Clear & Simple: Monitoring Access with Duo Trust Monitor
Trust is a fickle thing. Some people in life assume that trust should be implicit - that you can trust others based on little more than intuition, a smile or a handshake. Trust is a natural human condition and, as Malcolm Gladwell pointed out in his book “Talking to Strangers,” we have a tendency to default to trust.
Problems With Defaulting to Trust
However, defaulting to trust comes with its share of problems, the proverbial “wolf in sheep’s clothing” comes to mind. Good thing there are ways to verify trust and make sure we aren’t getting duped. In the real world to establish trust we might rely on an initial verification like an introduction from a trusted friend.
The tricky part comes in maintaining trust after an initial verification. In the real world, there’s no need to be actively suspicious of an acquaintance. But, if things start going missing from your home when this, and only this, acquaintance stops by - well, then your level of trust may alter. Without jumping to the worst conclusions - it may be worth monitoring their behavior.
In the digital world, multi-factor authentication can be an initial verification of trust - but there are strange contextual variables that should throw off red flags when it comes to assessing trust.
Ockham’s Razor - The Simplest Explanation is Typically Right
But before we move into that discussion I can’t help but to turn attention to Ockham’s Razor. This was attributed to William of Ockham who was a monk born in the year 1285. He has been credited with the problem solving idea that "entities should not be multiplied without necessity." To put that in simpler terms, the simplest explanation is most likely the right one. So when we’re dealing with computer security we want to be sure that we have clarity in our information.
"Entities should not be multiplied without necessity" — William Ockham
Simplicity and Clarity in Security
Simplicity and clarity are two key tenets when thinking about monitoring trust. It is important to remember that the simplest answer when something goes missing is: you lost it. That being said, if you have a security camera above your garage and it shows your acquaintance entering and leaving with the lost item, the camera provides clarity into the situation.
For the perspective of trusting access to our networks and systems, simplicity and clarity take on different forms. For simplicity, it’s important to remember that humans act in strange ways - they go on business trips, they log in from coffee shops, they use their mother-in-law’s computer to access work email. The simplest answer is probably that strange access is probably just that: strange.
However, clarity means setting up the proper controls to provide context around access. When something goes wrong we need to be able to ascertain what has transpired in a clear and coherent manner and rather than defaulting to trust we need to be able to discover the likely answer with clear data.
Get to Know Duo Trust Monitor
To expand on that offering by monitoring the trust of users, we are releasing new access analytics functionality. This Duo feature analyzes and models user authentication telemetry in order to create a baseline of normal user behavior. Once typical access patterns are observed, Duo Trust Monitor highlights high risk logins.
Reducing False Positives
A key difference between Duo Trust Monitor and many other access analytics tools on the market is our commitment to simplicity and clarity. It is easy to sound an alarm for every new device or login location — but this is a little like kicking your acquaintance out of the house for wearing a new outfit (false positive much?). The simplest answer is that if most of the variables are consistent — the user can still be trusted.
However, Duo Trust Monitor does give customers clarity as to the historical context around user access behavior. The feature monitors many access variables, looking for anomalies along a variety of dimensions and between commonly associated variables (ex: it’s typical for a user to use X device while accessing from Y). This way, if an “acquaintance” shows up at your house at 3AM with a crowbar —you have the clarity to turn on the lights and sound the alarm.
In a nutshell, Duo Trust Monitor helps the CISO sleep at night knowing that the information needed to ensure access trust is being actively monitored. The feature will seek out anomalies, but also reduce the number of false positives to ensure that we get to clear and concise answers.
We are born into this world hardwired to trust each other. We are set up with an ability to build connections with others. But, that doesn’t mean we shouldn’t monitor that trust, hopefully remembering that though the simple answer is probably the right one, it doesn’t hurt to have clarity and context.
Try Duo For Free
Sign-up for a free trial to experience the product and see how Duo can give you deep device visibility and get started with Device Trust.