<![CDATA[The Duo Blog]]> https://duo.com Duo's Trusted Access platform verifies the identity of your users with two-factor authentication and security health of their devices before they connect to the apps you want them to access. Mon, 25 Aug 2025 16:58:11 +0000 en-us info@duosecurity.com (Amy Vazquez) Copyright 2025 3600 <![CDATA[Research insights: 4 trends reshaping identity security in 2025]]> mcaulfie@cisco.com (Matt Caulfield) https://duo.com/blog/research-insights-4-trends-reshaping-identity-security-in-2025 https://duo.com/blog/research-insights-4-trends-reshaping-identity-security-in-2025 Product & Engineering Tue, 26 Aug 2025 00:00:00 +0000

At Duo, we know that managing who accesses what, from where, and on which device is not just a daily challenge—it’s a strategic imperative.

The security industry is facing an identity crisis. As AI-driven threats surge, security leaders are confronting alarming confidence gaps, fragmented visibility, and additional hurdles to adopt essential identity security measures.

To explore how companies are navigating this complex environment, we surveyed 650 IT and security leaders across North America and Europe. Our latest report, the 2025 State of Identity Security, reveals the urgent identity challenges cybersecurity professionals face today.

The findings expose a stark reality: While leaders acknowledge the vital role of identity security, glaring gaps in confidence and execution leave many organizations dangerously vulnerable.

Leaders face significant challenges as identity threats escalate and security gaps widen. Only a third (33%) of leaders are confident that their current identity provider (IdP) can prevent identity-based attacks. This lack of confidence is heightened by complex identity systems and concerns about limited visibility into potential weaknesses. A significant 94% of leaders believe that complexity in identity infrastructure decreases their overall security. Additionally, 75% of leaders admit they lack full insight into identity vulnerabilities across their organizations. Identity and tool sprawl also hinder unified security and visibility. On average, IT and security teams use five tools to resolve a single identity issue.

The consequences can be costly: Over half (51%) of organizations have suffered financial losses due to identity-related breaches. Recognizing the high stakes, companies are proactively responding to these risks. In fact, 82% of financial decision-makers have increased investments in identity security for 2025. This signals a clear commitment to strengthening defenses and closing critical gaps.

“94% of leaders believe that complexity in identity infrastructure decreases their overall security.”

The rise of artificial intelligence (AI) presents both new threats and a powerful impetus for change in identity security. AI-driven phishing is one of the top identity threats for 2025 according to 44% of leaders, alongside insider threats and supply chain attacks. Traditional defenses are no match for the sophistication of AI-powered attacks, especially when combined with complex supply chain networks and identity ecosystems.

“44% of leaders consider AI-driven phishing one of the top identity threats for 2025.”

However, AI is also modernizing identity systems. 85% of companies are adopting security-first identity practices to counter AI-driven threats. AI is a powerful catalyst, driving organizations to address long-standing gaps in their identity security strategies and to leverage data processing through AI as a tool.

Phishing remains a perennial issue, driving the need for stronger authentication and complete deployment of multi-factor authentication (MFA). While 87% of leaders believe phishing-resistant MFA is critical to their security strategies, only 30% are highly confident in their phishing controls.

Even foundational MFA defenses are not universally applied. The top causes of identity breaches include: weak or missing MFA (36%), coverage gaps (34%), and one-time passcode failures (29%). Cisco Talos’ recent Year in Review also listed missing, incomplete, or weak coverage of MFA as top vectors for identity-based attacks.

Further, only 19% of companies have deployed FIDO2 tokens, the gold standard in phishing-resistant MFA. Often, these hardware tokens are reserved for privileged users. The rest are held back by token management (57%), training needs (53%) and hardware cost (47%).

Upgrading to more secure authentication methods is top-of-mind. Sixty-one percent of leaders want to adopt passwordless access but expect deployment challenges.

“61% of leaders want their organizations to go passwordless”

Amid identity sprawl, shadow IT, and irregular identity lifecycles, today’s unpredictable security landscape presents significant challenges—but companies also have valuable opportunities to strengthen their defenses and take proactive steps to address these issues.

Many IT leaders acknowledge that identity security is added after a compliance issue or breach, rather than built-in from the start. A significant 74% of IT leaders admit identity security is often an afterthought in infrastructure planning.

Treating security as an add-on can result in additional costs, complexity, and misalignment that decreases overall visibility. In response to tool sprawl and complexity, 79% of teams are actively exploring vendor consolidation to improve identity security visibility.

Only 52% of organizations believe they have fully integrated identity and device telemetry. Without real-time visibility into identity behaviors, security and IT teams can’t make consistent, informed decisions.

Further, a significant 86% of leaders expressed concern about inadequate controls for contractors and third-party access. This extended perimeter often lacks the robust oversight applied to internal users, with the added challenges of unmanaged devices and timely deprovisioning.

As organizations shift to a security-first IAM strategy, unified visibility is critical for bridging gaps across complex environments. 87% of leaders believe that having identity threat detection and response (ITDR) is crucial. Meanwhile, only 32% of IT teams have Identity Security Posture Management (ISPM) solutions deployed.

Organizations need identity solutions that prioritize security without compromising usability. Security-first IAM makes strong identity defenses the default.

Duo and Cisco Identity Intelligence help global teams make sense of the complex identity landscape by offering simplified security-first identity management, frictionless phishing-resistant MFA, and unified identity telemetry.

Get in front of identity security challenges and leap ahead in resilience and readiness. Download Cisco Duo’s report the 2025 State of Identity Security: Challenges and Strategies from IT and Security Leaders to dive deeper into the findings and actionable insights.

]]>
<![CDATA[Five ways to defend against AI-powered-identity threats with Duo]]> sgrebe@duo.com (Scott Grebe) https://duo.com/blog/five-ways-to-defend-against-ai-powered-identity-threats-with-duo https://duo.com/blog/five-ways-to-defend-against-ai-powered-identity-threats-with-duo Product & Engineering Tue, 19 Aug 2025 00:00:00 +0000

  • How AI poses new threats to identity

  • How you can detect and respond to attacks on identity faster

  • How Duo helps defenders use AI to fight AI

Successful cybersecurity always comes down to time: Can your tools and defenders find and respond to threats before they impact your business? With more threat actors using artificial intelligence (AI) to amplify attacks, CISOs and identity and access management (IAM) leaders need multi-layered, AI-led strategies to stop AI-led threats.

A new ebook from the Cisco Duo team, Identity Security in the Age of AI, looks at the impact of AI on the identity threat landscape and outlines a 5-step plan for defending against modern risks.

We share some highlights from that discussion here, starting with an update on risk.

AI equips adversaries to launch high-scale phishing campaigns and other identity-based attacks faster than ever. It introduces new attack techniques as well as modern twists on the classics:

Powered by AI, phishing attacks have morphed from simple email scams to sophisticated multi-stage campaigns. AI equips threat actors to:

  • Automate and orchestrate rapid or multi-stage phishing campaigns

  • Create more convincing phishing campaigns

  • Target a broader audience

  • Increase the scale and sophistication of attacks

  • Resend exploits quickly and more frequently

Large language model (LLM) tools like ChatGPT and Microsoft Copilot help take phishing and social engineering to new heights. With a few simple prompts, AI tools like ChatGPT do the legwork of gathering information that can be used to impersonate or trick someone into revealing sensitive information, write convincing phishing emails with better spelling and grammar, and include deepfake videos impersonating trusted entities like CEOs, IT technicians, and vendors.

Modern campaigns combine email, social media, and mobile platforms to fool users and evade detection. LLMs help threat actors automate and scale campaigns making it harder for defenders to detect threats before they progress to lateral movement, account takeover (ATO), or outbound attacks against your supply chain.

Emerging agentic AI tools like Computer-Using Agents (CUAs) interact with technology just like humans do—which spells the start of a whole new ballgame. AI agents might be used to take over the grunt work from human hackers and perpetrate attacks faster by:

  • Scanning systems for vulnerabilities

  • Deploying malware

  • Impersonating humans in chatbots

  • Harvesting credentials by logging keystrokes or scraping auto-filled passwords from browsers

  • Copying and sneaking sensitive data out through email

Security experts predict CUAs can accelerate and scale tried-and-true credential-stuffing attacks by entering massive volumes of username/password combinations instantaneously. Widespread adoption of CUAs will necessitate new defensive strategies like developing and investing in more discerning ways of authenticating and authorizing AI agents themselves.

While the potential for threat actors to wield AI against enterprises seems limitless, the same holds true for cyber defenses. The new ebook from Duo AI experts goes on to outline a plan for swinging the AI pendulum back onto defenders’ side.

As a foundational step, your IAM and security experts need 100% visibility into your identity security and attack surface so they can keep track of AI in your environment. Like the unauthorized use of cloud, using AI tools without going through the proper channels creates ‘shadow AI.’ Part of Cisco’s comprehensive AI Defense portfolio, the Cisco AI Access solution reduces risk from shadow AI by inspecting traffic to discover and manage applications, tools, and functionality with clear context around risk.

Once you establish visibility and define policies to regulate employees’ use of AI, start building up security at every critical attack vector, beginning with a proactive 5-step plan to bolster security for the age of AI:

Zero trust security journeys start with safeguarding identity, now seen as the modern perimeter of security. IAM effectively becomes the foundation, the new front line of defense.

ISPM takes a proactive approach to validating your company’s identity security—versus identity itself (that job belongs to MFA)—to find vulnerabilities and enhance defenses against identity-based attacks. ISPM tools proactively analyze data and ensure organizations have proper authentication and security policies in place. ISPM improves identity data hygiene to ensure authentication strategies like MFA and authorization policies like least-privilege access do not get bypassed.

Cisco Identity Intelligence assesses and generates an identity security score that reflects the maturity and strength of your organization’s identity security posture. Identity Intelligence also proposes ways to strengthen your defenses based on impact, priority, and risk. Learn more about ISPM.

Regulators, cyber insurance providers, would-be partners and customers increasingly make decisions about compliance, premium increases, and whether to work with your company based on your security posture. Recognizing the importance of identity, many industry, federal, and state data privacy regulations now specify phishing-resistant MFA.

What they don’t specify is how to go about it. But thanks in part to AI, end-to-end phishing prevention is now well within reach. Cisco Duo adds powerful capabilities like:

  • Proximity verification that uses Bluetooth Low Energy (BLE) to confirm the authentication device and system being accessed are in the same place—great added protection against remote and third-party attacks.

