Incorporating endpoints in a zero-trust security architecture

Senior Security Solutions Architect Anthony Owen, tells us the importance of incorporating your business's endpoints into a zero-trust security architecture and how to do it.

Zero-trust security architecture is a security model that assumes that every user, device, and network componentSecure Endpoint icon is potentially hostile.. Because of the possibility of a threat, every user, device, and network component must be authenticated, authorised, and verified before access is granted, to any resources or data. Endpoints are an important part of the zero-trust security architecture, and to ensure maximum security for your business, should form part of your security model.

>>Read more on adopting a zero-trust mindset

How to secure your endpoints

Minimum access 

The first step is to ensure that endpoints only have the minimum level of access needed to perform their intended functions. Implementing access controls in order to restrict access to sensitive resources and data is the best approach to reduce risk. This is achieved through the use of static and dynamic access control policies that define the level of access that each endpoint or device is granted.

Device verification

The next step is to verify the identity of the device connecting to the network. This can be done through device profiling. This involves gathering information about the device, such as its operating system, software, and hardware configuration. This information is then used to determine whether the device is authorised to access the network and the level of access it should be granted, reducing the possible route cyber attackers might try to enter your network.

Device authentication

Once the device is verified, it must be authenticated before access is granted. This authentication is oftenCAE icons_Secure cloud completed through certificate based authentication,. A trusted certificate is installed on the organisations devices, and then only devices with this certificate are allowed to authenticate.


Posturing is the process of checking the security posture of the device before allowing access to the network. This involves checking the device for any vulnerabilities or security issues that could compromise the network's security. These vulnerabilities could include out dated anti-virus, operating systems, or the device firewall being disabled. If any issues are found, the device is either denied access or required to remediate the issues before access is granted.


Finally, endpoints and devices must be segmented to ensure that they only have access to the resources and data that they need to perform their intended functions. This is achieved through the use of network segmentation. Segmenting the network involves dividing the network into smaller segments and controlling the traffic between them with the use of downloadable access control lists. This limits the scope of any potential security breaches and mitigates threats by ensuring that endpoints and devices only have access to the resources they need.

Incorporating endpoints and devices into a zero-trust security architecture involves implementing access controls, device verification, device authentication, posturing, and segmentation. These measures ensure that only authorised devices can access the network, and that they have the minimum level of access required to perform their intended functions, while also limiting the scope of any potential security breaches.

Start your free trial today

Replace your legacy anti-virus completely with the Cisco Secure Endpoint. Protect your business's endpoints with this cloud-delivered endpoint protection. Stop threats in their tracks and block malware by rapidly detecting and removing threats that evade first-line defences.

Start your Secure Endpoint trial