DSPM Platform · Free Tier Available

Device Security Posture
Management Tools

Continuously assess the security posture of every endpoint in your organisation. Lorika runs 190+ automated security checks, maps results to 8 compliance frameworks, scans for known CVEs, and calculates a real-time Security Score for every device.

Start free — up to 10 devices How it works →

What is Device Security Posture Management?

Device Security Posture Management (DSPM) is the practice of continuously monitoring and assessing the security configuration of endpoint devices — laptops, desktops, and servers — against established security benchmarks and compliance frameworks. Unlike point-in-time audits, DSPM provides real-time visibility into your fleet's security state.

How Lorika implements DSPM

Lorika deploys a lightweight agent (5 MB, zero configuration) that performs 190+ security checks across 8 categories every 15 minutes. Results are compared against cached state — only changes are transmitted (delta scans), reducing bandwidth by ~90%.

Auth & Access Control (password policy, SSH hardening, MFA, sudoers audit)
Network Security (firewall, open ports, 20+ dangerous service detection)
Filesystem Security (disk encryption, SUID/SGID, world-writable files)
Kernel & Hardening (ASLR, SIP, Secure Boot, SELinux/AppArmor)
Software & Patches (OS updates, EOL detection, kernel reboot pending)
Services & Docker (screen lock, antivirus, Docker security)
SSH Hardening (root login, password auth, TCP forwarding)
Audit & Logging (auditd, log retention, syslog config)

Key differentiators

190+ checks vs 30-90 in competing tools
8 built-in compliance frameworks (CIS, NIST, ISO 27001, SOC 2, PCI DSS, NBU №143, NBU №95, ДССЗЗІ №75)
CVE vulnerability scanning via OSV.dev for every installed package
Cross-platform: macOS (Apple Silicon & Intel), Windows, Linux (x64/ARM64)
Free tier: up to 10 devices, forever
Three-timer architecture: heartbeat (3 min) + quick scan (15 min) + full scan (60 min)
Delta scans with SHA-256 cache — ~90% bandwidth reduction
HMAC-SHA256 signed payloads, token rotation, zero secrets in code
Silent auto-update with binary integrity verification
Multi-tenant organisations with RBAC

Pre-mapped compliance frameworks

Every security check is mapped to controls in industry-standard frameworks. Continuous evidence collection replaces point-in-time assessments.

🛡

CIS Level 1

Essential security hygiene benchmarks. Practical baseline for all workstations and servers. Industry-recognised hardening standard.

🏛

NIST 800-53

US federal security controls baseline. Required for government contractors and FedRAMP. Comprehensive control catalog.

🌐

ISO 27001

International ISMS standard. Map endpoint controls to ISO 27001 Annex A requirements for certification readiness.

🔒

SOC 2 Type II

Service organisation controls for security and availability. Continuous evidence collection for audit readiness.

💳

PCI DSS v4.0

Payment card industry data security. Continuous endpoint compliance monitoring for cardholder data environments.

⚙

Custom Frameworks

Build your own compliance framework in the dashboard with custom control mappings tailored to your organisation's policies.

Deploy in 3 minutes

1️⃣

Create a free account

Sign up with Google Workspace or email. Your personalised install command is waiting in the dashboard — one line, unique to your organisation.

2️⃣

Install the agent

Run the one-liner on macOS, Windows, or Linux. The 5 MB agent enrolls automatically, starts scanning immediately. Zero configuration required.

3️⃣

See your Security Score

Open the dashboard to view real-time device posture: Security Score, compliance status across 8 frameworks, CVE vulnerabilities, and trend history.

Device Security PostureManagement Tools