You Asked, We Listened: Developing the Duo Trust Monitor API Endpoint
Earlier this year, Duo announced a public preview of our new feature Duo Trust Monitor. As an access security company, we have a unique perspective into the ways users and devices connect to corporate applications. By leveraging these data and Duo's unique insight into devices, users and context when accessing applications, Trust Monitor can quickly surface actionable anomalies which make your business more secure without having to invest in your own machine learning program.
Traditionally, a customer would have to review or export raw authentication logs in search of strange behavior, a time-consuming and sometimes pointless exercise. We developed Trust Monitor to shorten the time customers spend sorting through logs, while simultaneously highlighting suspicious logins automatically. The goal being to help customers find and remediate access threats early.
Getting Customer Feedback
Before officially launching any new feature at Duo, we preview it with current customers. So far, the feedback from customers in our public preview has been positive. In fact, we’ve had a variety of customers cite the risky logins highlighted by Duo Trust Monitor as directly illuminating a compromised credential threat. Once discovered, security teams quickly and effectively rectified the situations.
However, the point of a public preview is also to garner constructive criticism.
Customers Want Programmatic Access to Risky Login Data
One piece of feedback we heard time and again was that the risky login events would be more useful if leveraged within a more central security tool. For example, a large hospital system in the Southeast told us that they wanted to see these events within the context of our whole environment and that context was in their SIEM tool.
Furthermore, a consulting firm noted that while the risky login events were valuable, they felt that they didn’t want their threat intelligence team swiveling between Duo and their other tools.
To get more concrete, an export tool would be okay, but not enough. To really simplify the set-up and use of our new Trust Monitor, many companies wanted programmatic access to the anomalous events via API. A financial services firm noted that setting up an automated connection to get the Duo context to their Security Operations Center (SOC) would both save time and provide valuable context to their security team in the short and long term.
You Asked, We Listened: Introducing New Trust Monitor API Endpoint
Customer feedback is important to us at Duo. We’re constantly striving to improve our tools to meet the needs of our customers. In this case, the feedback provided in the public preview directly influenced our roadmap. Today, we’re happy to announce that the Trust Monitor feature will have an API endpoint that will enable companies to programmatically ingest suspicious access logs from Duo into other security applications. The functionality has been added within our Admin API, which many customers are already familiar with.
When Can I Use Duo Trust Monitor and Its API Endpoint?
When Duo Trust Monitor becomes officially available later this fall, customers using the feature will not only see anomalous login activity highlighted in their Duo Admin Panel, but they’ll be able to GET relevant event information programmatically for additional analysis.
In the first version of the API, events and supporting information like timestamps and risk explanations(i.e. new access device or unusual access IP) will be available. This way the new Trust Monitor events can be consumed in the way that suits each customer best - either directly in Duo or in another application.
We’re excited to be able to include this capability in our new feature - especially as it originated directly from customer feedback. While Duo Trust Monitor is still in Public Preview, the new API functionality is now available for customers in the preview.
If you’d like to gain early access, please reach out to your Duo representative or contact support. As a final note, Duo Trust Monitor will be released more broadly later this fall and official documentation will be available both for the feature and the new API functionality at that time.
Try Duo For Free
With our free 30-day trial you can see how easy it is to get started with Duo and secure your workforce, from anywhere and on any device.
