Banyan Security Test Drive - Enforce Zero Trust Policies

Overview

Traditionally, access control policies have relied on powerful but dense policy languages, but their complex schemas and heavyweight implementations caused headaches and undesired stress on security teams, developers, and beyond.

Banyan Security enforces Zero Trust policies for all types of applications in real-time. To accomplish this, Banyan has a flexible framework that incorporates both user and device attributes. The Device TrustScore takes into account on-device signals as well as signals from third-party security tools.

This scenario will illustrate the experience of continuous evaluation and enforcement for SaaS application access. As a MedSoft end user, you will only have access to Okta or Dropbox on devices with a high TrustScore.

Contents:

• Before You Begin
• Enforce Policies based on Device Posture
  • Change Device Posture
  • View Events in the Command Center
• How it Works
• Need Additional Assistance?

Before You Begin

For this Test Drive scenario, you will need:

• A valid set of credentials to MedSoft’s Identity Provider (Okta)
• A MacOS or Windows device registered with the Banyan Desktop App (v2.0 or higher)
• A minimum device TrustScore of 61 or higher
  • If your TrustScore is 60 or lower, review the in-app remediation instructions
  • Then, navigate to Settings and click Send Devices Features to update your TrustScore

Enforce Policies based on Device Posture

Change Device Posture

This scenario illustrates how Banyan Security enforces Zero Trust policies in real-time.

1. Launch the Banyan Desktop App from your device Menu Bar (macOS) or Taskbar (Windows), and then navigate to the Devices tab to see your device’s TrustScore — Banyan’s quantitative representation of device posture.

2. Navigate to the Services tab and then open the OktaSSO web service. Since your Trust Level is above the required threshold, you are able to access the Okta applications page.

3. To compromise your device posture, click Test Drive Settings and then toggle Lower My TrustScore to the right. Your TrustScore drops to 0, and as a result you can no longer access Okta SSO or Dropbox.

Please note, the Okta session initiated in step 2 is valid for one minute. If you drop your TrustScore to 0 and are still able to access Okta, please wait up to one minute and try again.

This is clearly a simulated scenario. In real life, an end user’s TrustScore drops generally because their device was not patched, their antivirus tool detected some malware, or other vulnerability was detected.

View Events in the Command Center

Now, review the access events in the Banyan Command Center.

4. Launch the Banyan App from your device Menu Bar (macOS) or Taskbar (Windows), and then navigate to the Services tab.

5. Open the OktaSSO web service, and then access the Banyan Command Center from the Okta app directory.

6. In the Banyan Command Center, navigate to the Monitor > Events, and check the events showing that access has been denied.

How It Works

Banyan has developed a simple, human-readable policy framework to implement Zero Trust access controls involving Roles (a collection of client Entities) and Policies (authorization rules that specify who can access resources exposed by a service).

Read more about Zero Trust policies in our product docs:

• Zero Trust Policies
• Device TrustScoring
• Remediation

Need a Bit of Assistance?

Watch the video demo of this Test Drive scenario below.

Ready to see more? Give another Test Drive scenario a spin!