Device posture: The missing layer in access controls

Device posture is the real-time security and compliance status of an endpoint device, like a laptop, smartphone, or workstation. This plays a critical role in ensuring only trusted and compliant devices can access an organization's networks and applications. 

Device posture helps assess whether a device complies with all company-established security policies, which means verifying things like:

• Operating system: Is the OS up to date and secure?

• Firewall settings: Is the firewall running and properly configured?

• Antivirus software: If required on a particular OS (such as Windows), is it installed, running, and updated?

• Disk encryption: Is sensitive data protected by full disk encryption?

By evaluating the security status of the devices that request access to resources, organizations can establish trust that those devices meet their specific security criteria. This is essential for protecting business data and reducing security risks.

Successful enforcement of device posture is achieved with the help of both real-time monitoring and access control. Real-time monitoring involves continuous monitoring of device attributes to ensure ongoing compliance, enabling quick responses to any changes in a device’s security status. Based on the device posture, organizations can also enforce access controls, allowing only compliant devices to connect to sensitive resources.

In this always-on and always-connected world, security has become tantamount to long-term success of an organization's device posture. With live, real-time monitoring of endpoint health, any device that is attached to a network can be quickly evaluated to decide if access will be granted. 

Companies like Okta (identity security), Omnissa (workspace management), Zscaler, Palo Alto Networks, Cisco, CrowdStrike, Citrix, and NordLayer all focus on device posture. Meanwhile, the two main sectors that primarily depend on device posture are cybersecurity and healthcare.

According to Varonis, "Healthcare data breaches remain the most expensive, with an average cost of $7.42 million, a drop from $9.77 million the year before." And Retail Technology Review reported that 72% of breaches were caused by unsecured wireless devices.

With the help of device posturing, those insecure wireless devices would never have been granted access to an organization's resources, thereby cutting down the number of breaches. 

In other words, device posture is all about keeping unwanted devices from gaining access to an organization's resources. With the right systems (such as Cloudflare Zero Trust posture checks and Microsoft Intune), this process is not only made simpler but also can be automated, so endpoint device checks don't require human intervention.

The most common (and important) posture checks for device posture include:

• Patches and updates: Are devices requesting access updated with the most recent security patches?

• Anti-malware: Do those devices include antivirus and anti-malware tools? 

• Disk encryption: Is full disk encryption in use on devices that store or access sensitive information?

• Empty USB ports: Are there any external devices plugged into USB ports? 

• User authentication: Have users been properly authenticated before accessing the device in question?

• Vulnerable applications: Are there any vulnerable applications installed on the device?

• Anti-phishing: Does the device include anti-phishing tools?

• Memory utilization: What is memory utilization like on the machine? High utilization can mean suspicious activity.

• Managed or unmanaged: Is the device managed, or is it BYOD (bring your own device)? 

• Biometric status: On devices that use biometric authentication, is it updated and secure?

• EDR/AV status: Is an approved endpoint security agent running on the device, and is it up to date?

• MDM enrollment/managed state: Is the device enrolled, and does it adhere to current policies?

To learn more about SIEM monitoring and keeping an eye on  device posture, check out Monitoring Event Logs from Bitwarden.

By continuously assessing and monitoring device security, organizations can significantly enhance their overall security posture. When a device attempts to connect to a network, it undergoes an assessment to evaluate its security status. That check includes all of the attributes listed under core signals used in posture checks.

Devices are compared against specific device posture profiles created by the organization. Those profiles can include security software presence, compliance with organizational policies, configuration settings, and real-time monitoring.

If a device is in compliance with the organization's policies, it is granted access. If a device fails to meet the established security criteria, remediation actions are triggered, which can include notifying the user, restricting access, or guiding the user on how to make changes so the device is in compliance.

Reports are then generated on device posture compliance, so an organization can better understand its overall security landscape.

The policy engine defines and enforces security policies, whereas connectors ensure that those policies are applied across all systems and applications.

Some examples include:

• Rule management enables the creation and management of policies to dictate how a resource should be accessed and used.

• The policy engine ensures that all policies are enforced consistently across the organization.

• Auditing provides the necessary tools for monitoring and auditing policy compliance.

• Some policy engines are capable of creating risk-based access policies that may require additional verification for certain sensitive actions.

Identity Provider/Tunnel integrations (IdP/Tunnel integrations) streamline the authentication process while ensuring secure access to resources. 

An identity provider is a particular service that manages user identities and provides authentication services. The key functions of identity providers include user authentication, Single Sign-On (SSO), and user management.

A tunnel integration refers to the secure connection established over the internet, most often with the added security offered with VPNs (Virtual Private Networks).

Some organizations choose to allow BYOD. BYOD stands for Bring Your Own Device and requires additional compensation controls such as limited scopes, virtual desktop infrastructure (VDI), or read-only access. This is especially necessary when full postures aren't available. There are specific platforms available to help ensure that a user device meets device posture policies. These platforms keep enterprise data off personal devices, eliminate complex mobile device management (MDM) by using a scalable, agentless solution, and prevent data spillage.

Think of device posture as your security checkpoint. Before any device accesses company resources, endpoint protection confirms it's compliant with your requirements. Non-compliant devices get automatically blocked from your critical applications and resources.

For a pragmatic rollout sequence for device posture, consider the following checklist.

• Inventory and gap analysis: Map current devices vs. must‑have checks

• Define a “healthy” device: Minimum OS, encryption, EDR, MDM‐enrolled

• Connect signals to policies: Wire posture sources to your IdP/proxy and write allow/step‑up/deny rules

• Pilot and monitor: Start with one app group; measure deny/allow and fix any false negatives

• Expand and tune: Gradually add stricter rules (e.g., block jailbroken/rooted)

Infotech offers a downloadable device posture checklist that makes this process a bit easier.

Bitwarden Password Manager protects identities and credentials, including support for passwordless authentication, all of which align with zero trust device strategies. With Bitwarden, organizations gain the following features:

• Log in with device allows passwordless access to reduce password exposure and gain approvals that come from an existing trusted device. Learn more about how to log in with another device.

• New device verification adds friction only for unfamiliar devices. Learn how this can be achieved with new device login protection.

• Operational visibility by using event logs and SIEM integrations to monitor access and policy outcomes.

• Access Intelligence helps admins identify at‑risk credentials and remediate them to reduce successful phishing attempts that bypass weak devices. Learn more in this Access intelligence presentation.

While focusing on device posture, it is also important to remember that authentication plays a key role. To ensure all devices on a network are in compliance, those using the devices should be encouraged (or required) to use a password manager. By avoiding the use of weak and repeated passwords, device posture is strengthened. 

To find out more about adopting Bitwarden as a means to improve device posture, start with this blog on strategies for keeping smart devices secure; after which, explore all plans and prices and begin your journey toward improved device posture.