  • Complete passwordless that takes away the bait phishing attacks try to capture. Passwordless MFA replaces vulnerable credentials using a flexible mix of tokens, push notifications and biometrics to validate identity, even during MFA enrollment, Help Desk calls, and fallback

  • Secure transfer of trust through Duo Passport with Session Theft Protection. Passport seamlessly completes multiple authentication sessions without asking users to log in repeatedly.

With AI finding new ways to confuse recognition scanners, companies need policies and tools to establish trust in the devices being used to interact with resources. That means extending trust to devices as well as people, including personal and third-party endpoints your IT department doesn’t control.

Duo’s Device Trust capabilities assess and validate the health of any device to make sure it has the right security controls in place and working, up to date and configured correctly. Learn more about Device Trust.

CISA recently highlighted the rise of attacks in which attackers contact an organization’s Help Desk requesting or demanding help to reset a password or MFA workflow. AI helps power these attacks with social engineering campaigns that enable threat actors to impersonate employees.

Companies can take several steps to prevent dedicated, responsive Help Desk technicians from complying with urgent requests to reset logins for adversaries impersonating executives and remote workers:

  • Monitor and update policies for resetting credentials

  • Train technicians to recognize Help Desk scams

  • Create contingency plans for verifying identity when users can't produce valid credentials or devices used to receive push notifications or complete MFA

Cisco Identity Intelligence helps IT build on-the-fly contingency plans by generating reliable data that can be used to verify identity—for example, which applications users accessed the day before and from where. Read more about preventing Help Desk attacks.

In addition to Identity Intelligence, the introduction of Duo Identity Verification powered by Persona helps organizations avoid social engineering threats and eliminate trade-offs between strong security and responsive service. A verifying user gets redirected to Persona and asked to provide a snapshot of their government-issued ID along with a selfie photograph. Persona conducts a variety of verification checks such as matching the selfie to the photo in the government-issued ID and performing liveness detection on the selfie to detect AI-powered deepfakes.

Identity Threat Detection & Response (ITDR) systems protect your identity management infrastructure by verifying admin credentials and detecting and blocking identity-based threats like phishing and account takeover. Cisco Identity Intelligence supports ITDR by correlating identity data from various sources and calculating trust level scores—complete with explanations—for individual users based on their activity. Identity Intelligence even recommends response actions that can be implemented manually or automated within existing workflows, like configuring a system to send an alert to SOC analysts upon detecting anomalies.

There’s no such thing as a “simple” login. Incorporating AI into your IAM practices can help security teams get to the bottom of login issues quickly and accurately. Cisco’s AI Assistant lets admins see the full trail of events in context. The tool facilitates investigation by bringing together logs, knowledge base articles and product documentation resources in one place, and one single conversation. Learn more about AI Assistant.

Cisco's proprietary machine learning models (ML) provide superior threat detection, safeguarding against data exposure and protecting against novel attack vectors. With full visibility and control over the traffic on your network, Duo helps identity security leaders uncover and block malicious use of AI without impeding productivity.

Flexible strategies, and the right solutions, equip organizations to fight AI with AI by:

  • Adapting continuously as AI tools evolve and pose new threats

  • Keeping security and user experience (UX) in balance with security-first IAM

  • Enabling end-to-end phishing resistance and identity threat detection and automated response at machine speed and scale

Download the full ebook to learn more about securing and fully leveraging your investments in AI.

If you’d like to go further, get in touch with a Duo identity security expert for a targeted assessment of your organization’s potential risk from AI and strategies tailored to keep time on your side.

]]>
<![CDATA[Cisco Duo and Chrome Enterprise: Solutions for modern identity]]> fireboat@cisco.com (Boat Agboatwalla) https://duo.com/blog/cisco-duo-chrome-enterprise-solutions-modern-identity https://duo.com/blog/cisco-duo-chrome-enterprise-solutions-modern-identity Product & Engineering Thu, 14 Aug 2025 00:00:00 +0000

Over the last five years, enterprise work models have continuously evolved, shifting from COVID-era work-from-home policies to return-to-office initiatives. During this period, over 215,000 global mergers and acquisitions have been announced, complicating identity management and security as no two environments are identical.

In the age of AI, humans are still the weakest link, especially when bulk lists of credentials only cost $10-$15 dollars on the dark web according to Talos’ 2024 Year in Review. Companies around the world are formalizing the future of work and there is no time like the present to start securing your user identities with Cisco Duo and Google.

Aligned with Duo’s most recent announcement, we have collaborated with Google to release three new integrations to protect all enterprise identities in your environments.

With identity at the core of Universal Zero Trust Network Architecture, start protecting Google Cloud, Workspace, and Chrome Enterprise users with Duo Identity and Access Management (IAM), Duo’s security-first IAM solution. Whether an administrator is working within the Duo Admin Panel or the Google Admin console, you can reduce security risks caused by manual errors through bi-directional sync. With Duo Directory, you can easily sync users and attributes with external sources and then leverage our popular SSO and MFA capabilities to provide seamless access management. Create a more seamless login experience by utilizing Google’s or Duo’s Single Sign-on (SSO).

Building on our current Chrome Enterprise integration from RSA 2024 for managed devices, we are pleased to announce the expansion of support to include the additional context-aware signals for device trust:

  • Minimum OS Version

  • Screen Lock Password

  • Disk Encryption

  • Host Firewall

  • Chrome Browser Version

  • Device Enrollment Domain

Cisco Duo's new integration with the Chrome Enterprise browser empowers organizations using Duo as their identity provider to quickly and seamlessly manage Chrome profiles and apply consistent security policies across both managed and unmanaged devices. This makes it easy for enterprises to get critical security insights, apply granular browser controls and configure data loss prevention right in the browser already used by employees. Duo's additional integrations with Chrome Enterprise also enable organizations to leverage a wide range of signals and telemetry from Chrome to enforce device trust and deny access from devices, even those owned by partners or contractors, all without requiring the deployment of additional Duo agents or extensions. In collaboration with Chrome Enterprise, Duo is excited to announce Duo Single Sign-On for Chrome Enterprise.

Duo SSO functions as an OpenID Provider, authenticating your users with an existing on-premises Active Directory or SAML 2.0 IdP. It also prompts for multifactor or passwordless authentication before permitting access to resources protected by Chrome Enterprise.

To use these features, devices must be enrolled or have managed Chrome user accounts leveraging Chrome Enterprise Core, which unlocks cloud-based management and reporting for $0. Organizations looking for these features plus more advanced security and data protections can upgrade to Chrome Enterprise Premium.

For more information, check out this setup guide.

As the modern workplace continues to evolve, so do the challenges of securely managing access across diverse user groups, devices, and scenarios. Even on fully managed devices, enterprises might want end users to only access their work resources from corporate-managed profiles. With Duo and the Chrome Enterprise browser you can easily encourage or enforce users to utilize their work profiles when accessing work websites and not their personal profiles. With Duo and Chrome Enterprise, organizations can unlock a variety of new use cases, ensuring seamless and secure access for every identity.

  • BYOD & Unmanaged Devices: Duo and Chrome Enterprise make it easy to extend enterprise-grade security to Bring Your Own Device (BYOD) and unmanaged devices, giving employees the flexibility they want without compromising the safety of corporate resources.

  • Partners, Contractors, and Third-Party Identities: With Duo’s robust identity security platform and Chrome Enterprise Premium’s enhanced data leak protection, organizations can now secure third-party identities as effectively as they do their internal teams, extending and fostering collaboration without sacrificing security.

  • New Corporate Identities from Mergers & Acquisitions: Mergers and acquisitions bring a wave of new corporate identities, systems, and processes. Duo and Chrome Enterprise simplify the integration process, enabling fast and secure onboarding for new users while maintaining strict access control policies.

  • Disaster Recovery Scenarios: Unforeseen disruptions can be as simple as bad weather delaying the delivery of a managed device. With Duo’s adaptive access policies and Chrome Enterprise’s familiar browser interface, administrators have the flexibility to quickly adapt, ensuring that users can securely access corporate systems regardless of their location or device, even in the most challenging circumstances.

  • Contextual Access Control & Device Trust: Ensure only trusted, managed, and compliant devices running secure Chrome browsers can access sensitive Saas applications.

  • Data Loss Prevention: Apply browser-level data security policies such as watermarking, screenshot protection, URL filtering, upload, download, copy-paste and print restrictions based on sensitivity of data to your Duo-protected SaaS apps.

  • Comprehensive Visibility: Gain real-time insights into user activity, device posture, and security events, enabling proactive threat management.

In conclusion, the collaboration between Cisco Duo and Google Chrome Enterprise significantly strengthens identity security for modern organizations. Our joint solutions address the complexities of evolving work models by providing robust protection and contextual access control across diverse user groups and devices to stay ahead of the curve - delivering the perfect balance of security, flexibility, and user experience. With enhanced visibility and data loss prevention capabilities, organizations can confidently manage access for employees, contractors, and other third parties, even during M&A transitions. Ultimately, this partnership empowers enterprises to secure their critical resources and embrace the future of work with greater confidence and resilience.

Get started by reading more about Duo’s new security-first IAM solution or start using Duo as an identity broker or secondary identity provider. Simplify enrollment with Duo’s Single Sign-on integration with Chrome Enterprise and stop phishing attacks with the Cisco Device Trust Connector.

Looking to learn more about additional Cisco Security + Chrome Enterprise Recommended solutions?

]]>
<![CDATA[The Total Economic Impact™ of Cisco Duo: 198% ROI and $4.4M NPV]]> sgrebe@duo.com (Scott Grebe) https://duo.com/blog/total-economic-impact-of-cisco-duo https://duo.com/blog/total-economic-impact-of-cisco-duo Product & Engineering Tue, 12 Aug 2025 00:00:00 +0000

The smartest cybersecurity investments don’t just help businesses avoid losses, they increase productivity and satisfaction at the same time. To measure the value achieved through strong identity security, Cisco commissioned Forrester Consulting to conduct a Total Economic Impact™ (TEI) study for Cisco Duo.

Forrester consultants interviewed seven decision-makers about their experiences with Duo and the benefits, costs, risks, and flexibility of their investments. Following these sessions, Forrester aggregated the results and conducted an in-depth financial analysis for a composite global organization with annual revenues of $2.5B and 10k full-time employees (FTEs).

The resulting TEI study that published in July 2025 showed the composite organization achieved substantial value over a three-year period by investing in Duo.

The bottom line? Duo represents a smart investment.

Forrester writes in the study: “A positive project NPV normally indicates that the investment should be made unless other projects have higher NPVs.” Duo’s 198% ROI and $4.4M net present value (NPV) point to a sound and rewarding investment.

The commissioned study conducted by Forrester Consulting on behalf of Cisco highlights the fact that Duo delivers transformative benefits on three critical fronts: stronger security, higher productivity, and greater operational efficiency.

