Implementing CrowdStrike Zero Trust Assessment (ZTA)

CrowdStrike Zero Trust Assessment (ZTA) provides real-time security posture insights for endpoints, helping organizations implement adaptive access controls based on risk levels. ZTA continuously evaluates device security based on multiple factors, ensuring that only trusted and compliant devices can access corporate resources.

This guide explains how to enable, configure, and use ZTA in the Falcon Console.

Step 1: Log Into the Falcon Console

  1. Open a browser and go to https://falcon.crowdstrike.com.
  2. Sign in using your admin credentials.
  3. Navigate to Zero Trust Assessment in the left-hand menu.

Step 2: Enable Zero Trust Assessment (ZTA)

  1. In the ZTA Dashboard, click Enable ZTA (if not already active).
  2. Configure Risk Scoring Settings, which analyze:
    • Endpoint security configuration (patch status, firewall, encryption).
    • User behavior and authentication patterns.
    • Threat detections and recent alerts.
  3. Click Save Settings to activate ZTA monitoring.

Step 3: View Device Trust Scores

  1. Go to ZTA Dashboard to see real-time trust scores.
  2. Trust scores range from 0 to 100, with risk classifications:
    • Low Risk (80-100) – Device is secure.
    • Medium Risk (50-79) – Some security gaps detected.
    • High Risk (0-49) – Immediate action needed (e.g., malware detected).
  3. Click on a device to see a detailed security breakdown, including:
    • Unpatched vulnerabilities
    • Weak authentication settings
    • Suspicious processes or user activity

Step 4: Enforce Conditional Access with ZTA

Option 1: Integrate ZTA with Identity Providers (Okta, Azure AD, Ping Identity)

  1. Go to ZTA > Integrations.
  2. Select an Identity Provider (IdP) to enforce risk-based access policies.
  3. Configure Conditional Access Policies, such as:
    • Block access for High-Risk devices.
    • Require MFA for Medium-Risk devices.
    • Allow seamless login for Low-Risk devices.
  4. Click Save Policy and apply it to your users.

Option 2: Use ZTA for Network Segmentation

  1. Navigate to ZTA > Network Policies.
  2. Define device risk thresholds for accessing:
    • Corporate VPN
    • SaaS applications
    • Internal servers
  3. Enforce automatic network restrictions based on trust scores.

Step 5: Monitor and Adjust ZTA Policies

  1. Go to ZTA Reports to analyze trust score trends.
  2. Adjust policies based on emerging threats or compliance needs.
  3. Investigate high-risk devices and take remediation actions:
    • Force software updates.
    • Require user verification.
    • Contain compromised endpoints.

Best Practices for ZTA Implementation

Regularly review device trust scores – Identify high-risk endpoints early.
Integrate with Identity and Access Management (IAM) – Automate risk-based authentication.
Use ZTA for compliance audits – Ensure devices meet security baselines.
Continuously refine policies – Adjust risk scoring to match evolving threats.