Trust Integrations

  • Updated on May 21, 2024
  • 15 minutes to read
  • Contributors

Overview

NIST defines trust as a “capability [to ensure] that untrustworthy persons are prevented from being trusted with network access (to prevent insider attacks).” Cloud Secure Edge (CSE) has embedded this concept into users’ devices (i.e., “device trust”), leveraging third-party software integrations to inform users about their device Trust Level. CSE’s Trust Integrations (located in the Cloud Command Center) provides the framework for integrating partners to inform users about Trust Factors, which admins can use to evaluate a device’s Trust Level.

Prerequisites

  • Certain vendors may require a specific version of the CSE app; For more specific information, check your vendor’s page.

Detailed Integration Information

Our Trust Integrations are built with a service-to-service relationship (as opposed to a client-to-service relationship): CSE obtains the vendor’s identifier from the device and then reaches out to the vendor from the Command Center, calculating the factor after the response has been provided by the vendor. CSE does not attempt to collect the vendor’s identifier on a device until a Trust Factor has been applied to the target device.

Factors are collected by two methods: a batch sync and a sending of device details. The batch sync collects bulk updates on all the devices associated with the factors of an integration. Each time a device reports its device details, CSE obtains the factor details.

Batch Sync

The batch sync runs on a 20 min cycle; the start time is defined as when the tenant is created. A batch sync only attempts to sync the vendor IDs that have been reported by devices. As a result, devices must send in their device details with the vendor ID before they are included in the batch sync.

The batch sync takes the vendor identities and attempts to gather all factors enabled for the identities. During a batch sync, CSE communicates which devices are targeted in the sync process, how many devices are successfully synced, how many are partially synced, and how many were unable to sync, indicated by an error message. A partial sync is the result of a device having two or more factors enabled, where one factor was successfully collected and the other was not.

Example: I have factor A and Factor B enabled for Device 1 and Device 2. For device 3, I only have factor A enabled. For device 4, I only have factor B enabled. Shown in table format here:

  Factor A Factor B
Device 1 Enabled Enabled
Device 2 Enabled Enabled
Device 3 Enabled Disabled
Device 4 Disabled Enabled

If a batch sync is performed and CSE fails to obtain factor B for device 2 and device 4, then CSE would get a report with the following information:

  • Records Targeted: 4
  • Completed Sync: 2 (Device 1 and Device 3)
  • Partial Sync: 1 (Device 2)
  • Failed: 1 (Device 4)

CSE only holds data for the last sync that occurred. This can be obtained in the Sync Log of the Trust Integration detail view.

Sending Device Details

When a device sends its device details to the Command Center for evaluation, it will include the identifier in the information sent via device details– if an integration factor is enabled for that device. The Command Center will evaluate the factors from the integration independently of the batch sync process.

More details on each sync can be found by completing the following steps:

(1) On the Trust Integration page, select the name of the integration requested to obtain sync log information from.

(2) On the Integration Details page, select the header Sync Log.

(3) Select the document icon to download the latest sync log in CSV format.

Integration Table

The Trust Integrations table shows all integrations configured within the Command Center. The table has five columns, described below:

Status:

Status refers to syncing records from the integration. The status has four values: Active, Inactive, Pending, and Error.

Status = Active [Integration Established & Factor is Enabled & Sync Record Value = Active] OR [Integration Established & Factor is Enabled & Sync Record Value = None & Device Details = Successful]
Status = Inactive Integration Established & No Factor is Enabled
Status = Pending [Integration Established & Factor is Enabled & Sync Record Value = None] OR [Integration Established & Factor is Enabled & Sync Record Value = Inactive]
Status = Error Integration Established & Factor is Enabled & Sync Record Value = Error

Integration Establishment: The integration has been successfully added to the Command Center.

Factor Enabled: A factor derived from the integration has been turned on from the device scoring page in the Command Center.

Device Details: Information from the device that contains the identifier for the integration.

  • Successful = factor values were obtained from the device details information
  • Unsuccessful = factor values were not obtained from the device details information

Sync Record Value: Obtained from batch syncing device records with the established integration.

  • None = no sync has occurred yet
  • Inactive = the last batch sync sent no devices identifiers to sync
  • Active = the last batch sync was successful for all devices
  • Error = the last batch sync had at least one record identified as error
Name:
  • This is the common name used for the integration. This name is used as the value of Source when looking at the device details page in the Command Center, the device scoring page in the Command Center, or the devices menu on the app.
Integration Type:
  • This is a category to help identify which types of integrations an admin has set in the Command Center. Integration types are purely informational and are not used elsewhere in the Command Center.
Trust Factors Enabled:
  • Each integration can have multiple factors available to use when evaluating device trust. This view helps users understand how many factors are enabled per integration. The first number is the total number of enabled factors for this integration, and the second is the total number of factors available to enable from this integration.
Last Batch Sync:
  • This is the date time, representing the last time there was an attempted batch sync for this integration.

Operations for Integrations

  • Each integration follows our standard model for CRUD operations:

  • To add an integration, navigate to Trust Integrations and select Add Integration. When adding an integration, it is required that you achieve a successful test connection with the integration prior to adding it to the system.

  • To modify/update an integration, select the name of the integration, then select the pencil icon (in the top right corner) to update the integration or the factor settings associated with the integration. When modifying/updating an integration, it is required that you achieve a successful test connection with the integration prior to saving it to the system.

  • To delete an integration, select the name of the integration, then select the garbage bin icon (in the top right corner) to delete the integration.

Common Questions

Q: If the identifier is not obtained or not recognized by the integration, what happens?

A: If an admin turns on a factor from an integration and we are unable to obtain that factor based on the information provided by the device, CSE treats this as a failure and marks the factor on the device as not met.

Q: How is a device’s Trust Level impacted when it does not successfully meet the factor from an integration?

A: CSE treats factors from trust integrations as required factors, so we mark the device’s Trust Level as Always Deny if they do not meet the criteria.

Q: How does an admin reduce the bulk sync time for an integration?

A: CSE does not allow lowering the batch sync interval by default. If this is required by your organization, please reach out to your CSE support team.

Q: How is the first batch sync scheduled?

A: We document the time at which each environment is created. We use that time as the first time of the batch sync process. This cannot be changed.

Q: How often are factors from integrations evaluated?

A: In every batch sync, factors from each integration are evaluated. Additionally, every time a device sends its device details, the factors from integrations are evaluated.

Q: How do I obtain the sync data?

A: By selecting the name of the integration then selecting sync log header in the integration details page, you will find a document icon on the top right corner which, if selected, will download the latest sync log information.

Q: Why can’t I add an integration if I don’t successfully pass a test connection?

A: Integrations are not useful if we cannot reach the service from which the integration is built upon.

Q: How do I test a connection to an integration?

A: By editing the integration you are able to use the test connection button on the bottom of the page.