What is Device Posture?
The real-time assessment of an endpoint's security health, including OS version, patch level, disk encryption, EDR status, and compliance state, used as an input to access control decisions.
Device posture checks are a critical pillar of Zero Trust access. Before granting access, the ZTNA policy engine queries the endpoint agent for posture attributes: is the OS version supported and patched, is disk encryption (BitLocker, FileVault) enabled, is the EDR agent running with current definitions, is the device managed by the corporate MDM, and is the local firewall active? These attributes are evaluated against posture policies that define minimum requirements for different access levels.
Posture checks can be binary (block access if disk encryption is disabled) or tiered (full access for compliant devices, restricted access via browser isolation for non-compliant devices, no access for unknown devices). Tiered policies are more practical because they accommodate BYOD and contractor scenarios without completely blocking access.
The important architectural detail is when and how often posture is evaluated. Initial-only posture checks at authentication time leave a gap: a device could become non-compliant during an active session. Continuous posture monitoring re-evaluates compliance at intervals during the session and can dynamically adjust access privileges. This is what vendors mean by 'continuous trust verification.' Verify whether your SASE platform checks posture once at login or continuously throughout the session.
A security model that eliminates implicit trust based on network location, requiring continuous verification of identity, device posture, and context for every access request.
An access model that grants users connectivity to specific applications, not networks, based on identity and device posture, verified continuously per session.
An endpoint security platform that continuously monitors endpoint activity, detects suspicious behavior, and provides investigation and response capabilities for threats that bypass preventive controls.
A technology that enforces security policies on devices attempting to connect to a network, controlling access based on device identity, health, and compliance status.
One email per publish. Unsubscribe anytime.