February 24, 2023

The role of the endpoint in Zero Trust

Samsung Knox Team
 Top Image

With cybercrime and hacking strategies becoming more complex, enterprises need to be able to trust their users and endpoints more than ever. As a result, the Zero Trust strategy has become an increasingly popular way of protecting enterprise data. Samsung Knox’s trusted security platform and tools are one way to use Zero Trust to protect your enterprise’s data.

How Zero Trust works

Zero Trust is a security strategy that aims to minimize implicit trust in entities that handle enterprise data. With Zero Trust, entities, such as users and endpointsi need to continuously prove their trustworthiness to an enterprise to get access to its resourcesii. For example, just because an enterprise’s VPN authenticates a device, doesn’t mean that the device will be automatically trusted. This approach allows Zero Trust to use dynamic access control.

In contrast to traditional perimeter-based security strategies such as VPNs, dynamic access control dramatically reduces the impact of a compromised endpoint. With perimeter-based approaches, if an attacker compromises a single device or user credential, they can easily breach the entire enterprise network.

Additionally, Zero Trust allows an enterprise to regulate access to its resources based on a continuous evaluation of contextual information from multiple data sources. This contextual information, or context, takes into consideration sources including user and device identity, device health, location, and frequency of access. For each resource request, a device evaluates the context and sends it to a Policy Decision and Enforcement point (PDP). The PDP then decides whether to allow the endpoint access to the requested enterprise resource. If access is allowed, the requested resource is sent back to the device.

Endpoints: Enabling Zero Trust

When endpoints are involved, there are three principles that a Zero Trust system must uphold. First, the endpoint must collect, evaluate, and protect user data with each request made to ensure that the user has the right credentials to access the system. Second, both the endpoint and system need to continuously evaluate and protect the device from attacks. Finally, the endpoint must regulate access to local and remote resources control on downloaded resources and takes remediation actions as applicable.

Samsung Knox and Zero Trust

The Samsung Knox platform provides a foundation to build an endpoint that can achieve the Zero Trust vision.

Evaluating and protecting user data — User identities are vulnerable to many data breaches. With a recent study finding that phishing and credential stealing were the top two causes of real-world data breaches in enterprises for 2022, protection against these threats has become even more integral for enterprise security.

On the user data end, Knox can detect and block phishing attempts with the Network Platform Analytics and the Domain Filter firewall. Additionally, Network Platform Analytics lets Knox identify the exact app a device is making a network request from, providing further confidence to servers that session cookies aren’t stolen and replayed. Other Knox features such as ARM TrustZone Trusted Execution Environment (TEE) and Knox Vault provide further protection by enabling password-less authentication and token binding standards. For continuous authentication, Knox’s continuous multi-factor authentication framework allows for the regular collection and interpretation of data to authenticate user identity.

Evaluating and protecting device data — Devices are vulnerable to boot-time and run-time threats such as rooted images, malicious apps, and runtime exploitation.

The Samsung Knox platform has many features that protect device health and identity. To provide verifiable guarantees that only Samsung-authorized platform software components are running on a device, all Knox devices support trusted boot and Device Health Attestation. To protect against rooting attacks, Knox deploys features such as the Real-Time Kernel Protection and has parts of its platform, like TrustZone, written in the memory-safe Rust language. Knox also provides a unique ID and signing key, called the Samsung Attestation Key, for each device. This key can be used with the Knox SDK to generate a certificate that can be used for token binding and verifying a device’s identity to servers.

Knox also enables the continuous monitoring of endpoint security by providing a variety of contextual information typically used in Zero Trust. The Knox SDK provides access to hundreds of data points spread across the device’s network, kernel, filesystem, and apps for extensive system-wide visibility. Additionally, Knox allows on-device agents to be notified of and act on changes to device or user data, allowing them to block apps or notify remote PDPs to cut off access to enterprise resources.

Regulating access to local and remote resources — Once resource access is granted, the endpoint has to regulate access to local on-device and remote resources following the Zero Trust principles of least privilege and fine-grained access control. The endpoint also needs to take protective measures if it detects suspicious user or device behavior.

Samsung Knox supports fine-grained access control to regulate access to local and remote resources. With the Global proxy feature, Knox provides mechanisms to intercept network flows. To provide fine-grained access control, the Knox Platform for Enterprise (KPE) provides strong local isolation and control over enterprise apps and data. KPE, along with Knox Guard, also provide multiple remediation controls to instantly cut off enterprise resource access.

In summary, through features like continuous authentication, device health and hardware protections, and fine-grained access control, the Samsung Knox platform provides a foundation to build an endpoint that can achieve the Zero Trust vision and provide better security for your enterprise.

Learn more about Samsung’s position on the Zero Trust strategy: Browse the White PaperWhite Paper

i Endpoints are user-facing devices that request access to enterprise resources. Endpoints include laptops, desktops, mobile phones, and tablets. In this article, we use the terms “device” and “endpoint” interchangeably.

ii Enterprise resources include enterprise data, apps, and services such as printers.

[Icon] close

Get the right solution for your business

Join 25,000+ organizations around the world.

[Icon] suitcase
Are you a reseller or solution partner?

Get access to the Knox Partner Program for helpful partner tools, such as the Knox Deployment Program portal, Knox MSP portal, partner SDKs, and more.

[Icon] info
Unified Endpoint Management
Knox Suite
Rebranding and customization
Knox Configure
Fraud and theft protection
Knox Guard
Device protection plan
Samsung Care + for Business
Other products & services

Get started with

[Image] Knox Suite

All-in-one solution bundle for enterprise mobility.

[Icon] Check mark

Join us and get a 90-day free trial for Knox Suite and other Knox products. *Approval required

[Icon] Check mark

A complete set of tools to secure, deploy, manage, and analyze your enterprise's corporate mobile devices.

[Icon] Check mark

Try powerful features bundled with Knox Suite, such as Knox Remote Support.

Knox Suite include:

[Icon] Knox Platform for Enterprise Knox Platform for Enterprise
[Icon] Knox E-FOTA Knox E-FOTA
[Icon] Knox Mobile Enrollment Knox Mobile Enrollment
[Icon] Knox Asset Intelligence Knox Asset Intelligence
[Icon] knox manage Knox Manage
[Icon] knox capture Knox Capture

Get started with

[Image] Knox Configure Logo

Remotely configure Samsung devices in bulk and tailor them to specific needs, right out of the box.

[Icon] Check mark

After approval, you can try both the:

  • Setup edition — designed for a one-time deployment
  • Dynamic edition — deploy and update policies as many times without a factory reset.
[Icon] Check mark

Try either the Setup edition or Dynamic edition of Knox Configure on up to 30 devices.

[Icon] Check mark

Get a free Knox Suite trial upon approval to try our UEM.

Get started with

[Icon] Knox Guard Logo

Remotely control Samsung devices to reduce financial risks and protect assets.

[Icon] Check mark

After you get approved, generate your free trial license for 90 days.


Try all the features of Knox Guard on up to 30 devices, including SIM control and device locking.

[Icon] Check mark

Get a free Knox Suite trial upon approval to try our UEM.

Get started with

[Image] Samsung Care Plus For Business Logo

Protect your business devices against accidental damage and mechanical breakdowns.

[Icon] Check mark

Are you already a Samsung Care+ for Business customer? Create an account and access the Samsung Care+ for Business console.

[Icon] Check mark

Contact the Samsung sales team and get peace of mind for your devices.

Other products & services

[Image] Others logo
[Icon] Check mark

Samsung offers additional solutions to serve the unique needs of your business. Talk to a Samsung expert today.

Back to top