Without a centralized identity and access management (IAM) solution, interviewees told Forrester their organizations struggled with security gaps, compliance challenges, and operational complexity. Some reported applying weak MFA processes for critical systems like VPNs, leaving users reliant on vulnerable passwords as their primary method of authentication.

Companies that do not have strong identity security face higher risk from phishing attacks, credential theft, and brute-force intrusions. A single compromised password could give adversaries access to multiple systems and pave the way for lateral movement leading to devastating breaches.

With its official expansion into the IAM market, Duo overcomes the limitations of traditional IAM solutions that emphasize business enablement over—and at the cost of—robust security. In the study, Forrester notes that Duo is:

A leading IAM solution that takes a security-first approach to address modern identity-based threats without compromising usability. It delivers comprehensive protection through security-first identity, end-to-end phishing resistance, and unified identity intelligence.

After investing to make Duo the cornerstone of their identity strategies, organizations strengthened security by closing visibility gaps and controlling who logs in from where using what devices.

The TEI calculated the overall value of Duo’s cyber risk reduction to the composite organization at $1.6 million citing measurable improvements in breach prevention, identity security, and threat detection. The TEI notes that Duo combines user and device authentication to create layered protection against unauthorized access to resources that includes strong MFA, end-to-end phishing resistance, device verification, and unified identity intelligence. This layered approach helps the composite reduce the likelihood of unauthorized access leading to a breach and minimize breach-related costs such as legal fees, data recovery, and reputational damage if one did occur.

Duo improves security through:

  • Best-practice logins

  • Visibility across applications

  • Threat detection powered by machine learning

  • Disruption of the attack chain to block lateral movement toward sensitive systems

But while the “killer app” for multi-factor authentication (MFA) is still improving defenses against identity-led attacks, Duo’s ability to enhance productivity has even greater financial impact.

Interviewees told Forrester consultants that Duo reduces the time it takes to log in, simplifies access across all applications, and minimizes disruptions throughout the workday.

The CISO at a technology services company noted:

"[Prior to Duo,] it was not uncommon [to have] a dozen logins a day . . . If you were using a password manager, hopefully it [worked in] a couple of clicks. If you were not signed in to your password manager, at best you would have to hand-type out your password, [which would take] maybe 30 seconds, and then you would have differing degrees of MFA or login challenges."

With Duo helping to mitigate friction and streamline authentication, end-users save time and experience less frustration. Duo Passport and Session Theft Protection extend trust across multiple applications and throughout entire user sessions so employees don’t get interrupted while working to authenticate again.

The TEI calculated the accumulated three-year value of enhanced productivity achieved using Duo at $4.7 million based on improved user experience (UX) saving full-time employees (FTEs) 137,500 hours per year. Instead of managing multiple logins, the study says Duo lets users “get to work faster and stay productive with fewer interruptions.”

Duo’s straightforward, user-friendly MFA simplifies onboarding and reduces login friction with a consistent, simplified experience across all clients, web-based apps, and browsers.

Drivers to adopting Duo include a variety of operational benefits including:

  • Streamlining identity operations to reduce complexity

  • Seamless integration with SaaS and on-premises applications and VPNs

  • Support for cloud and hybrid environments

  • Agility and scale as organizations expand

  • Out-of-the-box support for third-party tools

Without Duo, SecOps teams battled fragmented authentication systems with limited visibility. Disparate logs and platforms made anomaly detection and incident response (IR) even more challenging.

After investing, the TEI concludes:

Duo helps teams identify and address weak points in the authentication landscape and to scale and improve their security posture without overburdening internal teams. By offloading authentication and simplifying infrastructure, Duo enabled scalable protection with efficiencies for teams across security operations, IAM, and governance, risk, and compliance (GRC).

Highlights of Duo’s time-savings and workload reduction benefits include:

  • IR improvements worth $276K — The TEI calculates Duo saves IR teams more than 5,000 hours per year by automating identity risk assessments, reducing false positives, and creating actionable visibility. Focusing on real threats faster reduces authentication-related IR efforts by 50%.

  • IAM efficiency gains worth $205K Duo simplifies provisioning and empowers IAM teams to scale securely while maintaining strong administrative oversight across the IAM lifecycle.

  • Cyber insurance premium reductions worth >$89K — Duo helps IAM leaders navigate complex compliance and cyber insurance requirements, streamlining workflows with audit-ready evidence for a 20% reduction in cyber insurance premiums.

  • Help desk optimization worth $28K — Duo reduces calls to the help desk to reset passwords and unlock accounts, a substantial time savings for the IT team.

Duo has definitely improved our efficiency in security administration. The enhanced visibility provided by Duo, especially when combined with Cisco Identity Intelligence, allows us to identify and address security gaps proactively. This has led to a significant reduction in false positives and faster investigation times, freeing up our security operations center (SOC) analysts to focus on more critical threats.

As security and IAM converge, Duo offers the industry’s only security-first IAM solution that makes organizations safer, stronger, and more agile and efficient:

Along with putting security first and delivering a world-class user experience, participants in the TEI highlighted the value of powerful innovations like passwordless, verified Duo Push, Duo Passport, and the ability of Duo Desktop to verify a user’s identity and the security posture of their device before granting access. Since then, Duo has evolved to include end-to-end phishing resistance capabilities for even stronger identity security:

  • Complete Passwordless Authentication including at initial onboarding and as a fallback

  • Proximity Verification designed to protect against adversary-in-the-middle attacks

  • Session Theft Protection that removes vulnerable “remember me” cookies from the authentication process leaving nothing for cybercriminals to steal

  • Seamless Help Desk Verification enabling identity verification for help desks to guard against social engineering attacks

AI-led insights powered by Cisco Identity Intelligence (CII) help organizations unify IAM and security to build and maintain a fully secure identity infrastructure. Duo offers everything business and IT leaders need to manage and secure identity in one place and an achievable ROI of nearly 200%.

To learn more about potential return on investment your organization might achieve by deploying Duo, read the TEI study.

]]>
<![CDATA[Building social engineering resilience with Duo Identity Verification]]> landyn@cisco.com (Landy Naylor) https://duo.com/blog/building-social-engineering-resilience-with-duo-identity-verification https://duo.com/blog/building-social-engineering-resilience-with-duo-identity-verification Product & Engineering Thu, 31 Jul 2025 00:00:00 +0000

Organizations have put in a ton of work to ensure their data and resources are comprehensively protected with strong user authentication. In doing so, the goalpost has shifted, and attackers are now looking for another way in. According to Splunk, 98% of cyberattacks now rely on social engineering, the vast majority of which are directed towards compromising user identities.

Attacks commonly take place during vulnerable moments in workforce users’ lifecycles. These include:

  • Calling the helpdesk — Organizations are relying on authenticator possession and/or knowledge-based verification questions to aid end-users and can be tricked into offering support to an attacker.

  • Initial enrollment/onboarding — Organizations often send an enrollment link or temporary credentials to a user when they are onboarding. With these processes, organizations can become victims of intercepted credentials and/or entirely fraudulently hired employees. With the large shift to remote work, this is particularly impactful.

  • Self-service — Many organizations offer self-service to provide a 24-hour way for end-users to self-remediate access issues. However, if phishing-resistant authenticators aren’t required for access, attackers could gain access and add their own authenticators for further access. Additionally, self-service is only effective at reducing load on the helpdesk if users have an authenticator to gain access to self-service in the first place.

These moments highlight the trade-off between ease-of-use and security. If organizations choose to be highly secure, they may also experience significantly increased IT costs and end-user friction. Choices made in an effort to operate in a highly secure manner could also have unintended consequences such as missing out on hiring top talent by requiring them to reside near an office.

Other consequences could be higher employee turnover due to the friction with the organization’s rigid security process for users to regain access. On the opposite end, many organizations are operating at the status quo and are therefore at risk of social engineering attacks. They may be aware of these risks but don’t have the proper tools to implement secure processes that can scale gracefully.

But what if your organization didn’t have to make that tradeoff? With the introduction of Duo Identity Verification, organizations can make these once-vulnerable moments resilient to social engineering attacks by ensuring the user who is attempting to gain access is who they say they are. We are giving customers the option to integrate with Persona to offer differentiated experiences that help provide this assurance at the helpdesk, during enrollment, and for self-service account recovery.

This solution allows end-users to quickly and easily verify their identity when contacting the helpdesk for assistance, whether it be identity and access management (IAM) related, or a call in to HR or payroll to update their direct deposit. This is a market-leading offering that integrates identity verification directly into Duo’s security-first IAM platform and is available via the Duo admin panel or Admin API. This functionality will be available to all customers in Beta starting in late July 2025.

This solution provides high identity-assurance during user enrollment, making enrollment codes or email links useless should they happen to fall into the wrong hands. This allows the best of both worlds; the ability to use any of Duo’s flexible end-user self-enrollment methods coupled with high assurance the intended user undergoes it. This functionality is expected to be in Alpha soon, with a wider Beta release expected in late summer 2025.

As mentioned before, self-service is only valuable if it is secure. You also need a credential to access self-service in the first place. Duo plans to add the ability for users to use their identity to regain access to the self-service portal so that they can add or reactivate an authenticator and then independently get back to work. This further reduces an organization’s helpdesk costs while providing the user with autonomy to self-solve. This functionality is expected to be in Alpha by fall 2025, with a wider Beta release expected by the end of 2025.

So how does Duo Identity Verification work? The solution does require a separate Persona account and licensing, but Duo and Persona provide an integration that makes configuration of this solution as simple as possible!

Once everything is set up in Duo and Persona, this is how IDV works.

When the verifying user is redirected to Persona, users will be asked to provide a snapshot of their government-issued ID and take selfie photos. Persona will perform a variety of verification checks depending on how the organization has configured things. Among them are:

  • Various checks to the government ID, such as legitimacy, expiration date, and tampering

  • Various checks to the selfie including liveness detection, deepfake detection, and matching of the selfie to the photo in the government ID

  • Checks to see that the user in Duo matches the user who has undergone identity verification

Once the user successfully completes verification, the Duo admin will be informed of the result, or the user will be taken to the next step of the flow they originally entered. If your organization retains selfies within Persona, it can be used to enable an even faster selfie-only re-verification should the user verify themselves again later.

With these workflows now more resilient to social engineering, organizations can even more confidently support their users, near and far, and achieve deployable end-to-end phishing resistance.

Are you new to Duo? Sign up for a free trial today and learn more about Duo IAM!

Persona is a leading secure identity verification (IDV) platform trusted by organizations across industries. They empower companies to confirm user identities quickly and securely, so legitimate users can continue to do their important work with minimal interruption while stopping attackers in their tracks. Persona offers global support and has flexible options that can be catered to your organization’s unique needs. Learn more.

