# Lorika > Device Trust Platform for Zero Trust Security — verify endpoint security posture before granting access. Lorika is a lightweight, agent-based security posture platform that runs 190+ automated security checks on employee and personal devices (macOS, Windows, Linux). It calculates a real-time Security Score per device, maps findings to 8 compliance frameworks, scans for CVEs in installed packages, and provides a unified fleet dashboard for IT and security teams. ## Core value proposition - Know the security posture of every device in your organisation — always - Replace point-in-time audits with continuous, automated evidence collection - One agent, one dashboard, zero manual fleet maintenance - Free for personal use (up to 10 devices); no credit card required ## Use cases - Corporate fleet security monitoring for IT and security teams - SOC 2 Type II, ISO 27001, PCI DSS compliance evidence collection - BYOD and remote team device trust verification - Vulnerability management — CVE detection across all installed packages - Cyber insurance scoring — continuous Security Score as objective evidence - Banking and fintech — device trust signal for step-up authentication - Zero Trust architecture — device posture as an access condition ## Who it's for - IT administrators managing 10–10,000+ endpoints - Security engineers and CISOs implementing Zero Trust - Startups and SMBs needing compliance without a dedicated security team - DevOps teams running Linux servers and needing continuous posture checks - Remote-first companies managing BYOD fleets ## Key features (live in production) - 190+ security checks across 8 categories: Auth & Access Control, Network Security, Filesystem Security, Kernel & Hardening, Software & Patches, Services & Docker, SSH Hardening, Audit & Logging - Real-time Security Score (0–100) per device with trend history - 8 built-in compliance frameworks: CIS Level 1, NIST 800-53, ISO 27001, SOC 2 Type II, PCI DSS v4.0, NBU Resolution №143, NBU Resolution №95, SSSCIP Order №75 - Custom compliance framework builder - CVE scanning — every installed package matched against OSV.dev vulnerability databases - Severity breakdown: Critical / High / Medium / Low, with fix availability tracking - Software inventory (dpkg, rpm, apk, pacman, brew) with change detection - Delta scans — ~90% bandwidth reduction, only changed checks transmitted - Network & services discovery — open port scanning, 20+ dangerous exposed services - Multi-tenant organisations with RBAC (admin / member) - Google OAuth SSO (Google Workspace and personal Gmail) - Automated fleet lifecycle — stale agents auto-deactivated after 30 days - Silent auto-update with SHA-256 binary verification - Dashboard in English and Ukrainian ## Supported platforms - macOS 12 Monterey or later (Apple Silicon M1/M2/M3/M4 and Intel) - Windows 10 (1903+) and Windows Server 2019+ - Linux: Ubuntu 20.04+, Debian 10+, RHEL 8+, Fedora 38+ (x86_64 and ARM64) - iOS and Android — coming soon ## Pricing - Personal: Free forever, up to 10 devices, 190+ checks, 8 frameworks, CVE scanning, 90-day history - Business: €9.99/month, up to 100 devices, active remediation, RBAC, 1-year history, mobile agent, priority support - Enterprise: Custom pricing, unlimited devices, Conditional Access (Okta/Azure AD), CSPM, SIEM integration, ZTNA, dedicated SLA ## Roadmap - Active Remediation — one-click fixes with admin approval and dry-run preview (coming Phase 2) - Conditional Access — block device access if Security Score drops below threshold; integrates with Okta, Google Workspace, JumpCloud, Azure AD (coming Phase 3) - Mobile Agent — iOS and Android read-only advisor, no MDM required (coming Phase 3) - Cloud & SaaS Security (CSPM) — AWS, Azure, GCP, Google Workspace audits (coming Phase 4) - ZTNA & Endpoint Defense — per-connection trust verification, EDR integration, DNS filtering (coming Phase 4) - IT Lifecycle & HRM — asset registry, licence tracking, onboarding/offboarding automation (coming Phase 5) ## Security architecture - HMAC-SHA256 signed scan payloads — tampered results rejected server-side - Token rotation on every refresh; logout invalidates all sessions instantly - SHA-256 checksums on agent binaries before install and every auto-update - Server IP hidden behind Cloudflare proxy - 30-minute idle auto-logout - All credentials via environment variables; device tokens stored as SHA-256 hashes - Enrolment tokens expire in 24 hours and are single-use ## Comparisons - Lorika vs EDR: https://lorika.dev/device-trust-platform/vs-edr/ - Lorika vs MDM: https://lorika.dev/device-trust-platform/vs-mdm/ - Lorika vs Kolide: https://lorika.dev/alternatives/kolide/ ## Links - Website: https://lorika.dev - Dashboard: https://app.lorika.dev - Device Trust Platform overview: https://lorika.dev/device-trust-platform/ - Compliance monitoring: https://lorika.dev/device-compliance-monitoring/ - Zero Trust device check: https://lorika.dev/zero-trust-device-check/ - Endpoint security posture: https://lorika.dev/endpoint-security-posture/ - Terms: https://lorika.dev/terms.html - Privacy Policy: https://lorika.dev/privacy.html - Security Policy: https://lorika.dev/security.html