Configure device risk assessments
Provides information on how to define risk tiers and risk tags using device signals and signals from integrations.
One of the first Device Posture tasks to perform is to establish the criteria that determine the risk of each end user device. You can define these criteria by configuring risk tiers and risk tags. Risk tiers and tags can then be added to the application access control rules (ACLs).
Risk tiersDevice Posture uses defined criteria to assign devices to one of three risk tiers:
- High risk.
Any device that is reporting signals to the EAA back end (for example, a device with properly operating EAA Client) is assigned to one and only one risk tier. Devices which are not reporting signals to the back end systems are considered to be unmanaged. Unmanaged devices do not appear in device inventory reports.
You define the criteria that Device Posture uses to assign a device to the low or medium tiers. All devices not satisfying the criteria for these tiers belong to the high tier.
- Low tier default criteria
- Windows and macOS:
- Anti-malware profile is Any Vendor
- Firewall status is good
- OS version is latest or latest+
- Medium tier default criteria
- Windows and macOS:
- OS version is latest, latest+, up-to-date, or up-to-date+
The assignment of a device to a risk tier is not static. It is subject to change at any time based on tier or tag definitions and on the periodic retrieval of signals from each device.
You can optionally create risk tags to classify and group devices. The criteria used are the same as those used for risk tiers. While a device can only be in one risk tier at a time, a device may be in one or more risk tags.
You can use risk tags alone or in combination with risk tiers as criteria in the application access control rules. Tags are also a convenient way for administrators to track device characteristics in the device inventory.
You can enter the required versions of operating systems, browsers, and EAA clients. These specifications are in turn used as criteria in risk tier and tag classification.
See Define versions.
With this capability, you can configure anti-malware profiles that check for the presence of installed anti-malware software on a device. In the configuration settings, you have to specify the desktop OS platform and the anti-malware vendor. This enables Device Posture to check collected signals against profile’s parameters and evaluate the security posture of your devices.
See Configure an anti-malware profile to learn how the active status corresponding to macOS and Windows OS is defined.
With certificate profiles you can make more informed access decisions and exercise wider control over devices. Certificate profiles allow you to verify various aspects of device certificates found on a device. You may configure a certificate profile to identify devices which possess certificates that are signed by a Certificate Authority (CA) that you provide along with verifying other parameters. After you define certificate profiles, you may configure them as criteria in risk tiers and tags.
See Configure a certificate profile to learn more.
You can integrate signals collected from Akamai Enterprise Threat Protector (ETP), CrowdStrike, and VMware Carbon Black, and use them as criteria in risk tiers and tags.
After you have configured integrations, the new signals may be used as criteria when defining risk tiers and tags. The new signals will also be visible as part of device details and in inventory reports.