Device Fingerprinting

In order to reach mature Zero Trust security, organizations must monitor the clients/endpoints which are connecting to the infrastructure in addition to managing the health of the network entities.

Lumeus monitors various attributes of devices as they connect and move across connected infrastructure. Some of these attributes are based on device hardware and are difficult to spoof.

The device attributes can be used to create segments and define segmentation rules for both ZTNA (application access) and micro-segmentation (device-to-device).

Lumeus pulls the device information from network entities like firewalls using their APIs. Device attributes include:

  • Mac Address

  • IP Address

  • Device Type e.g. printer, camera, laptop, cellphone

  • Operating System

  • Manufacturer

As we don't install any agent or modify endpoint, no cookies are used for device fingerprinting.

Policy Enforcement

The Lumeus Gateway acts as the policy controller to manage segmentation for end devices. Based on the device attributes, Lumeus automatically classifies the device into the appropriate segment.

It then programs the group membership into the security/firewall using the device's IP. The groups are used to program security rules in order to allow and deny traffic to/from the devices. The unified policy ensures that the rules are applied no matter where the devices connect to the network from.

Last updated