About Device Posture
Device Posture helps you to protect your applications and reduce security risks. It lets you establish trust in devices that comply with security policies and deny access to devices that don't meet security criteria. In the Enterprise Center you can add device posture capabilities like tiers, tags, versions, and certificate profiles. You can also integrate with external signals after enabling device posture in the identity provider and configuring a client-access application.
Use the EAA Device Posture features on both computer and mobile devices. EAA Device Posture is a key feature of the Enterprise Application Access (EAA) for user access to enterprise applications, and a valuable component of the Akamai Zero Trust model. Device Posture is not aimed at identifying determined bad actors or devices. Instead, Device Posture complements and enhances existing EAA authentication, authorization, access control rules, and reporting capabilities, providing additional context about the device posture and a device risk assessment to better inform application access policy. Since applications vary in level of sensitivity and value, such access policy in EAA is evaluated on an individual application basis.
On a regular basis, Device Posture captures signal data from devices in the environment. Using this information, you can analyze, understand, and improve overall application security by augmenting existing application access control list (ACL) with rules that account for the device posture and associated risk. Device Posture helps to ensure that the devices accessing applications satisfy the necessary security requirements.
Monitor device properties with Device Posture to be able to apply adaptive application security controls based on the assessed risk and posture of the devices accessing these applications. Device Posture does not improve the security of a device; it does, however, use the collected information to help administrators improve the security of applications.
With Device Posture you can:
- Capture device signals. Device Posture collects security-related device data, such as OS and browser version, disk encryption and antivirus status. With this data you can define and enforce application access control policies.
The table below contains signals and information collected from desktop and mobile devices and reported to the back end systems.
| Desktop devices | Mobile devices |
|---|---|
| Anti-malware characteristics Certificate characteristics Device name and ID Device local user and IdP username Device signal last update time Disk encryption status EAA Client version and status EAA Client status Installed web browser(s) and versions OS version Signal update time System firewall status Additional signals collected from third-party integrations (respective product licenses are required) | Biometrics status Device name and ID EAA Client version IdP username Jailbreak status OS and version Screen lock status Signal last update time |
-
Assess device risk. You can create a device risk assessment profile based on signals collected from each device. This data allows you to evaluate the device risk status and build a risk database for analysis. See Configure device risk assessments.
-
Control devices that access enterprise applications. You can create policies that classify devices into low, medium, high-risk tiers and set rules to include a selected set of devices into a specific tag. With tiers and tags you can apply access control rules (ACLs) customized per application. See Control access to applications.
-
Collect additional signals with CrowdStrike, ETP, and VMware Carbon Black integrations. Akamai Enterprise Threat Protector (ETP) provides you with a list of compromised devices on an hourly basis. CrowdStrike Falcon sensor collects additional data that you can apply to the EAA application access control rules. VMware Carbon Black Predictive Security Cloud also collects additional data that you can apply to EAA application access control rules. Those integrations improve endpoint security and help you to protect your organization against cyberattacks. See Integrate with ETP, Integrate with CrowdStrike, and Integrate with VMware Carbon Black.
-
Monitor and analyze the posture of devices. The Device Posture dashboard provides you with an overview of devices health. As an administrator you can also filter device inventory and history data, prepare reports and troubleshoot issues. See Device Posture dashboard and Device Posture reports.
-
Receive remediation and notification messages. When a device is denied access to an application because of device posture, the end user receives a notification explaining the reason why this device was blocked. Remediation messages provide end users with a corrective action to take, which lets them resolve device issues and reduces calls to the help desk. See Check device posture remediations, signals and update Client.
Access the EAA Device Posture from Akamai Control Center
-
Log in to Akamai Control Center.
-
Go to ☰ > ENTERPRISE SECURITY > Enterprise Center.
-
You can find Device Posture capabilities in the following areas of the Enterprise Center navigation menu:
-
Click Dashboard > Device Posture to see the summary of security posture of your corporate devices. The Device Posture dashboard is interactive and lets you redirect to filtered reports.
-
Click Application Access > Reports and choose between device history, device inventory and device saved reports. In this section, you can create and review your reports.
-
Click Application Access > Device Posture to configure your Device Posture configurations.
-
Updated over 2 years ago