*Note: The features described above remain in varying stages of development and will be offered on a when-and-if-available basis. The delivery timeline is subject to change at the sole discretion of Cisco, and Cisco will have no liability for delay in the delivery or failure to deliver any of the products or features set forth in this document.

]]>
<![CDATA[Duo Passport’s patent-pending defense against session hijacking]]> rhaidous@cisco.com (Ranine Haidous) https://duo.com/blog/duo-passports-patent-pending-defense-against-session-hijacking https://duo.com/blog/duo-passports-patent-pending-defense-against-session-hijacking Product & Engineering Wed, 30 Jul 2025 00:00:00 +0000

At Duo, we've been obsessed with a growing threat that keeps security teams up at night: Session hijacking. Recently, we announced a patent-pending breakthrough that marks a fundamental shift in how we think about authentication security. According to the 2024 IBM X-Force Threat Intelligence Index, use of stolen credentials to access valid accounts surged 71% over the previous year and represented 30% of all incidents X-Force responded to, tied with phishing as the top infection vectors. Duo Passport, with its built-in Session Token Theft Protection, directly addresses these escalating threats.

In 2024 alone, sixty percent of all Cisco Talos incident response cases involved identity as a key attack vector, with session theft emerging as an attacker’s favorite shortcut around even the most sophisticated MFA implementations. We're facing an "identity crisis" where attackers no longer need to hack in, they simply log in using stolen credentials. At Duo, we knew we had to do more than incrementally improve existing defenses.

Session token theft exploits a fundamental weakness in how web authentication has worked for decades. When users authenticate, applications issue session cookies to maintain their logged-in state. Attackers have become increasingly sophisticated at stealing these tokens through malicious JavaScript, infostealers like Redline and Emotet, or adversary-in-the-middle attacks. Once they have your session token, they essentially have your digital identity which allows them to bypass passwords, MFA, and most security controls.

Existing solutions treat the symptoms while ignoring the core issue: session trust shouldn’t exist as a separate, portable entity (think cookies).

Duo Passport’s Session Token Theft Protection is a breakthrough in authentication security. It removes session cookies from the Duo authentication flow entirely, relying instead on the hardware security modules built into modern devices, like the Trusted Platform Module (TPM) 2.0 for Windows or the Secure Enclave for macOS. Although individual applications may still use their own session tokens after authentication, Duo Passport secures the critical foundation it controls, significantly reducing the risk of session hijacking. This enhanced protection is uniquely delivered while preserving Passport's premium user experience of seamless access without repetitive logins. Cisco successfully reduced weekly logins from 8 million to 450,000 by deploying Duo Passwordless, Risk-Based Authentication, and Duo Passport.

Core benefits we're delivering:

  • Hardware-backed security that's phishing-resistant

  • Dramatic reduction in authentication friction

  • Platform-agnostic protection (Windows and macOS)

  • Simple deployment through existing Duo infrastructure

  • No vendor lock-in or ecosystem limitations

Duo Passport solves two seemingly opposing challenges: Reducing authentication fatigue while significantly strengthening security. Our customers often told us that constant MFA prompts wore down their users. Duo Passport streamlined this experience by allowing users to authenticate once and access multiple applications across browsers and desktop apps without interruption. Now, in addition to that, it includes built-in protection against session hijacking attacks. In fact, Cisco's own deployment of Duo Passport Session Theft Protection led to a remarkable 52% decrease in cookie-based authentications within 30 days, directly reducing the risk of session hijacking.

Looking at the competitive landscape, we see fundamental differences in approach. Microsoft's token protection works well…if you're all-in on Windows and their ecosystem. Okta focuses on adaptive MFA, which helps but doesn't address the root vulnerability. We've taken a different path: Platform-agnostic, hardware-backed protection that works across your entire enterprise environment.

Together with Cisco Identity Intelligence, Duo Passport creates a foundation for continuous identity verification that adapts to changing risk conditions. Your organization needs an identity infrastructure that grows stronger as attackers become more sophisticated, one that enhances user productivity while minimizing risk in an increasingly dangerous threat landscape. The real question isn't whether session theft attacks will target your organization; it's whether you'll be ready and protected when they do.

Duo Passport Session Theft Protection is currently in public preview. Read more on how Duo helps organizations secure end-to-end phishing resistance.

Start a free trial of Duo’s advanced identity security today.

]]>
<![CDATA[Combine Duo with NetScaler and thwart identity attacks? Yes, please!]]> claytonb@cisco.com (Clayton Ballreich) https://duo.com/blog/combine-duo-with-netscaler-and-thwart-identity-attacks-yes-please https://duo.com/blog/combine-duo-with-netscaler-and-thwart-identity-attacks-yes-please Product & Engineering Thu, 24 Jul 2025 00:00:00 +0000

Imagine you’re hanging out in front of the TV and your phone starts to ding. It’s a push notification for MFA, but you aren’t logging in. That’s worrisome. Now imagine it’s one of your workforce’s users in the recliner, and their attention is so divided, they hastily grab their phone and hit approve to silence it. Now a bad actor is in your environment. These are the types of attacks that are happening in the wild, and the types of real-world behaviors those in charge of security for their organizations face.

Customers using older Duo integrations with NetScaler are struggling to protect against modern-day identity attacks such as the one above. It’s time for something better. Guarding against increasingly sophisticated identity attacks is a must, but it often comes at the cost of usability. Certainly, no one wants to add complexity to NetScaler logins, or any application for that matter. What if easy implementation and a better user experience, all wrapped up in Duo’s most advanced capabilities that help protect against modern identity attacks, were available today? Well, we have great news for you. It is!

With a long existing partnership and integration, Duo has been protecting NetScaler logins with multi-factor authentication, device trust, and posture assessment for many years. Identity threats, growing in sophistication, convinced us it was time to step up our game. Duo laid the groundwork towards this in 2022 with the delivery of the Universal Prompt. Universal Prompt set out to build a platform that protects against modern attack techniques such as MFA phishing and session hijacking, all while improving the end user experience. Enter the Duo Web Integration for NetScaler complete with the Universal Prompt.

NetScaler, in striving to provide a very flexible solution, offers support for many authentication standards such as SAML, which Duo supports with Duo SSO. There are some great reasons why you’d want to use SSO, however, integrating through SAML requires additional elements to be deployed to preserve single sign-on capabilities throughout the Citrix stack. If it’s preferred to preserve the architecture without those additional components, using RADIUS for MFA was a good option. The RADIUS integration between Duo and NetScaler allowed consumers to keep primary authentication in place and use Duo as secondary authentication, while preserving Citrix’s single sign-on capabilities. Remember that whole need for enhanced security though? RADIUS wasn’t providing it.

Duo strived not just to match, but to beat the simplicity of our original NetScaler integration when setting out to modernize and provide better security. Enter, OAuth. If you’re not familiar with OAuth, you can learn more here. With OAuth, Duo can implement a more flexible, secure, simpler integration. Our partners at NetScaler agreed and we all set to task integrating using OAuth, again allowing primary authentication to remain untouched while making the second factor integration easier and more secure. I’d be remiss not to mention OAuth is the native mechanism for integrating the Duo Universal Prompt with many applications, not just NetScaler.

Use of this new integration provides all Duo customers an easier way to integrate and simplifies their deployment by removing the requirement to use the Duo Authentication Proxy and RADIUS integration. This results in NetScaler talking directly to the Duo cloud service and customers keeping their current benefits of device trust and industry leading MFA. This is just the tip of the iceberg. Phishing? Reduced with the use of Duo verified and proximity push. The real magic comes when customers utilize the Duo Advantage or Premier tiers. What does this provide? It opens a myriad of security controls which are critical in protecting users from today’s advanced identity attacks. Use of the Universal prompt within Duo Advantage and Premier provide risk-based authentication, device health checks, user location controls and continuous identity protection with Cisco Identity Security. By combining identity visibility and protecting users from phishing, password spray attacks and so much more, NetScaler is turned into a force of identity protection just by integrating with Duo.

Plenty of customers have successfully used SAML to authenticate users into their Citrix environments. Using Duo as an IdP and the primary authentication source for NetScaler allows for additional benefits such as passwordless authentication or single sign-on with other applications. Should you have the appetite for or have already implemented Citrix infrastructure to support SAML with Citrix single sign-on, using Duo is a great option. If you have a different SAML IdP configured with Duo as the MFA, that’s another great way to protect your NetScaler users with the security benefits of Duo.

All existing customers can see immediate benefits by implementing the Duo Web Integration for NetScaler. For the ultimate in end user protection and defense from advanced identity attacks, customers can upgrade to Duo Advantage edition. For those who have not yet experienced Duo, start your trial today.

]]>
<![CDATA[SE Labs awards Cisco its AAA Rating in Universal ZTNA identity testing]]> sgrebe@duo.com (Scott Grebe) https://duo.com/blog/se-labs-awards-cisco-its-aaa-rating-in-universal-ztna-identity-testing https://duo.com/blog/se-labs-awards-cisco-its-aaa-rating-in-universal-ztna-identity-testing Product & Engineering Tue, 22 Jul 2025 00:00:00 +0000

As security’s new front line of defense, user identities must be fully protected at all times. That’s why after rigorous, first-of-its-kind identity testing, SE Labs® awarded Universal Zero Trust Network Access (UZTNA) from Cisco its highest AAA rating for “Advanced Security IAM Protection.”

Universal ZTNA combines multiple products to deliver zero trust authentication and protection against identity-based attacks:

  • Cisco Duo

  • Cisco Secure Access

  • Cisco Identity Intelligence (CII)

The solution achieved 100% detection and 100% protection against cyber threats, identifying and blocking every attempt to compromise security defenses. The report reads:

UZTNA detected and responded to every malicious access attempt without relying on traditional exploit signatures or simple traffic heuristics. As such, the combined solution achieves the SE Labs AAA award.

"Hackers don’t always need exploits, but they do always need access,” SE Labs Founder and CEO Simon Edwards points out, noting modern attackers target identity to break into critical cloud environments like Microsoft 365.

SE Labs security experts subjected Universal ZTNA to a rigorous round of attacks that proved Duo and the other offerings could handle a range of common threat actor tactics. Testing took place in a real network environment, targeting a Microsoft 365 deployment with privileged and non-privileged accounts. Security experts played the role of attackers, probing for weaknesses and adapting to security controls to see how systems would respond.

