NOTE
This feature is available in version 6.5.3 and later.
The AppGate ZTNA Controller establishes a WebSocket connection that enables the Risk Engine to proactively notify AppGate when a device's risk level changes. When a risk level changes—in either direction—the Risk Engine sends a live alert over the WebSocket connection to the Controller, which triggers policy reevaluation. For example:
An end user clicks on a virus.
Their endpoint protection system, previously integrated with the Risk Engine through an adapter, detects the event.
The Risk Engine updates the device's risk level with the new information.
The Controller triggers policy reevaluation and blocks the device's access to sensitive resources.
NOTES
Risk level scores update on 15-minute polling intervals.
If the risk score of a session changes, the Risk Engine notifies the Controller, which renews the claims and entitlement tokens for the session based on the new risk score. If the AppGate identity provider requires MFA at sign-in, the user is also prompted for OTP or FIDO.