New Enhancements to Access Control Policies
Hundreds of customers across different sizes and industries use Duo Access access control functionality to protect sensitive applications from unauthorized users and out-of-date devices. We’ve been working closely with them to learn how to further improve these features for both administrators and end users, and we’re excited to announce some significant additions to our access control capabilities.
Limit Access to Specific Software Platforms
Many companies want to limit the operating systems, browsers and plugins supported on their network. Some reasons for this include:
operational efficiencies (supportability, lifecycle management)
security (limit vulnerabilities and attack surface)
improved end-user experience (some applications have specific operating requirements)
Our new access control policy engine makes it easy for you to limit access to certain software platforms. You can now set hard blocks against a specific operating system, browser or plugin on a per-application level. For example, if you want to limit the usage of Internet Explorer and encourage employees to use newer browsers like Microsoft Edge or Google Chrome within your workplace, you might limit access to VPN gateways from Internet Explorer, but allow access from other major browser platforms.
##Require Latest Versions
Plugins like Adobe Flash Player and Java are a hotbed of vulnerabilities and require constant updating. When patches are released, hackers immediately update their exploit kits to look for unsuspecting, out-of-date devices to attack. Our research of more than 3 million endpoints found that 60% of all Flash plugins and 72% of all Java plugins are out-of-date. As a result, these two plugins account for the majority of the top Common Vulnerabilities and Exposures (CVE). But because many applications still require these plugins to run, administrators can’t remove them from their network.
With our access control functionality, you can now allow only recent versions of Adobe Flash and Java to access business applications:
You can even entirely block users running certain plugins from accessing your most critical applications:
New End-User Interface for Self-Remediation
We’ve also updated the Self-Remediation workflow for end users to more clearly communicate your security policy and remediation steps. Here are some examples of these new additions:
Notifying a user that their mobile OS is older than the version their administrator requires:
Warning a user that they will be blocked if they don’t update their browser soon:
Notifying a user when the browser they're using is not allowed by the administrator, and showing options of alternate browsers that are allowed:
These new features are now available for all Duo Access customers, and if you aren’t already a user you can try it free for 30 days. Stay safe out there.