New Duo Integrations Enhance Security Visibility and Threat Intelligence in SecureX Platform
Visibility is a key element to success in many professions. Just ask a pilot, a top athlete, or a security operations (SecOps) analyst. Another is simplicity. Having the tools and information you need at your fingertips uncomplicates the decision process and helps you make smart choices. Poor visibility, on the other hand, often leads to mistakes based on a lack of insight. And having disparate or overly-complex systems to deal with can be frustrating and time-consuming. These are some of the challenges we’re addressing with our announcement that telemetry from Duo’s Trust Monitor and Device Insight features has been integrated into SecureX, Cisco’s cloud-native security platform that connects the breadth of Cisco's integrated security portfolio and the customer's infrastructure for a consistent experience.
Enhanced Security Visibility and Threat Intelligence
When Duo launched Trust Monitor in November 2020, the idea was to highlight suspicious login activity and help SecOps investigate potentially compromised accounts. Trust Monitor does this by ingesting and then analyzing authentication data (telemetry) in real time to build user profiles which it then compares to future login attempts. For example, Scott typically logs in each morning around 7:30 am from California on his Mac running macOS Monterey and he accesses Microsoft Office. If Scott’s credentials are suddenly used to log in from a Windows 10 PC somewhere in Asia to access a finance application at 2:00 am, Trust Monitor identifies the login attempt as potentially suspicious because it deviates from his normal login behavior and could mean his account has been compromised. Surfacing this information provides SecOps analysts with greater security visibility into potential threats.
While Trust Monitor highlights anomalous logins, Device Insight inventories endpoints to provide data on device status. For example, how many network endpoints are running the latest OS? Is the browser up to date? What about Flash and Java plug-ins? Duo Beyond edition customers can filter by trusted and non-trusted endpoint. For more granular information, the Mobile Devices page provides details on OS versions by device, which smartphones and tablets have been tampered with, and whether security features such as screen lock, disk encryption, and biometrics are being used. There’s also a Laptops & Desktops page which shows the operating system and browser versions of the devices used to access the network over the previous seven days.
In 2022, we’ve taken things a step further. Cisco Secure customers with a Duo Access or Beyond subscription can now access Trust Monitor and Device Insight telemetry directly from their SecureX dashboard. As part of the SecureX ecosystem, Trust Monitor and Device Insight join other Cisco Secure products to provide SecOps analysts with enhanced threat intelligence. Using that information, analysts gain a deeper understanding of their existing security posture and policies and can take actions to step up (or down) access requirements as needed.
Benefits of the SecureX Ecosystem
The integration of Trust Monitor and Device Insight telemetry into SecureX offers benefits beyond providing high-level visibility into security events and endpoint posture. Organizations that combine Duo with other Cisco Secure products achieve their security goals faster and more efficiently through an integrated security ecosystem approach. The integration also enables SecOps teams to:
Extend and enhance threat detection and cybersecurity visibility by consolidating Duo authentication log data with user endpoint insights to verify user and device trust
Streamline security operations by accessing security event data across the network environment through a single platform
Aggregate and correlate global threat intelligence, providing a holistic view of the threat landscape from one location
Reduce time spent on manual tasks by eliminating the need to log into the Duo administrator dashboard separately
Speed time to remediation by surfacing actionable security events across multiple Cisco Secure products
If you’re in security operations, you’ve got to continually monitor log data to identify anomalous security events that could be threats to your organization. Managing multiple disparate security solutions and the log data each generates to do that is time-intensive and frankly not all that fun. With SecureX, the integration of Trust Monitor and Device Insight will save you time by highlighting suspicious authentication attempts while providing the number, type, and security posture of endpoints on your network directly from your SecureX dashboard, helping to improve your organization’s overall security strength.
Looking for more information?
Take the Duo Level Up course, Introduction to Duo Trust Monitor
Watch our webinar, Trust Monitor Anomaly Detection Webinar