The plague of widespread cybersecurity breaches that coincided with the Covid-19 pandemic was a massive reminder to all web users around the world of the growing importance of cybersecurity. While the pandemic has accelerated technology adoption, it has also exposed cyber vulnerabilities and our lack of preparedness to combat cyber threats. As cyber risks continue to come to the fore, cybersecurity has become a board-level issue for small and large businesses alike.
As more and more workers choose to work from the comfort (and safety) of their homes, overcoming cybersecurity challenges becomes even more challenging. While being online always carries some risk, at work you often use a network protected by antimalware, firewalls, and automated backup systems. With all this, it is less likely that a cyber threat like malware will corrupt your software and you will be a victim of data theft.
At home, where workers use their own devices, the story is completely different, so finding an appropriate solution to this security gap is critical. Meet Device Posture Check (DPC), a solution that collects and inspects security-related data from all connected devices, allowing administrators to enforce application access, control policies, and shut down any device deemed dangerous .
What exactly is CPD?
DPC can be defined as a procedure or piece of software that performs checks on connecting devices. You can do them once per connection or constantly at intervals scheduled by your network administrator. The administrators job is here to make sure that only devices that comply with preset security policies can connect to the systems that are monitored and maintained. The goal is to ensure that systems remain secure while allowing access to the applications and data that are needed.
These security policies can differ between different users and user groups, further ensuring that a network and its sensitive resources are protected with an additional layer of security. For example, an administrator may allow network access from devices that have specific anti-virus software, possess a particular authorization file, have an encrypted hard drive, or other suitable certificates that the administrator highlights. After this, devices that are allowed access to the network are classified as trusted devices.
What is a trusted device?
Whether trusted or untested, a device is always a machine, whether it’s a smartphone, tablet, laptop, desktop, or Internet of Things (IoT) device often used to connect to a company network. With the rise of remote work and bring your own device (BYOD) becoming a global trend, the number of devices that could access a company’s IT assets increased dramatically, while cybersecurity decreased.
To address this challenge, devices needed to be classified as secure (or trusted) before they were allowed access to the company network and its resources. And, for a device to be marked as trusted, it must meet a particular set of security standards, some of which we’ll cover in the next section.
How to get started with DPC?
There are many moving parts that an administrator must keep track of when determining the security posture of a specific device. While the right software can do most of your work, to make it even easier, we’ve put together a short checklist you can use to examine and rank devices based on their security status. Also, while there are many things that a desktop and a mobile device share, a DPC procedure differs in some areas.
1. Check if the software is patched and if everything is up to date
An important part of DPC is making sure operating systems (OS) and applications are up to date with all patches installed. For example, if one of the workers logs in with their corporate credentials from a personal device running an unpatched operating system, this would create a system-wide vulnerability. While it may seem like a convenient way to solve a current problem, it’s likely to become a bigger problem for the company after a while.
2. Make sure your anti-malware software is running smoothly
To protect sensitive data and ensure that your company’s systems, applications, and data are properly protected, you must ensure that antimalware software on all devices is up to date, compliant, and active. Being a critical part of any security system, antimalware protects its users against malware, phishing, ransomware attacks, data leaks, drive-by downloads, and exploits that use zero-day vulnerabilities.
3. Make sure the device disk is encrypted
Disk encryption can protect your business from data theft or accidental data loss by rendering data stored on your hard drives unreadable every time an unauthorized user attempts to access your network. In short, it protects your data from hackers. Therefore, you want to make sure that the disks on the devices are encrypted and that essential directories are protected.
4. Check if there is a firewall configured on the device in question
Since firewalls act as barriers against external cyber attackers, it is critical that they work properly. Firewalls also prevent malicious software from entering devices or networks over the Internet and can be used to block data from certain locations, applications, or ports. That’s why it’s important to continually check for updates and make sure your firewalls are compliant and working properly.
5. Query with a SHA
When enabled, a System Health Agent (SHA) checks the status of system protection and updates on Windows-based systems and then sends a response. As a system health validator, it includes information that a Network Access Protection (NAP) policy server can use to verify if a client computer is in the required state of health, giving you important information about the device connection.
Why should you adopt DPC and the zero trust policy?
The zero-trust model is a security model that requires all users, whether inside or outside a company network, to be authenticated, authorized, and constantly verified by your security posture before they are allowed access. to company applications and data. The main concept behind this model asserts the “never trust, always verify” policy, which implies that no device should be trusted by default.
By performing a DPC on all connected devices, you’ll gain clearer visibility into your company’s critical resources and increase your security by blocking potentially insecure devices from connecting and allowing access only to those devices that meet your cybersecurity posture.
The only effective way to prevent security breaches is to do it before they happen, and DPC will come in handy in that.