Tailscale gates network access on a posture signal — but does not measure the signal itself. Lorika produces the signal. Together they form a posture-gated tailnet where only devices with a passing Security Score reach corporate resources.
Tailscale builds a WireGuard-based mesh between devices, with identity-driven ACLs and posture-gated access. Its Device Posture feature lets ACLs say "only allow access if a third-party signal says the device passes". It answers: "Who can talk to what, and only if posture is OK?"
Lorika runs 190+ checks on each device and emits a Security Score plus per-category posture state. The score is the third-party signal that gating tools like Tailscale, Cloudflare Access, or Okta need to enforce access rules. It answers: "What is the posture of this device right now, and is it fit to be trusted?"
| Capability | Tailscale (incl. Device Posture) | Lorika |
|---|---|---|
| Primary purpose | Mesh VPN with identity & posture ACLs | Device-posture measurement & evidence |
| Approach | Consumes posture from third parties | Produces posture itself |
| Measures device configuration | ✗ Reads supported signal sources | ✓ 190+ checks across 8 categories |
| Firewall / encryption / SSH posture | ✗ Not in scope | ✓ Verified per-device, scored |
| CVE scanning per installed package | ✗ Not in scope | ✓ OSV.dev matching, severity breakdown |
| CIS / NIST / ISO 27001 / SOC 2 / PCI DSS mapping | ✗ Not in scope | ✓ 8 frameworks built-in |
| Network-overlay / VPN connectivity | ✓ Core capability | ✗ Not in scope |
| Identity-driven ACLs | ✓ Per-tag, per-user | ✗ Out of scope (signal only) |
| Posture-gated access rules | ✓ Native, with supported integrations | Signal source — feeds Tailscale & others |
| Real-time Security Score (0–100) | ✗ Pass / fail signal only | ✓ Per-device, severity-weighted, time series |
| Audit-ready compliance evidence | ✗ Connectivity logs, not posture | ✓ Immutable audit log, time series |
| Cross-platform (macOS / Windows / Linux) | ✓ Yes | ✓ Yes |
| Free tier | ✓ Up to 3 users, 100 devices | ✓ Up to 10 devices |
The cleanest Zero-Trust pattern is two clear layers: a connectivity layer that knows who can talk to what, and a posture layer that knows whether a device is fit to talk at all. Tailscale is a fit for the first. Lorika is a fit for the second.
Per device: firewall, encryption, OS patches, SSH, CVEs in 190+ checks. Emits a Security Score plus pass / fail per category, continuously.
ACL: group:eng can reach tag:prod IF device-trust-score >= 80. Devices that drop below the threshold lose tailnet access automatically.
Lorika is identity-provider-agnostic. The same posture signal that gates Tailscale can also gate Okta application access, Cloudflare Access, or Azure AD Conditional Access.
See how Lorika compares with other categories in your security stack:
Free forever for personal use. Cross-platform (macOS / Windows / Linux). Continuous Security Score for gating.
Start free — up to 10 devices →