DeviceTether
DeviceTether is a web + desktop agent that enforces zero-trust access by binding every login to a continuously verified device posture and a short-lived session “tether.” Instead of granting broad VPN access, it issues per-app, per-session access tokens only when the endpoint meets policy (OS patch level, disk encryption, EDR present, risky processes, jailbroken/rooted signals). If posture drifts mid-session—EDR stops, new admin tools appear, suspicious DNS—DeviceTether automatically steps down privileges, forces re-auth, or kills the session. It integrates with common IdPs and reverse proxies to protect internal web apps, SSH, and RDP without full network exposure. Realistically, this is not a magic bullet: you’ll still need good identity hygiene and endpoint tooling. But it can materially reduce lateral movement and “stolen cookie” damage with practical, enforceable controls.