked as trusted, it needs to meet a particular set of security standards, some of which we’ll cover in the following section. 

How to get started with DPC? 

There are many moving parts an administrator should keep track of while determining the security posture of a specific device. Although suitable software can do most of your job, to make it even easier, we’ve brought together a brief checklist you can use to scrutinize and classify the devices based on their security status. Also, while there are many things that a desktop and a mobile device share, a DPC procedure differs in some areas.

1. Check if the software is patched up and if everything is up-to-date

An important part of DPC is making sure that operating systems (OS’) and apps are up-to-date with all patches installed. For instance, if one of the workers happens to log in with their corporate credentials from a personal device that’s running an unpatched OS, it would create a vulnerability for the whole system. While it may seem like a convenient way for solving a current issue, it’s likely to grow into a bigger issue for the company after a while. 

2. Make sure that anti-malware software is running smoothly

To secure sensitive data and ensure that your company’s systems, apps, and data are properly protected, you want to be sure that anti-malware software on all devices is up-to-date, compliant, and active. Being a critical part of any security system, anti-malware protects its users from malware, phishing, ransomware attacks, data leakages, drive-by downloads, and exploits that utilize zero-day vulnerabilities.

3. Ensure that the device’s disk is encrypted

Disk encryption can protect your business from data theft or accidental data loss by rendering data stored on your hard drives unreadable whenever an unauthorized user tries accessing your network. In short, it safeguards your data from hackers. So, you want to make sure that devices’ disks are encrypted and the essential directories protected.

4. Check to see if a firewall is configured on the device in question

Since firewalls act as barriers against outside cyber attackers, it’s vital to have them working properly. Firewalls also prevent malicious software from entering devices or networks via the internet and can be used to block data from certain locations, apps, or ports. That’s why it’s important to continuously check for updates and ensure firewalls are compliant and in working order.

5. Consult with an SHA

When enabled, a System Health Agent (SHA) checks the status of system protection and updates on Windows-based systems, and then passes a feedback. As a system health validator, it includes the information that a network access protection (NAP) policy server can use to check if a client computer is in the required state of health, which will give you important insight into connecting devices.

Why should you embrace DPC and zero trust policy? 

The zero-trust model is a security model requiring all users, whether they’re in or outside of a company's network, to be authenticated, authorized, and constantly checked for security posture before being allowed to access the company's apps and data. The main concept behind this model asserts the “never trust, always verify” policy which implies that no device should be trusted by default.

By performing a DPC on all connecting devices, you’ll get clearer visibility into your company’s critical resources and boost their security by blocking potentially insecure devices from connecting and allowing access only to those devices that comply with your cybersecurity posture.

The only effective way to prevent security breaches is to do it before they can happen, and DPC will prove useful in that.

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.