Existing threat protection solutions take into account the activities happening on a single machine, such as what software applications may be currently running or had been run in the past, which user may be logged in, which universal resource locator (URL) may be currently visited or visited in the past, etc. However, in most instances, these threat protection solutions do not take into account the device configuration or security states of the machine. And even when the threat protection solutions do consider the device configuration or security state of the machine, the underlying information cannot be considered trustworthy as the underlying information may not be verified by, or attested to, by another independent trustworthy third party device. Thus, in some instances, the threat protection solutions may be analyzing a spoofed device configuration if the machine has been compromised.
Thus, there exists a need for improvement in assessing security vulnerabilities of machines.