The iboss Zero Trust Security Service Edge includes an extensive set of device posture checks that ensure an asset is healthy and compliant before interacting with sensitive data and applications.
Some of the asset posture checks include:
- Ensuring anti-malware is enabled
- Ensuring firewall is enabled
- Installing critical OS patches
- Ensuring the disk is encrypted
- Installing optional OS patches
- Allowing access only to specific operating systems
- Checking for installed client certificates
- Checking for specific files on the system
- Checking for specific registry keys on the system
The adaptive access Trust Algorithm allows actions to be taken should any of the checks fail. For example, some common actions that can be taken when a device posture check is not met include:
- Automatically failing, which will cut access to the sensitive resource
- Isolating the session to provide separation between the user and the resource using Browser Isolation, a modern VDI replacement that is more secure and intelligent as it provides the separation that legacy VDI provides. It also includes in-app security controls and logging visibility for all interactions within the isolated session.
Adaptive access policies are intelligent and continuous, as they apply to each request between a user and a resource to ensure that risk is greatly reduced whenever a noncompliant or risky situation occurs. It also allows devices to be cut off from resources immediately when they become noncompliant versus waiting for their current session to expire – which is typically the case when conditional access is only applied at the time of login.
as defined by
NIST 800-207 Zero Trust Architecture
The NIST SP 800-207 Zero Trust Architecture defines a framework for adaptive access trust algorithms which includes receiving a series of signals from various sources, running them through a trust algorithm within the Zero Trust service, and making a final decision of whether to authorize access or deny access to a protected resource. This is an important design concept as the signals that are analyzed include user signals, such as how the user is authenticated, device signals, such as whether the device is infected, and others that are available at the time access is needed to a resource. The trust algorithm ingests all signal types in a unified method and uses them to make a final determination for access. The iboss Zero Trust Security Service Edge follows this design pattern by combining the various signals and analyzing them via the configurable trust algorithm to take actions. Actions include denying access to a resource – for example, when a device is infected, isolating access to a resource, increasing the trust score or decreasing the trust score for the transaction.
This is unlike competitors such as Zscaler which lack a unified signal trust algorithm and instead treat signals such as “asset posture checks” as independent criteria. To make matters worse, with Zscaler, there are multiple admin interfaces to manage settings not only for ZIA and ZPA, but also a separate console for managing asset posture checks. With the iboss Zero Trust Security Service Edge there is a single, global unified policy engine which includes the trust algorithms for adaptive access that can be applied to all users, devices and resources regardless of where they are located.
With the adaptive access trust algorithms available in the iboss Zero Trust Security Service Edge, signals coming from external sources can feed into the algorithm, which takes automatic action including cutting access to resources from infected devices. The iboss Zero Trust Security Service Edge is natively integrated with CrowdStrike and can take the large number of signals from the CrowdStrike endpoint agent, including its determination if a device is infected or compromised, and feed them into the iboss adaptive access trust algorithm for automatic and immediate action. For example, if CrowdStrike signals that a device is infected or compromised, iboss can automatically terminate access to sensitive resources. The iboss Zero Trust Security Service Edge is capable of ingesting a large number of signals from CrowdStrike for additional device posture checks and leveraging them within the iboss trust algorithm. The iboss Zero Trust Security Service Edge provides a platform to unify normally disparate cybersecurity technology into a cohesive cybersecurity approach.