SE Labs’ landmark analysis mimicked techniques used recently by prominent threat groups like Scattered Spider, APT29, and APT28. Testing featured 30 attacks across three attack vectors:

  • 12 attempts involved stolen credentials using valid, but compromised, usernames and passwords to gain access

  • 8 tried to bypass MFA using techniques like MFA fatigue and credential stuffing

  • 10 attacks attempted to hijack active user sessions without needing credentials of MFA

Variations ranged from attempting to log in from different geographic locations and devices at unusual hours to MFA flooding, a Scattered Spider go-to tactic and using stolen session cookies to impersonate users and compromise assets without re-authenticating.

SE Labs recognizes that not all MFA is created equal. Edwards writes, “While many people think multi-factor authentication is a silver bullet. It isn’t.” Enter the “new Duo” with a comprehensive solution that combines:

MFA shuts down stolen credentials: Duo MFA routinely blocks attacks that attempt to leverage stolen credentials by requiring users to confirm their identity using additional factors like their mobile phone or thumbprint.

Proximity Verification prevents MFA bypass: Businesses roll out MFA to stop phishing, but hackers attempt to bypass it with phishing and ‘MFA fatigue’ attacks that flood authentication systems with repeat login requests. Duo Proximity Verification leverages the user’s mobile phone to confirm the authentication device is physically close to the device they’re asking to access (e.g., their laptop). It’s a simple, seamless, and highly secure approach to detect and intercept attempts to bypass MFA without requiring expensive hardware tokens or complex configurations.

Session Hijacking Prevention protects mid-session: As part of its enhanced end-to-end phishing resistance capabilities, Duo now includes session theft prevention to stop one of the three tactics employed by the SE Labs testing of UZTNA. The report describes session hijacking as:

An attack in which an attacker takes control of a user’s active session, often by stealing a session token or ID. Attackers may exploit insecure cookies, public Wi-Fi networks and browser vulnerabilities. Once hijacked, the attacker can impersonate the user, access sensitive data and perform unauthorized actions. This threat bypasses normal authentication and is hard to detect.

Threat actors attempt to steal “Remember Me” session cookies used to keep people authenticated during active sessions. Duo removes these cookies and applies patent-pending technology to prevent session hijacking behind the scenes. Duo secures entire user sessions — without inconveniencing people to authenticate again and again.

“Attackers today have choices in overcoming perimeter controls,” Edwards says. “Cisco UZTNA is to be congratulated for its flawless performance at rebuffing our attacks in what is now a very complex environment.”

The SE Labs writeup notes, “Data needs to be accessible, at high speeds, but using strong security. And this security needs to be managed simply. and other modern staples of strong security and a rewarding user experience.”

Along with easy-to-use MFA, Duo features options like single sign-on (SSO), a user directory with lifecycle management (Duo Directory), device trust, and complete passwordless to raise the bar on flexibility, simplicity, and user satisfaction.

“Zero Trust Network Access is key to protecting organizations today, and we’re delighted that our first-of-its-kind Universal ZTNA from Cisco has been awarded the top accolade from SE Labs,” says Raj Chopra, SVP, CPO Cisco Security. “This rigorous benchmark underscores how Cisco’s unique integration of identity security and SASE delivers a true universal Zero Trust solution, providing unmatched protection for the workforce against the diverse and sophisticated attacks organizations face today.”

For more details about the tests and findings, download the full report.

Discover how Cisco Universal ZTNA and Cisco Duo can transform your organization’s security posture. Visit the following resources to explore our innovative approach:

]]>
<![CDATA[Cisco Named a Customers’ Choice in Gartner Peer Insights™ 2025 Voice of the Customer for User Authentication]]> sgrebe@duo.com (Scott Grebe) https://duo.com/blog/cisco-named-a-customers-choice-in-gartner-peer-insights-2025-voice-of-the-customer-for-user-authentication https://duo.com/blog/cisco-named-a-customers-choice-in-gartner-peer-insights-2025-voice-of-the-customer-for-user-authentication Industry Events Tue, 15 Jul 2025 00:00:00 +0000

97% of Customers Would Recommend Cisco Duo

Cisco has been recognized as a Customers’ Choice in the Gartner® Peer Insights™ 2025 Voice of the Customer for User Authentication report. Cisco appears in the upper-righthand quadrant which denotes a Customers’ Choice distinction and received a 97% Willingness to Recommend score based on 130 customer reviews submitted as of February 2025.

The 2025 Voice of the Customer for User Authentication ratings reflect reviews submitted by verified customers during the 18-month period ending February 28, 2025. Overall, 122 Cisco customers rated Duo 4.7 out of 5 for “Deployment Experience” and 126 customers rated Duo 4.7 out of 5 for “Product Capabilities.” Read the Voice of the Customer report.

Where traditional identity and access management (IAM) solutions claim “identity-first security,” Cisco takes a “security-first” approach to identity. A comprehensive IAM solution, Duo provides everything organizations need to secure and manage user identities from day one including:

  • Duo Directory

  • Phishing-resistant MFA

  • Single sign-on (SSO)

  • Passwordless authentication

  • Identity intelligence

Security-first IAM enables organizations to strengthen their security posture, minimize complexity, and modernize and scale their IAM environments. Duo verifies identity and validates trust—all while delivering a world-class experience for users and admins.

Gartner defines “peers” as “verified reviewers of a technology product or service, who not only rate the offering, but also provide valuable feedback to consider before making a purchase decision.” Cisco customers who reviewed Duo talked about the protection, simplicity, and support they gained:

  • Experience Enhanced Security with Duo's Multi-Factor Authentication

    “Implementing Duo within our organization has really helped us become more confident about the security of accessing our data. A few of the many strengths of implementing Duo within our organization are as follows: Duo provides us with a detailed track record of employees' access to the assigned applications. Again, the Duo cloud-based architecture has allowed us to easily scale the solution to meet our growing security needs as per the requirements. Last but not least, Duo Multi-Factor Authentication capabilities have secured our organization’s data from unauthorized access.”

  • Simplifying Security: MFA Services Made Easy with This Product

    "This product is the go-to for MFA services. It is simple to implement and configure, especially with the documentation base that is provided by Duo. Overall, Duo makes it easy to adhere to security requirements, while not interfering with a company's productivity."

  • Security Made Simple: Cisco Duo's Multi-factor Authentication

    “Cisco Duo has been a wonderful experience for me. It's really user-friendly, both from an admin perspective and as someone who uses it daily. Setting it up was surprisingly simple and the multi-factor authentication is solid and gives me peace of mind knowing our accounts are secure."

  • Best User Authentication Solution

    “Duo makes user authentication easy when accessing sensitive business information or when accessing devices. The 2-factor authentication ensures that only permissible users get access. It has been a great tool for boosting data privacy in our business. I like that Duo is very fast yet ensures secure access. With proper authentication, access to data/apps/devices is easy.”

  • Cisco Duo: The Outstanding Multi-Factor Authentication Solution

    “After using various security solutions, Cisco Duo stands out as an exceptional multi-factor authentication (MFA) tool. it has features like fine-grained policies. Duo's overall performance and flexibility make it a good choice. it offers excellent reporting and monitoring features. As a user, the biggest benefit of Duo is its mobile app. Duo integrates well with a wide range of applications. Scalability is another advantage.” 


We invite you to visit Gartner Peer Insights to read more Duo customer reviews or share your own Duo story. We’re proud to say that Cisco has received the most peer review ratings of any vendor in the User Authentication category with 720+ Duo reviews submitted as of June 2025. Visit the Gartner Peer Insights page for this market to learn more about the User Authentication market.

Last but not least, we thank our customers who took the time to submit reviews online. Your feedback helps us innovate to keep your company ahead of evolving threats and reward your invaluable trust in Duo.

Gartner, Voice of the Customer for User Authentication, Peer Contributors, 30 May 2025 

Gartner and Peer Insights™ are trademarks of Gartner, Inc. and/or its affiliates. All rights reserved. Gartner Peer Insights content consists of the opinions of individual end users based on their own experiences, and should not be construed as statements of fact, nor do they represent the views of Gartner or its affiliates. Gartner does not endorse any vendor, product or service depicted in this content nor makes any warranties, expressed or implied, with respect to this content, about its accuracy or completeness, including any warranties of merchantability or fitness for a particular purpose.

]]>
<![CDATA[Failing open: A lesson in attention to configurations]]> tmishoe@cisco.com (Tess Mishoe) https://duo.com/blog/failing-open-a-lesson-in-attention-to-configurations https://duo.com/blog/failing-open-a-lesson-in-attention-to-configurations Product & Engineering Thu, 03 Jul 2025 00:00:00 +0000

Duo’s AI and Security Research team takes on cases from customers and beyond, digging into authentication data and finding actionable anomalies that can be searched for, alerted on, or remediated using AI and machine learning.

When chaos strikes, we tend to attribute it to outside causes. In many cybersecurity incidents, however, internal factors come into play— including things like configuration and privilege changes. In this blog, we’ll talk about a recent investigation in which misconfigurations made all the difference.

When the AI and Security Research team received a request from a customer to review their authentication data, it appeared unusual and stood out from other recent cases in many ways. First, it was an in-progress, full scale attack that was still being contained when we received notice. Second, it contained an interesting note—that the attacker may have bypassed Duo authentication entirely.

Thankfully, the attack was noticed quickly, and the attackers’ further lateral movement was prevented. Still, the reporters confirmed that the attacker took over a vital server. The request from the reporters was to find out how Duo authentication could have been bypassed and any other pertinent information regarding the attack that we could glean for them.

With the attack occurring within 3 days of the report, the team could easily sift through the authentication logs. The report also provided an affected machine name, a potentially compromised administrator account username, and one indicator of malicious activity. However, no logs existed for any activity on the affected machine during that timeframe – the customer confirmed that these were erased by the attacker.

We started our search by looking for unusual authentication behavior and errant device registrations. We made a simple query akin to the following pseudocode:

> select * from auth_data where timeframe 01/01/2025 to 01/03/2025 and user =(reportedName) and customer = (customername)

We also looked at device registration data during this period, finding a list of device registrations and removals. Malicious actors commonly either register a new phone of theirs or remove a phone belonging to the legitimate user to gain persistent access to an account.

Below: A set of device modifications surrounding the timeframe of the compromise.

Our first query above resulted in some interesting authentications. The first set were authentications that started but were not completed due to authentication timeouts, all within a few minutes of each other.

The administrator account included in the report was authenticating to a set of different Duo Authentication Proxies (Duo servers hosted by the customer), with all authentications originating from internal IP addresses. This indicates that the attacker was either using a VPN to access internal resources (and had therefore already compromised a computer directly), was using a remote access tool to pivot to an internal resource or was an insider threat who already had authorized access.

