Device posture: The missing layer in access controls

Device posture is the real-time security and compliance status of an endpoint device, like a laptop, smartphone, or workstation. This plays a critical role in ensuring only trusted and compliant devices can access a business or enterprise organisation's networks and applications. 

Device posture helps assess whether a device complies with all company-established security policies, which means verifying things like:

• Operating system: Is the OS up to date and secure?

• Firewall settings: Is the firewall running and properly configured?

• Antivirus software: If required on a particular OS (such as Windows), is it installed, running, and updated?

• Disk encryption: Is sensitive data protected by full disk encryption?

By evaluating the security status of the devices that request access to resources, organisations can establish trust that those devices meet their specific security criteria. This is essential for protecting business data and reducing security risks.

Successful enforcement of device posture is achieved with the help of both real-time monitoring and access control. Real-time monitoring involves continuous monitoring of device attributes to ensure ongoing compliance, enabling quick responses to any changes in a device’s security status. Based on the device posture, organisations can also enforce access controls, allowing only compliant devices to connect to sensitive resources.

In this always-on and always-connected world, security has become tantamount to long-term success of an organisation's device posture. With live, real-time monitoring of endpoint health, any device that is attached to a network can be quickly evaluated to decide if access will be granted. 

Companies like Okta (identity security), Omnissa (workspace management), Zscaler, Palo Alto Networks, Cisco, CrowdStrike, Citrix, and NordLayer all focus on device posture. Meanwhile, the two main sectors that primarily depend on device posture are cybersecurity and healthcare.

According to Varonis, "Healthcare data breaches remain the most expensive, with an average cost of $7.42 million, a drop from $9.77 million the year before." And Retail Technology Review reported that 72% of breaches were caused by unsecured wireless devices.

With the help of device posturing, those insecure wireless devices would never have been granted access to an organisation's resources, thereby cutting down the number of breaches. 

In other words, device posture is all about keeping unwanted devices from gaining access to an organisation's resources. With the right systems (such as Cloudflare Zero Trust posture checks and Microsoft Intune), this process is not only made simpler but also can be automated, so endpoint device checks don't require human intervention.

The most common (and important) posture checks for device posture include:

• Patches and updates: Are devices requesting access updated with the most recent security patches?

• Anti-malware: Do those devices include antivirus and anti-malware tools? 

• Disk encryption: Is full disk encryption in use on devices that store or access sensitive information?

• Empty USB ports: Are there any external devices plugged into USB ports? 

• User authentication: Have users been properly authenticated before accessing the device in question?

• Vulnerable applications: Are there any vulnerable applications installed on the device?

• Anti-phishing: Does the device include anti-phishing tools?

• Memory utilisation: What is memory utilisation like on the machine? High utilisation can mean suspicious activity.

• Managed or unmanaged: Is the device managed, or is it BYOD (bring your own device)? 

• Biometric status: On devices that use biometric authentication, is it up to date and secure?

• EDR/AV status: Is an approved endpoint security agent running on the device, and is it up to date?

• MDM enrolment/managed state: Is the device enrolled, and does it adhere to current policies?

To learn more about SIEM monitoring and keeping an eye on device posture, see Monitoring Event Logs from Bitwarden.

By continuously assessing and monitoring device security, businesses and enterprise organisations can significantly enhance their overall security posture. When a device attempts to connect to a network, it undergoes an assessment to evaluate its security status. That check includes all of the attributes listed under core signals used in posture checks.

Devices are compared against specific device posture profiles created by the organisation. Those profiles can include the presence of security software, compliance with organisational policies, configuration settings and real-time monitoring.

If a device complies with the organisation's policies, it is granted access. If a device fails to meet the established security criteria, remediation actions are triggered, which can include notifying the user, restricting access, or guiding the user on how to make changes so the device is compliant.

Reports are then generated on device posture compliance, so an organisation can better understand its overall security landscape.

The policy engine defines and enforces security policies, whereas connectors ensure that those policies are applied across all systems and applications.

Some examples include:

• Rule management enables the creation and management of policies to dictate how a resource should be accessed and used.

• The policy engine ensures that all policies are enforced consistently across the organisation.

• Auditing provides the necessary tools for monitoring and auditing policy compliance.

• Some policy engines are capable of creating risk-based access policies that may require additional verification for certain sensitive actions.

Identity Provider/Tunnel integrations (IdP/Tunnel integrations) streamline the authentication process while ensuring secure access to resources. 

An identity provider is a specific service that manages user identities and provides authentication services. The key functions of identity providers include user authentication, Single Sign-On (SSO) and user management.

A tunnel integration refers to the secure connection established over the internet, most often with the added security provided by VPNs (Virtual Private Networks).

Some organisations choose to allow BYOD. BYOD stands for Bring Your Own Device and requires additional compensating controls such as limited scopes, virtual desktop infrastructure (VDI), or read-only access. This is especially necessary when full posture data isn't available. There are specific platforms available to help ensure that a user device meets device posture policies. These platforms keep enterprise data off personal devices, eliminate complex mobile device management (MDM) by using a scalable, agentless solution, and prevent data spillage.

Think of device posture as your security checkpoint. Before any device accesses company resources, endpoint protection confirms it's compliant with your requirements. Non-compliant devices are automatically blocked from your critical applications and resources.

For a pragmatic rollout sequence for device posture, consider the following checklist.

• Inventory and gap analysis: Map current devices against must-have checks

• Define a “healthy” device: Minimum OS, encryption, EDR, MDM‐enrolled

• Connect signals to policies: Wire posture sources to your IdP/proxy and write allow/step‑up/deny rules

• Pilot and monitor: Start with one app group; measure deny/allow and fix any false negatives

• Expand and tune: Gradually add stricter rules (e.g., block jailbroken/rooted)

Infotech offers a downloadable device posture checklist that makes this process a bit easier.

Bitwarden Password Manager protects identities and credentials, including support for passwordless authentication, all of which align with zero trust device strategies. With Bitwarden, business and enterprise organisations gain the following features:

• Log in with device allows passwordless access to reduce password exposure and obtain approvals from an existing trusted device. Learn more about how to log in with another device.

• New device verification adds friction only for unfamiliar devices. Learn how this can be achieved with new device login protection.

• Operational visibility using event logs and SIEM integrations to monitor access and policy outcomes.

• Access Intelligence helps admins identify at‑risk credentials and remediate them to reduce successful phishing attempts that bypass weak devices. Learn more in this Access Intelligence presentation.

While focusing on device posture, it is also important to remember that authentication plays a key role. To ensure all devices on a network are compliant, those using the devices should be encouraged (or required) to use a password manager. By avoiding the use of weak and repeated passwords, device posture is strengthened. 

To find out more about adopting Bitwarden as a means to improve your device posture, start with this blog on strategies for keeping smart devices secure; after which, explore all plans and prices and begin your journey towards improved device posture.