Duo Security Ranked #1 Highest Value Security Company by Box
Recently, Chief Trust Officer of Box Justin Somaini reported on the results of a survey on the Top 20 Innovative Security Companies. Titled the 2013 Red List, the survey included responses from over 500 security practitioners, vendors, consultants, researchers and venture capitalists on the current state of the security industry.
According to the report, the survey was conducted in order to reveal how security controls have evolved as data has moved from on-site models to cloud-based software as a service (SaaS). With these new hybrid IT models comes the need for modern security solutions that can effectively secure data and applications no matter where they’re hosted.
According to real-world security practitioners, Duo Security’s solution provides the highest value among all new security companies, rated at 62 percent. Moreover, every practitioner finds value in Duo Security’s solution, as Duo was the only company ranked at 0 percent for companies providing no value.
The report also ranked the top five security problems from security practitioners, with threats as the primary concern, and clouds and compliance as other problems they’re tasked with solving. With these as concerns, it comes as no surprise that Duo Security is ranked #1 as the security organization with the most value, as we’ve endeavored to solve each of these issues with one simple solution.
Threats
Duo Security’s two-factor authentication service is designed to thwart man-in-the-browser, phishing emails and other credential-stealing attacks with our patented technology.
According to the 2013 Verizon Breach Report, 76 percent of network intrusions exploited weak or stolen credentials. User-targeted attacks are the most prevalent type of attack due to their ease of execution and high success rate.
While the end goal of a phishing attack is to steal credentials to gain access to networks, Duo’s two-factor provides a secondary form of authentication tied to a user’s phone to stop attackers armed with only the primary form of authentication.
Clouds
The report lists securing cloud-based applications and data as a concern of security practitioners, as well as securing cloud services.
This speaks to the industry migration from on-site services to more cloud-based applications and data, with the need to keep sensitive data secure, especially when hosted with third-party vendors. With this migration comes a new security trust model focused on securing user accounts in order to limit access to data hosted in the cloud to only authorized users.
Duo’s two-factor can be integrated with enterprise cloud applications and services to protect your user accounts, meaning you only need to use a single authentication solution for access to both on-premises and cloud applications.
Compliance
Compliance doesn’t always equal security, but it is required by industry data regulations and auditors. Duo Security’s two-factor authentication satisfies compliance across the retail, e-commerce, healthcare, online banking, government and academic sectors.
For the retail and e-commerce (PCI DSS) industry, requirement 8.3 requires companies to use two-factor for remote network access by personnel and all third-parties, including vendor access. The same goes for the healthcare industry; The HIPAA Security Rule recommends the use of two-factor for remote access to any systems with ePHI (electronic protected health information) to mitigate the risk of stolen logins.
Similarly, the FFIEC recommends online banking security controls should include the use of dual customer authorization through different access devices. For the public sector, including education, government and nonprofits, NIST 800-93 also recommends using at least two authentication factors for remote network access.
Duo Security’s two-factor offers a single solution to combat challenges presented by threats, cloud and compliance. As new technology emerges and new security challenges evolve as a result, we’re continuously improving upon our solution to deliver powerful authentication for credential protection.