- Compromised credentials are a top cause of business data theft and security breaches. Security teams struggle to keep up with the volume of security alerts, while identity-based threats slip through the cracks.
- Duo and Exabeam bring together the power of rich authentication data and advanced analytics to automatically detect and remediate identity-based threats.
- This solution extends zero-trust policies beyond the point of access to the user session.
Credential theft continues to be the top cause of security breaches, as it has been for the past several years, according to the Verizon Data Breach Investigation Report. Compromised identities and credentials are even more damaging when they belong to privileged users who hold access to the “crown jewels” of an organization.
Security teams are finding it difficult to keep up with the avalanche of security events they need to investigate, let alone take swift action to prevent and remediate security incidents. According to Cisco’s 2018 Annual Cybersecurity Report, the quantity of organizations’ security events have increased four-fold in last two years. Further complicating matters, the lack of integration and automation between siloed security tools adds to the woe of SecOps teams, such that it takes about 66 days to contain a breach.
The result: According to Cisco’s cybersecurity report, half of legitimate events not remediated have led to the doubling of breaches in recent years.
Accelerate Security Analytics and Response for Identity-Based Threats
Duo and Exabeam have partnered to deliver a robust identity analytics, detection and response solution.
Speed Up Detection and Response
This integration enables SecOps to respond in real time to security alerts, thereby preventing or containing breaches.
Duo provides detailed authentication and endpoint data that helps in identifying potential threats very quickly and reliably, with less false positives. Duo’s adaptive authentication and endpoint data coupled with Exabeam’s advanced analytics and machine learning provides accurate and timely security alerts. This integration also removes manual remediation by automating the actions to be taken by Duo.
“This partnership will be of great benefit to our customers by increasing the speed, certainty and breadth in which they can detect and respond to potential threats in their IT environments,” said Ray Tam, Vice President of Security of Trace3. “We’ve been working closely with both Duo and Exabeam already and we look forward to engaging with both teams to ensure their solution is readily available to the organizations in our diverse customer portfolio.”
Extending Zero-Trust to User Sessions
Being squarely in the access path for every user, every device and every application allows Duo to enforce zero-trust policies at the time of access. This integration extends the zero-trust policies beyond the point of access by continuously monitoring, detecting anomalies and enforcing zero-trust policies throughout the user’s session.
While organizations need to build a strong front door to prevent breaches, they also need to build the capability to detect, resolve and respond to threats in order to limit damage as effectively as possible.
Beyond securing the front door with Duo, Exabeam is able to find the unfindable with advanced analytics and machine learning during the user session.
How It Works
- The Exabeam Security Intelligence Platform takes in rich authentication and device data provided by Duo.
- Exabeam’s advanced analytics and machine learning uses session data to find risky behaviors and suspicious devices.
- Exabeam initiates a response by prompting Duo’s adaptive multi-factor authentication to verify the user.
- If the user approves, the incident is closed. If the user doesn’t approve or doesn’t respond, Exabeam takes containment actions against the user through Duo to disable that user account, revoke permissions and/or send an email to the Security Operation Center (SOC) or SecOps team.
Configuring Duo services in Exabeam
For more details about the integration, see the configuration document.