Zero Trust Device Isolation QuickStart

Block all inbound and outbound traffic, including direct IPs, local traffic, and VPN

Coming Soon for Device Isolation: Enhancements will include bulk action, active isolation session history, and user manual override passphrase support

Zero Trust Device Isolation establishes rigorous controls over inbound and outbound traffic at the OS level for endpoints, limiting communication exclusively to your pre-configured allowed addresses for remote device management. Should any suspicious activity arise, prompt the system to swiftly initiate a lockdown and quarantine on the device. This proactive measure ensures containment and thorough scrutiny of potential threats before reintegrating, effectively strengthening networks against the lateral movement of malicious activities by threat actors.

Use Cases

  1. Lockdown a device due to suspicious activity (contain lateral movement of malicious activity)
  2. Lockdown a device after offboarding an employee (no export of that Sales list)
  3. Lockdown a device in transit (shipping to/from employee for remote work)
  4. Lockdown a kiosk / work machine to only the resources required to do the job in a true zero trust environment

Features

  • Endpoint Action: Enable manual isolation of individual devices through hover actions, blocking all inbound and outbound traffic, including direct IPs, local traffic, and VPN
    •  
  • Isolation Visibility: Easily identify and filter devices in Isolation mode from the Browse: Endpoints grid
  • Custom Isolation Block Page: Provide users with a visual indicator of their device's status when trying to access websites
  • Immediate Release: Restore traffic immediately without cache clearing upon releasing isolation
  • Policy Configuration: Easily configure allowed addresses either globally or per customer on the new Isolation tab. Additionally, you have the option to update addresses during an active Isolation session
  • Logging: Access a CSV file containing a record of all outbound traffic initiated locally within the Agent logs folder:
    • C:\Program Files\Zorus Inc\Archon Agent\Zorus Deployment Agent\logs
    • File name (generates when Agent isolates / per session): Endpoint Name-IsolationTraffic-2024-03-04T1513
  • Audit Logs: Gain visibility into isolation actions through the audit log