Device Posture

Security & Compliance intermediate

Device posture is the security state of an endpoint — patch level, disk encryption, EDR status — that access systems evaluate before allowing a connection.

Summary

Device posture is the security state of an endpoint at the moment it tries to connect — patch level, OS version, disk encryption, EDR/MDM enrolment, screen-lock policy. Access systems evaluate this state before allowing a connection.

What is Device Posture?

A posture check turns "is this device safe enough" into an enforceable input for access decisions. A small agent on the device — or an integration with an existing MDM/EDR — collects signals: which operating system version is running, whether the disk is encrypted, whether the endpoint protection is active and reporting, whether the device is enrolled in MDM, and so on. The access broker compares these signals against a policy and only allows the connection if the device clears the bar.

In a Zero Trust architecture, posture is the second pillar next to identity. A correct user with a healthy device gets access; the same user from an unmanaged personal laptop is blocked or steered into a lower-trust path. Mesh VPNs such as NetBird expose posture rules in the same policy editor as identity-based ACLs — "developers may reach the production tag only from MDM-enrolled, encrypted machines."

Posture is dynamic. A device that was healthy yesterday can lose compliance overnight (missed patch, disabled EDR). Good implementations re-evaluate posture continuously or at every session and feed posture changes into the SIEM for detection.

Why is Device Posture relevant?

  • Stops "identity-only" attacks: A stolen password cannot bypass posture on an unmanaged device
  • Compliance: NIS2, DORA, and ISO 27001 expect access decisions to consider device state
  • Dynamic security: Continuous re-evaluation captures drift after the initial login
  • Zero Trust pillar: Identity plus posture is the modern baseline for access control
  • Zero Trust: Architecture in which posture is a primary access input alongside identity
  • Mesh VPN: Connectivity systems that consult posture before opening peer tunnels
  • Identity Provider: Often the integration point that surfaces posture into policies
  • SIEM: Consumes posture changes as detection signals

Similar Solutions

For Security & SOC Teams

Security teams don’t protect organizations because they issue reports. They protect organizations because vulnerabilities are managed continuously. We work with security and SOC teams to strengthen processes, proactively address risks, and align with compliance requirements. We focus on actionable practices, not theory.

Discover more

NIS2 & ISO 27001 preparations

Compliance requires skills, not certificates. Our trainings can help you achieve exactly that. So you’re never "chicken" again when audits, incidents, or regulators come knocking.

Discover more

Related Terms

Zero Trust

Zero Trust is a security model that grants access based on continuously verified identity and policy, never on network location or perimeter.

Discover more

Mesh VPN

A mesh VPN is a VPN topology where every authorised client builds direct, encrypted peer-to-peer connections to every other client, with only identity and policy managed centrally.

Discover more

Identity Provider (IdP)

An identity provider (IdP) is the trusted service that authenticates users and issues tokens or assertions that applications use to grant access.

Discover more

SIEM (Security Information and Event Management)

A SIEM platform ingests security events from across an environment, correlates them, and alerts on patterns that indicate attacks, policy violations, or operational issues.

Discover more

We are here for you

You are interested in our courses or you simply have a question that needs answering? You can contact us at anytime! We will do our best to answer all your questions.

Contact us