Device TrustScoring

  • Updated on Jan 26, 2022

The Banyan platform today applies TrustScoring to devices. We’re actively working to extend the framework to users and services as well.

TrustScore Factors

For device TrustScores, Banyan analyzes raw information about a device (such as its features and settings) and converts this information into ‘TrustScore Factors’ that can be processed by machine-learning algorithms. TrustScore Factors typically involve security measures (such as firewall, disk encryption, screen lock, etc.), preferred applications (such as corporate-managed or productivity-related applications), general performance (minimum allowed OS version), and more.

All of these factors are then processed and applied to compute the device’s TrustScore. For more information on configuring TrustScore Factors, please refer to manage TrustScoring.

External Factors

External factors allow you to seamlessly incorporate external factors (such as third-party EDR or other security monitoring tools) to help determine a device’s TrustScore in real-time. For example:

  • If a Workspace ONE UEM-managed (or other MDM-managed) device is not in compliance with the MDM policy, then the Banyan TrustScore automatically drops to 0, and the device cannot access any Banyan-protected resources.
  • If Carbon Black (or other malicious activity platform) detects malware, then the Banyan TrustScore can drop to 50, and the device cannot access highly sensitive Banyan-protected resources.

For more information on configuring external factors, please refer to manage TrustScoring.

Trust Levels

Once a Device TrustScore is computed, it gets converted to a Trust Level that can be used in Zero Trust Policies, as follows:

TrustScore Range Trust Level
0 AlwaysDeny
1 - 60 Low
61 - 80 Medium
81 - 100 High
101 AlwaysAllow

An organization’s admin writes policies in terms of Trust Levels (and roles) needed to access a service. If a device adheres to an organization’s trust policies, then it may continue accessing Banyan-secured resources. If a device does not meet enough factors (sufficient to meet the Trust Level threshold), then it cannot access Banyan-secured resources.