After looking through the authentication logs, we focused on the devices associated with the user. There were more than 10 devices associated with this administrator account, some of which were shared by other accounts. This type of behavior is quite unusual and raises alarms – administrator accounts and other accounts with escalated privileges should be carefully managed with the absolute minimum number of devices and users accessing them. Many devices existing on one account (and especially those shared between multiple accounts) can mean many methods of initial access or avenues of further access for an attacker.

We found evidence of account sharing and possible internal access. Even so, how did the attacker bypass Duo MFA protections?

After a careful review of the activity logs on the authentication proxy used to access Duo services, we saw that it had briefly lost connection with Duo services around the timeframe that the attacker gained access.

When Duo authentication proxies can’t communicate with Duo services, they can be configured to do something called ‘failing closed’ - until communications are reestablished, they need to find a different route/backup to access Duo services and gain access to resources. In this case, the authentication proxy (a RADIUS server) was configured by the customer to ‘fail open’ instead.

Failing open any application or system can be exceedingly dangerous to data security and integrity. Instead of looking for an alternative and blocking potential authentications from resources, it essentially removes all barriers preventing access to the resources. This can be useful for things that could cause catastrophic failure without access (such as industrial control or medical systems) but is risky to enable where unnecessary.

In this case, the server could have been removed from the network or denied access to the network in some other manner by the attacker. This also could have been related to some RDP authentication attempts to the server around the same timeframe.

There were several things of concern within this breach that we identified as learning opportunities. The first is the issue of administrator account sharing – this is always dangerous and should be avoided wherever possible. Decreasing the possible traversal pathways of an attacker means less to contain or decommission in the event of a breach and prevents the attacker from gaining higher privileges in other areas.

Finding the server’s access failure (also known as ‘Failmode’) configuration was also a big turning point. In Duo terms, the ‘Failmode’ for a RADIUS server determines what authentications do if Duo services are unreachable. They can either be in ‘safe’ mode (fail open), in which authentications are allowed if the first factor is successful, or ‘secure’ mode, which rejects all authentication attempts if Duo services cannot be contacted.

Misconfigurations are a frequent cause of breaches and can be prevented by comprehensive compliance evaluations and regular configuration reviews on all systems.

Backing up logs was also a piece that could have made this investigation faster to resolve. Attackers frequently cover their tracks by deleting log data, and critical logs can be lost or overwritten quickly. We always recommend more comprehensive log management and forwarding configurations.

By following some simple security principles, you can keep your accounts safe and secure with Duo.

To learn more about secure configuration of your Duo server, check out our knowledgebase topic on configuration best practices. Or peruse all topics on Duo Authentication Proxies.

]]>
<![CDATA[Easier, more effective MFA for ALL: The Duo Universal Prompt project]]> schristopher@duo.com (Scott Christopher) kdavenport@duo.com (Kelly Davenport) https://duo.com/blog/easier-more-effective-mfa-for-all-the-duo-universal-prompt-project https://duo.com/blog/easier-more-effective-mfa-for-all-the-duo-universal-prompt-project Industry News Tue, 01 Jul 2025 00:00:00 +0000

A long time ago, in, well, this galaxy...

Since the earliest days of Duo, we’ve been energized by a core mission: To democratize security. That means designing tools to protect users that they actually want to use. After all, security that no one uses isn’t worth much.

We’ve grown a lot as a company since then, and so has the web—and the technical standards we use to build our tools. As we plan for the future, we’re excited to announce a major initiative that will make the Duo authentication experience even easier and more effective for everyone.

But first, why are we changing at all?

Security tools are consistently viewed as friction points. Traditionally, if a solution sought to improve security, that improvement came with more rigidity and complexity.

And when security tools don’t adapt and evolve, they quickly lose value and become harder to integrate into modern environments. Such tools tend to break when new web and application standards are introduced, and often instigate a pile of help desk tickets when the workforce rejects a now outdated or cumbersome user experience.

At Duo, we plan to solve these problems with our new initiative, called the Universal Prompt Project.

Okay, but what does that mean?

The Universal Prompt Project is a major technical and UX redesign of core Duo functionality, focusing on our web-based second-factor authentication prompt.

Today, we’re providing the first look at this initiative, which will roll out in phases beginning in August 2020 and continue over the next 18 to 24 months. Throughout the project, there will be opportunities to preview and test the product changes, and your participation will help shape what we deliver.

  1. A redesign of our web-based authentication prompt, called the Duo Universal Prompt.

  2. An upgrade to the Duo Web SDK that provides a new mechanism for delivering the prompt to both Duo-developed and partner-built software integrations—without the iFrame.

  3. A redesigned Duo Mobile application that builds upon the improved user experience of the Universal Prompt.

  1. Security Innovation

  2. Ease of Use

  3. Custom Experience

Let’s take a look at each of these broad themes, and then review where we’re going next with this project.

When Duo was founded, we built our prompt on the iFrame. At the time, it was the best way to deliver a multi-factor authentication (MFA) prompt in front of a variety of on-prem and cloud applications. Since then, the industry has evolved and there are better open standards to reliably and effectively insert an MFA prompt into an authentication flow. Meanwhile, the controls and limitations around iFrames have grown. Moving away from an iFrame-based implementation also offers more flexibility and agility as we continue to improve our security practice and user experience.

Over the past 18 months, as we reimagined the technical underpinnings of how we deliver the authentication prompt, we also studied how the authentication experience itself can play a stronger role in educating end-users about security hygiene.

Through extensive user testing, we settled on a handful of changes to the user experience of authenticating via the prompt and Duo Mobile that our research shows will improve users’ trust in MFA and increase adoption of more secure authentication methods such as Push and WebAuthn.

All of these changes add up to a better and more secure experience for end-users as we build on the success of the original Duo Prompt.

Duo is already the most flexible MFA solution, and we've simplified the experience even further. The new Universal Prompt is more adaptive and contextually aware, displaying the best available auth method based on end-user behavior and system capabilities. Onboarding end-users to Duo will also be made even easier via new instructional and educational features, as well as overall usability improvements to the enrollment flow.

Moreover, security for everyone needs to include everyone. That includes people with disabilities, and people using assistive technologies. From day one, we have worked hard to ensure that the Universal Prompt and the redesigned Duo Mobile are accessible and easy to use for all.

The needs of large technology partners and global enterprises are also at the heart of design decisions driving the Universal Prompt Project.

Both the Universal Prompt and the mobile app will expand language support, introduce better help desk contact info, and allow organizations to customize specific branding elements to provide a more seamless, comprehensible, and trustworthy experience for end-users.

We’ve got a lot more to tell you about the Universal Prompt Project, so look for regular blog updates as we delve into more detail on each component of this project.

As we get closer to making these changes generally available, we will provide guidance on planning your migration to the Universal Prompt, including:

  • Communications templates for your organization and end-users

  • Updated documentation and Duo Knowledge Base articles

  • Tools in the Duo Admin Panel to track your progress

With our free 30-day trial you can see how easy it is to get started with Duo and secure your workforce, from anywhere and on any device.

]]>
<![CDATA[What’s new for you: Duo is now identity and access management]]> sgrebe@duo.com (Scott Grebe) https://duo.com/blog/whats-new-for-you-duo-is-now-identity-access-management https://duo.com/blog/whats-new-for-you-duo-is-now-identity-access-management Product & Engineering Fri, 27 Jun 2025 00:00:00 +0000

Blog writing provides a great opportunity to drop some pop culture references that help illustrate your points. For example, “Your identity is your most valuable possession. Protect it.” is a great line from the film, The Incredibles. It’s also very relevant to Duo customers. Duo’s long been a leader in defending against identity-based threats and securely managing access to critical assets. However, we’ve evolved into something more. Duo is now a security-first Identity and Access Management (IAM) solution. You may have seen our recent announcement.

This is exciting news for Duo customers. We know traditional IAM solutions are failing to protect against attacks that target users’ identities. They’ve become insecure, costly, and overly complex to implement. And attackers have gotten really good at stealing user credentials to the point where they can simply log in, not hack in. They’re also using AI to automate and accelerate their attacks. Clearly something had to change.

This became the driving force behind Duo IAM. As a Duo customer, you may be thinking, "This sounds really cool.” And like Kevin Costner’s character in the film Field of Dreams, you may be wondering, “What’s in it for me?” Let’s take a look.

As a security-first IAM solution, Duo integrates all the components needed to serve as the sole IAM platform, while operating as a unified defense layer across your existing identity infrastructure. With the announcement of Duo IAM, we’re launching impactful new capabilities to help organizations achieve security by default, and usability that people love. Within those capabilities are new features Duo customers can take advantage of in their identity stack. So, here’s what’s in it for you.

At Duo, we take a security-first approach to IAM. This means we believe security should be a foundational component of an IAM solution, not an add-on. While Duo started out with MFA, over the years we’ve evolved by adding features like passwordless, SSO, and Device Trust. With the addition of our directory, we now have all the pieces to be a security-first IAM provider.

So what’s “new” new with this launch? That would be our Duo Directory functionality that enables Duo to be a full, or complementary, IAM solution. Here are some cool things Duo Directory can do:

  • User management — Duo can serve as your source of truth for managing identity directories, primary authentication, and user attributes.

  • Routing rules — Use Duo as a hub for authentication to route authentication requests between directories when you’ve got more than one.

  • Customer attributes — Go beyond the built-in attributes by creating and storing your own set of custom attributes to further define user identities.

  • Automated provisioning — Simplify user provisioning, changes, and deprovisioning to applications using direct API and SCIM (System for Cross-domain Identity Management) integrations.

  • AI Assistant — Duo’s out-of-the-box AI Assistant helps with all sorts of tasks like managing access, streamlining configuration, even speeding up user investigation when someone is stuck.

End-to-end phishing resistance means we protect your users from phishing attacks at every step of the identity lifecycle, starting with enrollment, to OS and application login, all the way to the help desk.

  • Proximity Verification — Prevent MFA bypass by verifying the authentication device (your mobile phone) and access device (your laptop) are in close physical proximity.

  • Session theft prevention — Guard against session hijacking by proactively removing session cookies and replacing them with a trusted signature Duo controls. That way there’s nothing for the attacker to steal.

  • Complete passwordless — A user never needs to have a password in Duo Directory. However, for uses cases still tied to passwords, we enable you to ditch passwords from attack points like the enrollment process and authentication fallback.

  • Identity Verification integration — Block social engineering attempts at the help desk from hackers pretending to be an employee in need of assistance by re-establishing trust via the use of a government ID.

Duo leverages identity intelligence to deliver deep visibility across your ecosystem, gathering identity insight and using AI to analyze that information. This ensures continuous monitoring, accelerates detection, and enables proactive responses to identity threats before, during, and after login.

