Trust Scoring

SonicWall Cloud Secure Edge (CSE) calculates Trust Levels for all devices in your fleet for use in access policies

  • Updated on May 31, 2024

Overview

Trust Scoring helps admins understand the health of devices in their organization. The Trust Scoring process aggregates device signals (derived from the Cloud Secure Edge (previously Banyan) or one of our integration partners) and evaluates these signals against admin-defined criteria. Based on the result of these evaluated signals, the device is assigned a Trust Level. Trust Levels are used within CSE policies to determine the minimum required Trust Level for access to CSE-protected services.

Trust Scoring Calculation

The Trust Scoring calculation takes into account all Trust Factors applied to a device and the Trust Effect assigned to each of these Trust Factors. The result of this aggregated information is a single Trust Level, which describes the device’s overall security posture.

Trust Levels

A device’s Trust Level can be used as input to zero-trust Policies. An organization’s admin configures Policies in terms of Trust Levels (and Roles) needed to access a service. If a device meets an organization’s Policy requirements, then it may continue accessing CSE-secured resources. If a device does not satisfy key enabled Trust Factors (sufficient to meet the Trust Level threshold), then it cannot access CSE-secured resources.

A device can have four different Trust Levels:

Always Deny: This is the lowest level of trust, representing devices that should not be trusted.

Low: This is the second lowest level of trust, representing devices that only have access to basic support tools and general intranet home pages.

Medium: This is the second highest level of trust, representing devices that admins can cautiously provide access to select protected resources.

High: This is the highest level of trust, representing devices that are not compromised.

Trust Level Statuses

Trust Level statuses can be viewed in the Command Center: navigate from Directory & Infrastructure > Devices to see a list of devices’ Trust Level statuses. For a more detailed view of the Trust Level status, select the status of a particular device. These statuses indicate the security posture or state of devices in your org, and they are as follows:

Reporting: This status indicates that the app is running and reporting a Trust Level on the device.

Expired: This status indicates that the device has not reported a Trust Level within the configured period of time. A Threshold for Stale Trust Levels can be set to enforce a Trust Level expiry timeframe (e.g., 24 hours).

Pending: This status indicates that a device has been registered recently and not yet reported a Trust Level. It can also indicate that the device at hand has been banned.

Overridden: This status indicates that the Trust Level for the device has been overridden via API.

Trust Factors

A Trust Factor is an attribute (visible to end users on their devices) that is evaluated against admin-defined criteria, used as input in the device Trust Scoring calculation. There are two types of Trust Factors: CSE-sourced factors and externally sourced factors. CSE-sourced factors are available when the app is deployed onto a device; Externally sourced factors, on the other hand, require a Trust Integration to be configured.

Trust Effect

The Trust Effect is the impact of a Trust Factor on a device’s Trust Level when the evaluated device does not satisfy the Trust Factor requirements. The impact of each Trust Factor is determined by the admin.

Sections