Now Available: The 2016 Duo Trusted Access Report
We just released our first data-driven report, The 2016 Duo Trusted Access Report: The Current State of Device Security; an in-depth analysis of the security health of millions of devices and the risk they bring to companies.
Our Duo Labs team analyzed our comprehensive dataset of more than two million devices used by customers in every industry and size, ranging from small startups to Fortune 500 enterprises.
These devices perform over two million authentications per day using Duo’s two-factor authentication. Our Duo Mobile authentication application collects this data via our endpoint visibility feature, Device Insight, gathering detailed data on device operating systems, browsers, plugins and more - without an agent.
New Threats Target Users and Devices
New security threats have evolved to match how we access data today - with more and more personal and unmanaged devices, logging into applications hosted in the cloud, from many different networks. All of those factors make it more difficult to verify a user’s identity, as well as ensure the security health of the devices used to log into corporate networks.
Knowing this, attackers have turned their focus to targeting user credentials as the key to remote access to business applications. According to Verizon’s 2016 Data Breach Investigations Report (DBIR), 63 percent of confirmed data breaches involved weak, default or stolen passwords.
The capture and/or reuse of credentials is used in highly targeted attacks and malware infections - it’s also the standard toolkit of organized criminal groups and state-affiliated hackers alike.
“The use of stolen, weak or default credentials in breaches is not new, is not bleeding edge, is not glamorous, but boy howdy it works.” - Verizon 2016 DBIR
The report also states that older vulnerabilities are still heavily targeted - attackers leverage these vulnerabilities against outdated user devices that connect to company apps, because they still work. One major reason why is because IT lacks insight into outdated devices, and often can’t patch them quickly enough to protect against the latest security threats.
How Trusted Access Helps
With stolen credentials and old vulnerabilities as the most successful and prevalent attack vectors, we designed a security solution that works simply and efficiently, by:
- Verifying the identity of your users with two-factor authentication via our Duo Mobile application using a variety of authentication methods, including Duo Push.
- Checking the security health of your devices with Duo’s endpoint visibility solution that gives you insight into your devices, without the use of an agent. Block access or warn users to update if they are running outdated, insecure OSs, plugins, browsers and more with our Endpoint Remediation feature.
The combination of these two robust security tools verify both the trust of your users and devices before granting access to your company apps and data - that’s the core of our Trusted Access platform.
What’s In The Report
In this report, you’ll get:
- A breakdown of how many Mac, Windows and other users and devices are running outdated, unsupported browsers, operating systems, Java and Flash
- The types of known vulnerabilities your users and company are susceptible to
- Duo’s security hygiene recommendations to secure your devices, users, apps and data
- A real-life breach scenario and how a Trusted Access solution can prevent a breach
Get advice on securing your organization’s endpoints to protect against a successful attack using stolen credentials or known vulnerabilities.