Skip navigation
Person types on a laptop keyboard
Product & Engineering

Announcing Identity Intelligence With Duo

The idea that “identity is the new perimeter” is not new. It has been a foundational component in many approaches to zero trust. However, over the past 18 months, there has been an unprecedented wave of identity-based cyberattacks with devastating consequences. According to Cisco Talos, three of the top five MITRE ATT@CK techniques used in 2023 were identity-based.

Traditionally, credentials (such as usernames, passwords or security tokens) have been the gatekeepers of access. Each user’s identity is a potential door into an organization’s environment. Given the affordability and scalability of identity-based techniques, attackers have been quick to target these doors. So, while the statement “identity is the new perimeter” is true, it must be followed with “and identity context is critical in order to grant secure access.”

Even before the high-profile attacks in 2023, the trend in adopting zero trust security principles already showed that identity security must be a major priority for organizations of all sizes.  

Addressing identity-based attacks

Duo has made a number of significant investments in identity security over the last several years with the release of Duo’s Trust Monitor, Duo’s Risk-Based Authentication, and moving Duo’s Trusted Endpoints feature into Duo’s Essentials edition.

In a world where identity has become the most attacked perimeter, Cisco & Duo are doubling down on a security-first approach to identity and access management.

Today, we are announcing a private preview of Duo’s identity security capabilities powered by Cisco Identity Intelligence. Cisco Identity Intelligence is a powerful, cross-platform identity graph that will inform and infuse identity context into the Cisco Security portfolio.

Cisco Identity Intelligence will help Duo customers with unmatched visibility across their full identity and access management stack while helping to detect and prevent identity-based attacks. This will help to overcome fragmented and inferior approaches to identity which leave organizations vulnerable to attacks.

“…we need the identity data…but we can’t just send the SOC an ocean of data without context…” — Duo Customer, Technology Sector

Cisco customers have been asking for this type of intelligence, and we wanted to provide actionable identity insights without the noise. As one administrator put it: "...we need identity data…but what we don’t want to just to send the SOC an ocean of data without context and they don’t know what to do with it.”

Context is king and organizations have a need for contextualized identity insights that are actionable, and we can’t agree more. Most solutions in the market today are either too noisy, plagued by false positives, hyper-focused on legacy infrastructure, or tailored for one specific identity solution.

Reducing the risk of identity-based attacks

Picture a scenario where an attacker acquires a list of dormant accounts, performs credential-stuffing, and gets the necessary credentials to log-in.  Given that the average company has 40.26% of accounts with either no MFA or a weak MFA[1], getting through the hoops to exfiltrate sensitive data is not overly complex.

Having an identity security solution which provides visibility into misconfigured and unused accounts by comparing with identity sources (such as your identity provider and HRIS system), including employees, contractors, and service accounts, is a necessity.  To help minimize chances of successful identity-based attacks, such a solution should also offer holistic coverage across identities and applications.

To address identity-based attacks with greater efficacy, Identity & Access Management (IAM) analytics need to be an inherent part of such a solution. This way, IT Administrators can quickly address any security gaps by migrating from weak authentication to strong, phishing-resistant, multi-factor passwordless deployments across a customer’s entire enterprise stack.

In the video below, Duo Product leader, Josh Terry, highlights how Duo powered by Cisco Identity Intelligence will provide immediate security value and response to today’s most common attacks in real-time such as session hijacking, inactive account abuse, and more:

Enhanced user and breach protection

This move will help Duo’s customers to streamline security operations, improve security posture by protecting both access and identity infrastructure, address compliance requirements more effectively, and ultimately, fast-forward their journey to zero trust.

Cisco Identity Intelligence’s capabilities are available now in a private preview for select Duo customers. It will be packaged in Duo Advantage and Duo Premier editions for all customers once generally available.

What is coming next?

Whether it is helping customers secure their identity tools or making sense of enormous identity data with data analytics and AI, Cisco is putting identity security at the core of its security strategy.

This private preview is just the beginning as we continue to gather feedback and offer more identity security capabilities to help customers meet additional identity security outcomes.

Stay tuned!

If you just want to talk about identity security with a specialist or aren’t sure where to start, please contact us here!

[1] Based on a report we issued in 2023.