SecureW2 boosts certificate security with new risk integrations
SecureW2 has announced enhancements to its platform, introducing new integrations designed to strengthen certificate-based access control using expanded telemetry and real-time risk signals.
The company's latest update adds integration with SentinelOne, enabling the SecureW2 policy engine to incorporate device telemetry from an additional security provider. This capability joins existing support for real-time intelligence from other platforms, including CrowdStrike, Palo Alto Networks, and Microsoft Defender, allowing organisations to make access decisions based on dynamic risk and identity data.
Integration details
The introduction of SentinelOne support allows SecureW2 to process 76 distinct device attributes, with 10 selected by default to calculate detailed device risk scores. Device risk levels are then categorised as low, medium, high, or critical. Security indicators such as malware detection, privilege escalation attempts, and zero-day activity are used to dynamically adjust trust profiles, supporting policy-based decisions to issue, delay, or block certificate access.
SecureW2's integration with Jamf School has also been enhanced. The platform moves beyond generic SCEP functionality, adopting a full API-based model. This change provides real-time lookups to confirm device supervision status, management posture, and group membership, using attributes such as isManaged and isSupervised. The system matches devices by their serial numbers, offering more granular control over certificate issuance, particularly in environments focused on Apple devices.
Additionally, SecureW2 now uses Microsoft Entra ID's user risk scores for access policy enforcement. These scores, which reflect anomalies in user behaviour, phishing risks, and compliance violations, can be leveraged to adjust both enrollment and authentication policies. If a user's risk score increases, the system can automatically apply stricter certificate-level controls based on predefined security policies.
"It's not enough to know what's connecting," said Bert Kashyap, CEO of SecureW2. "Security teams want the greatest certainty possible that every user and device with access to networks, applications, and workloads meets their trust standards and continues to meet them over time. This release expands our real-time intelligence signal sources, which inform dynamic trust profiles used to govern certificate issuance and drive Adaptive Defence for continuous enforcement as conditions change."
Adaptive enforcement
These developments are implemented within SecureW2's JoinNow Platform, which applies inputs across three areas: validation prior to certificate issuance, ongoing enforcement through Adaptive Defence, and post-issuance integrity verification. With this layered approach, organisations verify trust before granting access and automatically adapt access decisions as risk profiles change.
If new security threats or anomalies are detected at any stage in the device or user lifecycle, SecureW2's system can automatically enforce policy changes according to the latest real-time intelligence, removing or suspending access as necessary.
Extension of protocol support
The release also includes improvements to SecureW2's ACME protocol support. The updated process now involves a dual-verification mechanism that checks both organisational identity and domain control before certificates are issued. This stricter approach is intended to reduce the risk of certificate misuse by ensuring that issuance only occurs when both conditions are met and validated by the integrated intelligence engine.
SecureW2's platform continues to be utilised by organisations in enterprise, educational, and governmental sectors aiming to modernise authentication and reduce attack surfaces through certificate-based access management. The company's enhancements are intended to support real-time, adaptive enforcement across diverse environments, strengthening confidence in credential and device trust.
