Skip navigation
Product & Engineering

AMPing up Endpoint Security from Duo

We are excited to announce a brand new integration between Duo and Cisco’s Advanced Malware Protection (AMP) for Endpoints now in Public Beta

Why is this Exciting?

With an estimated 70% of breaches starting on endpoints - laptops, workstations, servers, and mobile devices - organizations need visibility into these devices connecting to applications both on the network and in the cloud

With Duo and AMP, organizations have the tools in place to effectively establish trust in users’ endpoints connecting to protected applications. The ability to prevent, detect and respond are key elements when considering device trust in a zero-trust security approach for the workforce.

This integration leverages AMP’s ever-evolving knowledge of threats and compromises to enable Duo to automatically block access to any Duo protected application from an endpoint that has an active compromise.

How Duo Helps Establish Trust in Endpoints

To establish trust in the endpoints being used to connect to applications Duo helps organizations implement policies that will do the following:

  • Provide visibility into all workstations, mobile devices, and laptops being used to access protected applications - including OS versions, browser version and more

  • Check devices have the most up to date software and patches in place and offer remediation - this is particularly crucial for devices not under corporate management

  • Assess the management status of the device and block access from devices that aren’t trusted endpoints

  • Determine if the endpoint meets security controls - for example, the device isn’t jailbroken and has encryption in place

All the device state and management status checks Duo performs on devices have been designed with the end-user in mind, and to alleviate some of the burden on helpdesk and IT administrators. Duo policies check for things that should either already be set up for the device (such as management status) or could be remediated by the end-user themselves (update an older OS version for instance). With policies in place, checks are performed automatically during the login process to ensure that there is a balance between security and usability without an impact to productivity.

AMPing up Device Trust for the Workforce- Prevent, Detect and Respond

In order to gain access to sensitive data or applications bad actors with malicious intent are always trying to come up with new compromises that manifest as malware, viruses, ransomware, etc.. Cisco AMP, however, is never static and is always receiving a constant stream of up to date malware intelligence from the Cisco Talos team, a group of experts who analyze millions of malware samples and terabytes of data per day. AMP then correlates files, telemetry data, and file behavior against this context-rich knowledge base to proactively defend against known and emerging threats.

Now thanks to this integration, we are able to bring all of that real time intelligence from Cisco Talos and AMP to every access decision that Duo is making.

How Does It Work?

Users use devices to access application. Cisco AMP on the device detects malware. AMP notifies Duo. Duo blocks device.
  • The connection to the AMP for Endpoints tenant is set up in the ‘Trusted Endpoints Configuration’ section of the Duo Admin Panel.

  • Duo’s web service is integrated via custom APIs with the AMP for Endpoints cloud service

  • Duo will act as an enforcement point: When AMP knows a device is compromised, Duo will prevent that endpoint from being used to access any application it protects

All it takes is a few minutes to get the integration setup and running so organizations can quickly and easily:

A breakdown of how AMP for Endpoints and Duo prevent, detect and respond to threats.

Interested? Here’s what to do next..

This integration requires Duo Beyond and AMP for Endpoints and is scoped initially to desktop devices running Windows and macOS.

We are eager to have interested customers try it out and provide us with feedback on how it is helping them further improve their security processes and controls.

If you are interested in this integration please contact your Duo and/or Cisco representative.