Are you still relying on device cert checks at user laptops for conditional access? If not, what are the alternative controls you recommend?

492 views3 Comments

CISO in Insurance (except health), 5,001 - 10,000 employees
The device certificate is definitely still checked however, using advanced conditional access from toolsets like Okta, Intune and Zscaler are used to ensure high fidelity controls over access to assets. Contextual decisions can include the following with these types of toolsets. 
- Device
- User
- Location 
- Application 
When contextual information raises any red flag's further identity proofing can be engaged to ensure access to assets is appropriate. 
CTO in Software, 11 - 50 employees
We use Microsoft Intune.
CTO in Software, 2 - 10 employees
MFA and Zero trust architecture e.g Okta

Content you might like

Patch management: to reduce attack surface and avoid system misconfigurations39%

Malware and ransomware prevention: to protect endpoints from social engineering attacks58%

Malware and fileless malware detection and response: to protect against malicious software49%

Threat Hunting: to detect unknown threats that are acting or dormant in your environment and have bypassed the security controls32%

Not planning to change endpoint security strategy10%



Insider threats – rogue admins19%

Encrypting my data51%

Deleting my backup copies11%

Resident malware8%

Data theft – data exfiltration11%



1.6k views1 Comment

CTO in Software, 201 - 500 employees
Without a doubt - Technical Debt! It's a ball and chain that creates an ever increasing drag on any organization, stifles innovation, and prevents transformation.
Read More Comments
41k views131 Upvotes319 Comments