New Enhancements for Device Hygiene and Access Control
Our recent study into three million endpoints revealed insightful statistics about the state of device hygiene in the Windows and Android ecosystems. As a result, we are introducing a number of new features to help our customers defend against risky, out-of-date devices.
This blog will go into detail about the security posture of Windows and Android devices, as well as additions to our access control functionality.
Security Hygiene of Windows Devices
First, let’s look at the security hygiene of Windows devices. Perhaps the most startling statistic we found was that 65 percent of all Windows devices were still running on Windows 7, a seven-year old operating system with over 600 security vulnerabilities. Even worse, tens of thousands of devices are still on Windows XP, a 15-year old operating system that Microsoft stopped supporting more than two years ago with over 700 known vulnerabilities.
When it comes to browsers, one out of every five Microsoft devices using Internet Explorer (IE) are on version 8, 9 or 10; all of these versions have been end-of-life’d by Microsoft and no longer receive critical security updates. Out-of-date operating systems and browsers are the easiest ways to compromise endpoints with unpatched vulnerabilities. View the full Trusted Access Report on Microsoft devices.
Android Security: SafetyNet APIs
We are also working with Google to gain more visibility and control over Android devices that may be out-of-date or have been tampered with. Google’s SafetyNet service analyzes an Android device to make sure that it matches the configuration of that particular Android platform’s specifications. Duo now leverages SafetyNet APIs to identify tampered Android devices and restrict their access to corporate applications.
Additionally, we also receive data from the SafetyNet service about the status of these devices. There are nearly 900,000 Android devices in our customers’ environments. More than 20,000 devices were rooted and over 8,000 devices failed the SafetyNet attestation.
In addition to gaining additional insight into the device posture, we are also leveraging the SafetyNet integration to improve our access control functionality. Administrators can now restrict access from Android devices that fail either the SafetyNet attestation or Duo’s device check. You can read more about our work with Google’s SafetyNet APIs here.
Access Control Enhancements
We are also introducing other enhancements to our access control functionality. Administrators now have the ability to restrict access to certain applications by specific software platforms and versions with regards to operating systems, browsers, and plugins. Learn more about the new controls available in Duo Access.
Finally, as we continue to support our rapidly growing enterprise customer base, we are introducing native integration with popular enterprise applications such as Workday and Oracle Access Manager. View a full list of native Duo’s integrations.