  • User trust level — Dynamically assess user risk level by analyzing user behavior, context, and historical data across multiple identity sources—then seamlessly share this level to enrich relevant security tools and workflows.

Delivering an exceptional experience for users and admins has always been a Duo tenet. It underpins everything we do, including the features we build like the ones I just mentioned. Our goal in delivering a delightful experience for everyone is to frustrate attackers, not users.

These are exciting times for Duo customers. With Duo IAM, you get a full identity and access management solution that puts security first. You know what else is exciting? We’ve added almost all of the new features into our base edition, Duo Essentials, so they’re available to every Duo customer.

Not only that, we also haven’t changed our prices. That’s right. More features and more security for the same price. To quote Matt Damon’s character from the film The Martian: “Wow, this is amazing!” We hope you think so too.

]]>
<![CDATA[Duo Proximity Verification: Deployable phishing-resistant MFA]]> jaho2@cisco.com (Janet Ho) https://duo.com/blog/duo-proximity-verification-deployable-phishing-resistant-mfa https://duo.com/blog/duo-proximity-verification-deployable-phishing-resistant-mfa Product & Engineering Thu, 26 Jun 2025 00:00:00 +0000

Rolling out phishing resistant authentication is critical, but many organizations struggle with the complexity and cost of deploying hardware-based solutions like security keys at scale, all while trying to stay ahead of modern phishing attacks. That’s why we've introduced our new Proximity Verification feature. It removes friction, gives you a smoother and more secure experience, and it’s cost-effective for your organization.

Our proximity verification feature uses Bluetooth Low Energy to confirm that a user’s device is near their computer during login. Imagine logging in without entering codes or accidentally forgetting your hardware key. Proximity Verification makes this a reality.  By design, it prevents bad actors from tricking users into approving authentication requests when they are accessing a computer in a different location from end users.

Proximity verification also prevents users from clicking and entering information into malicious links by checking the origin of the website the request came from. If the request does not come from a valid domain, we will deny the authorization request. This is similar to how modern security standards like FIDO2 verify the legitimacy of login requests to block phishing attacks.

Proximity verification is a great fit for organizations that want strong security without added complexity. It’s especially well-suited for teams that:

  • Are focused on securing against modern phishing attacks

  • Have limited budget or operational capacity to purchase and distribute hardware like security keys

  • Have already made significant investment in mobile authenticators for 2FA or push based login

  • Phishing resistance that’s simpler: Stronger security that is just as secure as FIDO2 but is already included on your device via Duo Mobile. This security feature is built in, making it secure by default.

  • Cost-effective even as your company grows: allows you to securely authenticate from your laptop, no need to juggle extra devices like security keys or worry about biometric upgrades. It cuts down the operational hassles of purchasing, distributing, and managing additional hardware.

  • No more typing in codes: Bluetooth auto-fills verification codes, so users don’t have to. If you’re already using Duo, nothing changes in how you use it day to day, just a smoother experience with even stronger security behind the scenes

With Proximity Verification built into Duo’s security-first IAM solution, your organization gets strong, phishing-resistant authentication without the usual complexity and costs. It’s simple to deploy and scale, helps you meet security requirements, and keeps users protected from day one. There's no need to enter codes or carry extra hardware. Authentication just works when your device is nearby, making the log experience fast and seamless.

Want to learn more? Head to our phishing prevention page or check out our editions data sheet. Looking for technical information? Head to our documentation on proximity verification authentication.

Ready to give it a try? Sign up today.

]]>
<![CDATA[End-to-end phishing resistance that's actually deployable]]> tkietzman@duo.com (Ted Kietzman) https://duo.com/blog/end-to-end-phishing-resistance-thats-actually-deployable https://duo.com/blog/end-to-end-phishing-resistance-thats-actually-deployable Product & Engineering Thu, 19 Jun 2025 00:00:00 +0000

In the modern cybersecurity landscape, attackers are no longer just one step ahead—they’re miles ahead. They know your organization likely uses multi-factor authentication (MFA). In fact, they’ve come to expect it. But here’s the problem: not all MFA is created equal, and attackers have learned to exploit its weaker forms.

Phishing-resistant MFA is the answer, but—it’s been notoriously difficult to implement at scale for all workers and all use cases. Traditional solutions often require complex setups, cumbersome hardware tokens, or clunky configurations that frustrate users and IT teams alike. And, if a security control isn’t deployable; it’s not usable. And if it’s not usable, it’s not protecting anyone.

We need a new way forward.

At Duo, we’re working to make phishing-resistant authentication not only the strongest defense against identity-based attacks, but also easy to deploy and manage.

The numbers don’t lie: Cisco Talos found that 60% of breaches today involve compromised identities. Yet, Talos isn’t the only threat research organizations uncovering the identity problem. Basically, all reports that include data on breaches conclude that: identity is involved in the majority of said breaches.

Attackers aren’t just targeting login credentials anymore—they’re expanding their scope and upgrading their techniques. From enrollment processes to fallback mechanisms and even help desk interactions, every step of the identity lifecycle is under fire.

At Duo, we’re expanding our functionality from providing MFA at application login—to defending the entire identity attack surface. We’ve built an end-to-end solution that secures every vulnerable point, from initial user enrollment through authentication and fallback to mid-session – all the way through to help desk interactions. And we’ve done it in a way that’s deployable—no special hardware, no endless configurations, no headaches.

Here’s how we’re doing it:

  1. Proximity Verification: The only phishing-resistant MFA that’s easy to deploy
    Proximity Verification is Duo’s breakthrough in phishing-resistant MFA. By using your mobile phone to verify that the legitimate user is physically near the device requesting access, we eliminate the need for hardware tokens or complex configurations. It’s simple, seamless, and highly secure—just the way it should be.

  2. Complete passwordless authentication
    Passwords are the weakest link in the authentication chain, and attackers know it. That’s why Duo is committed to eliminating passwords entirely, even at the most challenging stages like enrollment and fallback. Our passwordless solution removes stolen credentials from the equation, making it much more difficult for attackers to gain access

  3. Session theft protection
    Attackers are increasingly leveraging session hijacking—stealing an authenticated session cookie to bypass MFA entirely. Duo’s session theft protection technology defends against this advanced technique by removing the session cookie itself. Duo replaces the session cookie with a cryptographically signed proof of authentication that we control. This effectively removes the jewel from the safe and leaves an attacker with nothing to steal!

  4. Help desk identity verification
    Social engineering attacks on help desks are on the rise, and they’re shockingly effective. To counter this, Duo has partnered with identity verification provider Persona to protect help desk interactions. By adding a layer of secure identity verification, we shut down social engineering attempts before they can gain any traction.

What sets Duo apart from other providers isn’t just our technology—it’s the fact that we’ve made it deployable and user-friendly without compromising security. Traditional phishing-resistant solutions have been plagued by high deployment complexity, requiring organizations to choose between security and usability. We say: why not have both?

With Duo, you get:

  • No Hardware Hassle: Say goodbye to clunky tokens and complex configurations. Duo’s solutions leverage mobile devices to simplify deployment.

  • An End-to-End Solution: From enrollment through to the help desk, we have the broadest coverage over the identity attack surface.

  • A Seamless User Experience: Security that doesn’t frustrate users or administrators.

The identity threat landscape is evolving, but with Duo’s end-to-end phishing resistance, so can your defenses. Let us help you make the shift to stronger, simpler, deployable security that actually works.

Because at the end of the day, attackers are relentless. Shouldn’t your defenses be, too?

To learn more about Duo’s phishing-resistant MFA and how it can protect your organization, check out the new Duo site or reach out to an identity expert.

]]>
<![CDATA[New device? No problem: Enhanced Duo Instant Restore for Android]]> johbruce@cisco.com (John Bruce) https://duo.com/blog/enhanced-duo-instant-restore-for-android https://duo.com/blog/enhanced-duo-instant-restore-for-android Product & Engineering Tue, 17 Jun 2025 00:00:00 +0000

We’re excited to announce a major update to Instant Restore for Duo Mobile on Android. This update brings multiple improvements which make it easier to move to a new device without losing access to your MFA accounts.

Before we dive into the new feature, let’s quickly review how Instant Restore worked on Android prior to this update. When backing up both Duo and third-party accounts, the steps to start backing up are:

  1. Enable Instant Restore in Duo Mobile’s settings

  2. Select a Google Drive account for storing backups

  3. Enable the toggle to automatically reconnect third-party accounts

  4. Create and confirm a password for encrypting your third-party secrets

When restoring from a Google Drive backup, the steps are:

  1. Select the Google Drive account your backup is stored in

  2. Open Duo Mobile on your old device and generate a QR code

  3. Scan the QR code from your new device

  4. Re-enter the password created in step 4 above to reconnect third-party accounts

The new version is simplified to eliminate several points of friction from the old version, namely:

  • Your old device is no longer required to reactivate Duo accounts

  • No QR code to scan on your old phone when reactivating Duo accounts

  • No password to remember when reconnecting third-party accounts

Since there are less requirements to restore your Duo accounts, this will help Duo Mobile users resume authenticating more seamlessly without requiring support from their Duo administrator.

The new update integrates with Google’s system backup functionality built into Android. The new version of Instant Restore will be used when Duo Mobile detects Google backup is enabled and a passcode is set on the device. Once these conditions are met, Duo Mobile will create end-to-end encrypted backups of all Duo accounts which are eligible for Instant Restore as a part of your Google backup. This backup will also include third-party accounts when the third-party reconnect toggle is enabled in Duo Mobile’s settings.

Since the backup is end-to-end encrypted, no one else can read the backup without your device passcode, and there’s no need to remember a special password when restoring third-party accounts! Android schedules system backups based on several factors like battery level, usage, and network conditions–but in practice this happens every few days. A backup can always be manually triggered in Android settings. See Google’s docs for more info.

Your old device is no longer needed to reactivate Duo Accounts, since the reactivation secrets are stored in the encrypted backup. When setting up a new Android device, log in to the same Google account, select the cloud backup created by your old device, and enter your old device’s passcode. Android will automatically restore Duo Mobile’s backup. Your accounts will automatically be reactivated on first launch of Duo Mobile, and the corresponding Duo accounts will be deactivated on your old device. As a precaution, we’ll also send a push notification to your old device to make sure this reactivation was performed by you. If you confirm this reactivation was not done by you, then both devices will be deactivated and an email will be sent to your administrator.

