About endpoint identity
One of the major tenets of the zero Trust paradigm is to deny access, using identity to authenticate and authorize all access. Endpoint identity plays a critical role in this process, allowing you to uniquely identify an endpoint to create policies to allow or deny access to or from it.
Endpoint identity factors
CoIP Platform creates a comprehensive hardware and software fingerprint that can be used to uniquely identify an endpoint. These factors include:
MAC address
Interfaces
OS
Private and apparent public IP addresses
IP geolocation (country-level)
Cloud service provider, region, and instance ID (if applicable)
Endpoint identity checks are configured at the Application level in Advanced Mode. From Advanced Mode > Project Management > Security Profiles, select the target Application Profile and click on the Application (Server Group) to bring up the Trust Factor Settings.
From this menu, you can choose to reject endpoint registration based on IP geolocation (country level), cloud service provider/region, or whether the trust factors (hostname, number of interfaces, etc) match the values pinned at the last prior successful registration.
Handling endpoint identity check failure
If an endpoint fails identity checks, you can choose to either allow the registration and generate an alert or quarantine the endpoint. Quarantining the endpoint isolates the server, but maintains the zLink control channel to assist with remediation and recovery.
Comments
0 comments
Please sign in to leave a comment.