Designing a Smarter Security Solution with Duo Platform Edition
If you follow data breaches, like I do, then you’ll know that, after everything is said and done, the messy attribution and digital forensics trail almost always leads back to a pair of stolen username and password credentials. Like, pretty much all of them:
Over 95% of [security] incidents involve harvesting credentials from customer devices, then logging into web applications with them.
- Verizon’s 2015 Data Breach Investigations Report (DBIR)
If that’s the case, then how can you protect your organization against a breach? The Verizon DBIR recommends:
While we have tried to refrain from best practices advice this year, there’s no getting around the fact that credentials are literally the keys to the digital kingdom. If possible, improve them with a second factor such as a hardware token or mobile app and monitor login activity with an eye out for unusual patterns.
- Verizon’s 2015 Data Breach Investigations Report (DBIR)
Okay, so we know how we’re supposed to secure everything - with two-factor authentication, obviously - but now we need to be able to see what’s logging in to our networks. We still don’t have visibility into the cloud, especially with so many personal mobile devices connecting to our company’s applications these days. And the few security solutions out there today just aren’t cutting it.
Hear a bit from Duo Security cofounders – Dug Song and Jon Oberheide – and their take on the security industry and where Duo Platform comes in:
One Security Solution for the Job
Here at Duo, we focus on solving problems by simplifying things. So we decided to design a solution comprised of a suite of advanced features that do the job of multiple security vendors - the Duo Platform Edition, a new secure access platform.
It’s like two-factor authentication +++:
- Device Insight; the ability to identify vulnerable devices
- Policy & Controls; geolocation controls and trusted networks
- Duo Access Gateway (coming soon); secure access to cloud applications
Basically, you get deep intel into all of the devices connecting to your work applications and services, available on a slick dashboard that you can present to your team and auditors.
Then you can play around with controls to make sure people from certain countries can’t log into your networks remotely, or block authentication attempts from anonymous networks, like Tor. You can also create custom policies to enforce those controls on certain applications, or for certain users.
Here's a little more depth on what's available in Duo Platform:
Device Insight: See It All
With Device Insight, you can get a snapshot of the devices accessing your network and applications so you can assess your organization’s security profile and take steps to improve it.
Logging into the Duo Admin Panel shows you a data-rich but streamlined dashboard populated with device information, including device type, platform, OS version, model type, passcode status, screen lock status and more.
By seeing who’s using a jailbroken iPhone or outdated OS, you can identify who might be compromising your organization’s security.
Plus, you can create a device inventory, useful for audit reports and general security oversight. And all you need is an activated Duo Mobile application running on the user’s device - no agent required; nothing extra to install.
Policy & Controls: Geolocation, Trusted Networks & More
But all that data goes to waste if you don’t have the capability to create controls and policies to enforce them. Duo Platform Edition lends admins a hand by letting them pick and choose which devices, countries and what type of network can log into their applications.
Reduce the Risk of Unauthorized Access
That means you can block any countries you don’t do business in - if you don’t have employees in China or Russia, you can create a control to ensure no one from those countries can log into your network remotely.
Or block any access attempts from anonymous networks, like Tor, to help reduce the risk of a masked malicious hacker gaining access to your company data.
Reduce the Risk of Vulnerability Exploits
You can also use Device Insight to inform your custom controls around what kind of devices are allowed for authentication to tighten up your security profile.
For example, require a minimum operating system version for iOS and Android in order to reduce the threat of an attacker exploiting a known vulnerability in an older OS version. In many breach scenarios, malicious hackers use an exploit kit to check devices for vulnerable browsers, application and OS versions in order to drop malware on their systems.
Increase Security Usability
Or reduce the strain on your users and set a control that requires two-factor authentication only once a week when accessing Outlook Web App. That means they don’t have to complete two factor every single day, both making their lives easier and upping business productivity - all while ensuring effective security.
Limit Privileged Access
You can also set a control to ensure only a small group of privileged users can access sensitive applications or servers (like those with financial or healthcare data). And you can even require that they can only use a smartphone’s push authentication to log in, one of the most secure methods of two-factor authentication.
This can stop attacks in which criminals exploit the use of stolen privilege credentials in order to log into networks remotely, as they will be required to use an authorized smartphone in order to gain access.
One example of this is the Anthem healthcare breach earlier this year affecting 80 million customers and employees - the attackers were able to obtain the access credentials to an Anthem database, as well as credentials from five different technical employees during the attack.
We’re designing security to work smarter, so you don’t have to work harder to protect your company from a data breach.