Skip navigation

Effective October 28, 2019 Duo Security will be transitioning to Cisco's Privacy Statement. View the Duo Privacy Data Sheet.

Industry News

We Build Security for People

Attackers have long targeted users and their devices and access to applications, yet we’re still dealing with those same problems today. We’re failing at the security fundamentals, and breaches are still happening, day after day.

Part of the reason is, security was often approached as a bolted-on feature, added onto our systems as an afterthought - solutions like antivirus and firewalls alone no longer work to protect an increasingly complex attack surface with a disappearing network perimeter.

Applying security after the fact isn’t helpful to protect against the same security problems anymore. That’s partly because we’ve moved from on-premises everything to a mass migration to cloud-based web applications. Our data and apps are living not only on infrastructure we own, but also on servers that we don’t own. We don’t know exactly who is accessing what, and how.

Allowing access to these web applications involves two major components - verifying the identity of users accurately, and ensuring the security health of their devices. Ensuring their devices are secure has become a more challenging task, as employees are increasingly using their own smartphones, tablets and laptops to access work apps and data from remote working locations, from many different networks.

Security for Humans

Within the information security industry, we’ve long built security technology for technology - but at the end of the day, our users are human, after all.

That’s why Duo has engineered a solution that works for the people. It’s their credentials that are stolen through social engineering attacks - people fall for convincing phishing attacks all the time. Plus, it’s their weak, default and recycled passwords that can also be brute-forced. We have to build in a security solution designed to mitigate the fallout of these types of identity threats.

Additionally, endpoints are often the target of malicious software. Attackers exploit known vulnerabilities that leverage weaknesses in older versions of software. Your average user might not realize their browser or operating system is out of date, nor can they always keep it top of mind while they’re busy working on your core business objectives.

Trusted Access: Securing Users, Devices & Apps

At Duo, we designed a holistic security model called Trusted Access in order to verify the trust of users and devices before you grant them access, give you visibility to inform policies and controls in order to build security in a way that enables your organization.

Trusted Users

We ensure user access is secured with two-factor authentication, offering push-based authentication and U2F devices that are more phishing-resistant and secure than SMS.

It’s easy and fast to use for every type of user, meaning your users will actually use it.

Trusted Devices

To help your users identify out-of-date software on their devices, we check every endpoint, each time they log into your apps and give you detailed data about your users’ devices.

Then we give your admins the option to notify, warn or block your user’s devices, based on security health checks that you can customize to meet your organization’s security baseline.

We check and notify your users if their operating system, browser, or plugin like Flash or Java is out of date, then give them the ability to update their devices before logging into your apps.

Every App

Our solution allows you to customize user and device preferences for every app you use - including VPNs, cloud, web, on-premises apps and more. That way, you can limit the scope of risk should an attacker compromise a user’s account.

We’ve built our Trusted Access platform to easily integrate with your other systems, people and their devices, based on combating the biggest threats today. Learn more in What is Trusted Access?