Digital workspaces can only be secure with the complete set of contextual information
With users working from any device and any location, a secure workspace is only possible by bringing together and keeping up-to-date all the contextual information
With our Active Directory integration, we can get all the properties you require to describe your users – Names, Groups, Descriptions – any field, any information – and add them to your context.
deviceTRUST makes it possible to define the compliance state of the device using various properties. These include, for example, the status of the antivirus and firewall security programs used, as well as the update status of the operating system.
Information about the user’s device is key to our approach. deviceTRUST can evaluate up to 400 different properties from your devices. Whatever information you need to know about your users and devices, we are sure we can provide.
deviceTRUST gives deep insight into the device’s network connection. A device might have to be treated differently depending upon whether it is connected to your internal or an external, untrusted network, or even on its Wi-Fi state.
With deviceTRUST the location of the user’s device can be determined. This starts with the country of origin and can, if required, go as far as the street and house number.
deviceTRUST provides a multi-functional scripting engine. Use PowerShell, VBScript or Batch scripts to get data from sources such as text files or databases.
Secure digital workspaces require real-time control with a rich set of actions
A powerful set of real-time actions ensures that the digital workspace is always secure
Our most straight forward approach to controlling access to your digital workspaces. Allow access if all criteria are met, deny access if any are not. deviceTRUST uses OS native mechanisms to control access in a secure and reliable way.
Conditional Application Access
With Conditional Application Access you can define the applications users can access inside their digital workspaces. Utilizing tools like the Windows Defender Firewall, Microsoft AppLocker or FSLogix App Masking, deviceTRUST can grant or deny access to any application, dynamically and customized to your unique business requirements.
Conditional Configuration allows you to configure the user’s digital workspace beyond the standard security approach. With deviceTRUST you can manage network drives, printers, remoting and local policies. We also offer a scripting interface for your individual configuration and support supplying data to 3rd party products.
Secure, future-proof digital workspaces
By bringing together the rich set of contextual information with a powerful set of real-time actions, smart decisions can be made to secure the digital workspace
Keep your existing user authentication
deviceTRUST does not alter your existing authentication methods. All Context information is gathered and all actions are executed after the user logged in. This way we add the power of the Context to your existing, role based concept.
Works without endpoint management
deviceTRUST does not require any endpoint management features at all. We do however support installing our software via your endpoint management system. deviceTRUST is simple, consistent and fully independent.
Software only - No additional infrastructure required
deviceTRUST is and will always be a software only product. There is no need for any additional infrastructure or changes to your existing IT landscape. Install the software, configure your Contexts and Actions and you’re good to go! To reach this goal, we integrate into existing management tools and communicate via existing protocols.
Independent from role-based access concepts
You might already have your role-based access solution in place. That’s fine – we’re not going to tamper with it! deviceTRUST extends your existing solutions, adds the power of the Context and supports you with an enhanced and more granular way of controlling access.
Use of existing access technologies
All communication between the deviceTRUST components happens inside your existing environment. There is no need for additional gateways, open ports or firewall adjustments. This way, we adapt to your environment easily and are prepared for any migration plans you might have.
On-Premises, Cloud or Hybrid Environments
With our protocol and infrastructure independent approach, we make sure to support all your environments. No matter if you choose on-premise, cloud or hybrid environments or want to migrate between the scenarios. deviceTRUST will follow your choice without requiring any additional configuration.
deviceTRUST can be implemented on local devices, as well as in remoting scenarios. Any information can be gathered and any control can be executed in both scenarios – to support your individual
type of digital workspace
Using deviceTRUST on Fat Clients enables you to collect Context information and execute actions on the same device. Just as in remoting scenarios, you can deliver a secure, compliant digital workplace to your users, utilizing local Windows computers.
Remoting / DaaS
In remoting scenarios, deviceTRUST gets the Context information from the user’s device – BYOD or company managed. Use the information to control the content of the user’s remote session to fulfil your regulatory and compliance requirements.
Local and remote scenarios can of course be combined. No matter which strategy you choose, or if you migrate from one to another, deviceTRUST will follow and help to create the digital workspace you need!
Manage and apply contextual security policies
deviceTRUST is strictly “software only”. Our whole solution consists of three software components with no requirements for databases, firewalls or any other added infrastructure
The deviceTRUST Console is where you create your configurations to define your contexts and actions and additional settings.
- Create separate configurations tailored to each environment
- Save the configuration data to either the local computer policy, one or more GPO’s, or configuration files on disk
- Use our built-in templates as a quick start for your configs or to explore additional use cases
Fat clients or remote platforms utilize the deviceTRUST Agent to execute actions. The agent is installed on any machine you want to manage user sessions. It receives it’s configuration from the deviceTRUST Console and can report to several targets, depending on your needs.
- The active deviceTRUST component that executes all actions
- Installed on your remoting platform or on fat clients
- Configured via local policy, GPO or configuration file
- In remoting scenarios, requests data from the deviceTRUST Client Extension based on the current configuration
deviceTRUST Client Extension
In remoting scenarios, the deviceTRUST Client Extension needs to be installed on the client side to get the full set of Context information. The client extension sends data to the deviceTRUST Agent if requested. It`s easy to install and requires no configuration at all.
- Passive extension for your remoting client extension (Citrix Workspace App, VMware Horizon Client, Amazon WorkSpaces, Microsoft AVD & RDP client, etc.)
- Does not gather any data by default
- Acts based on your central configuration settings when instructed by the deviceTRUST Agent
deviceTRUST allows full control of the data that is collected. You can choose to gather every single value as well as you can prevent so. In the same manner, you can control if data is stored, if so, where and for which purpose
Windows Event Log
deviceTRUST comes with a comprehensive set of Windows Event Log entries, giving detailed insight to administrators. Additionally, you can configure to send some or all collected context properties to the event log. Any Information can of course be read there using your existing mechanisms and collected centrally.
Email is especially powerful if you wish to directly integrate the help desk into the deviceTRUST environment. Any single information you get from your Context configuration can be included into a mail report that is, for example, sent on every user log on. This way, the help desk already has all the information about the user’s digital workplace as soon as the user requests help.
ELK Stack, Splunk and Graylog
Our integrated web task allows to send all the information we get about the user’s context to external log platforms. deviceTRUST comes with predefined configuration templates and ready-to-implement dashboards for ELK Stack, Splunk and Graylog. This way you can quickly and easily generate visibility of your data to support your use cases.