A device risk score is what is it?

A device risk score is an indicator of the likelihood that a specific device poses a threat to network and internal resources. Workspace ONE Intelligence calculates and displays these scores on a device-by-device basis, allowing you to make risk-based decisions about trusting devices. These decisions can include requiring two-factor authentication for some or all access to applications. The score is based on a combination of factors, including the types and severity of active alerts on each device.

Devices that have a low risk level have little or no anomalous network behaviors, medium-level alerts and vulnerabilities with CVSS (Common Vulnerability Scoring System) scores below 7.0. The score for a profile also depends on the number of devices included in its calculation. If the profiles are small — for example, five devices — it’s easier for one high-risk device to impact the overall score than if the scores of a larger set were involved in calculation.

Medical devices pose the highest risk for security breaches because of their critical role in human life. The industry best practice is to apply risk-based threat modeling throughout the design process for these devices, according to Qualm. The goal is to make them as secure as possible by reducing the attack surface and limiting potential attacks.

Other medical devices, such as infusion pumps, require a higher risk rating because they provide direct access to blood, causing potential harm or even death if they are compromised. Best practices for these devices include performing structured threat modeling, minimizing vulnerabilities and implementing appropriate controls from a well-defined control catalog.

Zero trust is a key component of security architectures that prioritize user and device security. To achieve this, organizations need to implement dynamic risk scoring that evaluates the risks associated with a given device, and compares them to a threshold score or range. Then, they need to ensure that all devices meet this criteria.

The dynamic risk scoring feature of Workspace ONE Intelligence helps you to do just that. This feature uses a scoring model that evaluates the risk of a device on a real-time basis based on the detections of the ExtraHop system. This score is compared to the threshold scores that are configured in policies for granting access to applications or resources.

This risk scoring is done through an algorithm that analyzes sets of attributes that identify devices, known as device fingerprints. Each registered device has a unique fingerprint that includes information such as screen size and operating system. The weight of each device fingerprint attribute is defined by the administrator, and determines how much a particular risk factor contributes to the overall risk score.

Once a device risk score is calculated, it can be used within an existing app protection policy. This enables you to limit or block access to apps and resources for devices with high, medium or low risk levels. You can use this to reduce the risk of attacks and improve application security for your organization.