The prior version of Instant Restore based on Google Drive is still available and can be used when system backup or a passcode aren't set up on your device. You can also still restore from your Google Drive backup and manually reconnect accounts with the QR code from your old device (for Duo accounts) and a password (for third-party accounts) in case your new device wasn’t set up from your old device’s cloud backup. Making the older version of Instant Restore available as a fallback helps ensure that you won’t be any worse off in case a step was missed using new restore.

Are you ready to upgrade? Here’s how to do it:

  1. Make sure you have Duo Mobile version 4.83 or higher installed.

  2. Enable Google Backup in Android System Settings. Make sure a backup has run since Duo Mobile was installed.

  3. Enable a pin/pattern/passcode for the lock screen on your device.

  4. Enable "Third-party account reconnect" in Duo Mobile's instant restore settings.

A couple of things to note:

  • Duo Mobile installs within a Work Profile are not supported, unfortunately.

  • The location of the Google Backup in Android System Settings varies by phone manufacturer. On Pixel devices, navigate to Settings > System > Backup. On Samsung devices, navigate to Settings > Google > Backup.

That’s it! Your next system backup will include encrypted account information from Duo Mobile. As aways, you can see the state of your Duo backup on the Instant Restore screen in Duo Mobile settings.

]]>
<![CDATA[Introducing Cisco AI Assistant for Duo]]> brpenney@cisco.com (Brianna Penney) https://duo.com/blog/introducing-cisco-ai-assistant-for-duo https://duo.com/blog/introducing-cisco-ai-assistant-for-duo Product & Engineering Thu, 12 Jun 2025 00:00:00 +0000

We know administrators are busy.

To make securing identity easier than ever, we’re excited to announce the Cisco AI Assistant for Duo, our newest addition in Cisco’s suite of AI Assistants enhancing the security and IT team experience.

Identity administrators today are strapped for time. They manage their directory, application implementations, system migrations, and more. When a user calls the help desk (sometimes a single administrator wearing many hats), their goal is to unblock that user as quickly as possible.

Duo’s AI Assistant is designed to help with this exact task in mind, bringing logs and user information together in one place to make quick access decisions securely. Administrators can now ask the AI Assistant in natural language about access problems instead of sorting through various pages in the Duo Admin Panel or searching for the most relevant documentation page.

For example, in the video below, the administrator asks why a user was denied access. Within a few seconds, the Assistant returns recent events impacting the user including authentications, directory syncs, and policy changes.

For one preview customer, an investigation that might normally take 10 minutes was cut down to 45 seconds with the Assistant.

Another customer specified benefits to help desk processes:

"The AI Assistant is providing helpful information to our help desk users, enabling them to resolve access denial issues faster." — Private Preview Customer

Our approach focuses first and foremost on using AI responsibly to augment admin tasks. We strive for accurate, trustworthy answers that always link to Duo data so you can double check the Assistant’s work.

Administrator permissions are respected like our role-based access control and administrative units, so you don’t have to worry about the Assistant leaking any data. In addition, no Duo customer data is used to train our Assistants.

Today, the Assistant can’t take any action on behalf of the administrator, and in the future actions will require some form of administrative approval.

"It works, it's simple, it's fast and then it will help gain trust in it quickly. People are picking it up and running with it." — Private Preview Customer

We’ve used our internal expertise to ensure answers are accurate and are constantly reviewing and augmenting the LLM to provide better support.

To make this AI Assistant one that will deliver real value to the important use cases, your feedback is essential. Our team looks at every note a user adds to improve the experience.

eedback form for 'Introducing Cisco AI Assistant for Duo' blog post, showing checkboxes and a text box for response improvement suggestions.

The Assistant today is focused on your primary use case of helping users fast. With continued user feedback, the Duo Product team plans to expand coverage of the Assistant to include intelligent capabilities to search through policies, endpoint data, and more.

Try using the AI Assistant next time you’re in the admin panel to help you with your tasks. Here are a few prompts to try:

  • Why is [username] having access issues?

  • Have any devices been registered recently?

  • Which authentication methods are most secure?

The Assistant is available today in public preview to Essentials, Advantage and Premier customers in the U.S. (excluding Federal customers).

AI Assistant is one part of how Duo is bringing strong, security-first IAM without sacrificing user experience. See the full announcement of how Cisco Duo Reimagines Identity Security.

Read the full Duo AI Assistant documentation.

]]>
<![CDATA[Why a security-first approach to IAM matters more than ever]]> tkietzman@duo.com (Ted Kietzman) https://duo.com/blog/why-a-security-first-approach-to-iam-matters-more-than-ever https://duo.com/blog/why-a-security-first-approach-to-iam-matters-more-than-ever Product & Engineering Wed, 11 Jun 2025 00:00:00 +0000

When it comes to securing your organization, one thing is clear: identity and access management (IAM) is no longer just an IT task. It’s a critical component of your security strategy. Yet, for many organizations, IAM solutions have fallen short of delivering security as a foundational feature.

In a recent Cisco survey of 650 IT and security leaders, 73% revealed that security is often an afterthought in identity infrastructure decisions, while 75% identified complexity in identity infrastructure as a key security challenge. In other words, security is taking a backseat in current solutions at the very same time that IAM is getting more difficult to secure. No wonder Cisco Talos found identity at the center of 60% of breaches.

It’s time for a new approach, one that prioritizes security as fundamental. At Duo, we believe in security-first IAM, built from the ground up to simplify identity management, secure workflows, and prevent identity-based attacks.

Traditional IAM tools were designed in a different era, a time when IAM was treated as an IT function with security bolted on later—if at all. This approach often leads to:

  • Increased complexity: Configuring and deploying security controls in many IAM solutions is clunky and frustrating—a hurdle that many administrators don’t want to deal with - creating gaps in security.

  • Added cost: Security features are frequently treated as premium add-ons, making them inaccessible for many organizations.

  • Outdated protection: Even when security features are available, they typically haven't been updated to defend against modern threats, leaving organizations exposed to new attacker techniques.

As highlighted in a recent open letter from the CISO of JPMorgan Chase, fierce competition among software providers has prioritized rapid feature development over robust security. The result? A focus on revenue driving functionality—with insufficient security baked in.

At Duo, we take a different approach. Security isn’t an afterthought—it’s foundational. We make security attainable, not a luxury or an upcharge. This philosophy informs everything we do, from design to deployment. Here’s what we mean by security-first IAM:

Security functionality should not be a way to nickel & dime customers. Organizations that choose Duo will get everything they need to secure their workforce in our base package. This includes:

  • MFA everywhere, by default: Multi-factor authentication (MFA) is a cornerstone of security. Duo enables MFA for all use cases—devices, applications, servers—without additional costs or complicated configurations. It’s not a separate SKU, and it’s not harder to turn on for some users than others.

  • Device trust out-of-the-box: Device trust means you can easily enforce policies that restrict access to corporate resources based on device security posture. Whether you want to allow only managed devices or block unpatched systems, Duo makes it simple.

  • Totally passwordless options: Passwords are a major security vulnerability. With Duo, you can eliminate them entirely. From enrollment to authentication, users can go completely passwordless, reducing phishing risks and improving user experience.

Duo’s approach to IAM isn’t just secure—it’s also flexible and simple.

  • Flexibility: Whether you’re starting fresh or integrating with an existing directory, Duo can adapt to your needs. Use Duo Directory as your primary directory or leverage its capabilities to enhance your existing identity infrastructure. Features like Routing Rules and Custom Attributes make it easier to use Duo in conjunction with existing identity infrastructure.

  • Simplicity: From AI-driven assistance to admin-friendly migration guides, we make deployment easy. Duo’s tools are designed to save you time and reduce frustration, so you can focus on what matters most: protecting your organization.

As organizations face an ever-growing landscape of identity-based attacks, a security-first approach to IAM is no longer optional—it’s essential. Duo redefines IAM by embedding security at the core, not as an afterthought.

Whether you’re looking to modernize your IAM strategy or adopt a solution built for today’s challenges, Duo delivers everything you need to secure identities without compromising on budget, ease of use, or flexibility.

Ready to put security first? Learn more about Duo’s security-first IAM solutions on the Duo Directory product page.

]]>
<![CDATA[Come see Duo at Identiverse 2025]]> tkietzman@duo.com (Ted Kietzman) https://duo.com/blog/come-see-duo-at-identiverse-2025 https://duo.com/blog/come-see-duo-at-identiverse-2025 Industry Events Mon, 02 Jun 2025 00:00:00 +0000

Identiverse 2025 is this week in Las Vegas, and the Duo team couldn’t be more excited to engage with the brightest minds in identity and access management (IAM). From June 3–6, 2025, the identity community will gather in Las Vegas to share groundbreaking innovations, critical insights, and strategies for addressing today’s identity challenges. And this year, Duo is showing up in a brand-new way.

That’s right, Duo has launched a directory, completing the set of functionalities required to be the only security-first IAM solution. As a part of this launch, we’re also delivering our deployable approach to end-to-end phishing resistance—the most robust way to defend against today’s identity-based attacks.

We’re thrilled to showcase how our new security-first IAM solutions are transforming identity management. Identiverse 2025 is your chance to learn about our cutting-edge capabilities, connect with our experts, and see how Duo is reshaping the future of IAM.

Here’s a preview of what we have planned this week at Identiverse 2025:

How Identity Resilience Will Improve Your Worst Day on the Job

When: Thursday, June 5th at 8:30 AM
Where: Oceanside
Speaker: Matt Caulfield, VP of Product, Duo & Identity, Cisco Systems

What happens when everything goes wrong? In his keynote, Matt Caulfield delves into the challenges IAM professionals face on their “worst day” and offers actionable strategies to build resilience into identity systems. With resilience becoming a critical aspect of identity, this session will reveal how to go beyond the buzzword and make resilience a reality.

Masterclass: Defining (and Using) Maslow's Hierarchy of Identity Risk

When: Wednesday, June 4th from 11:40-12:30 PM
Where: Breakers H
Speakers: Didi Dotan, Director of Engineering, Cisco Identity Intelligence; Alex Zaslavsky, Data Scientist, Cisco Identity Intelligence

Learn how to categorize and address identity risk using a framework inspired by Maslow’s Hierarchy of Needs. Didi and Alex will share practical recommendations for grouping, addressing, and remediating identity risks.

IAM Built for the Imposter Era

When: Wednesday, June 4th from 2:00-2:25 PM
Where: Mandalay Bay D
Speaker: Chris Anderson, Duo Product CTO

Discover how Duo’s security-first approach to IAM tackles the challenges of today’s "imposter era." Chris Anderson will share strategies for reducing complexity and costs while enabling frictionless access and identifying imposters.

Achieve the Impossible: End-to-End Phishing Resistance That's Actually Deployable

When: Thursday, June 5th from 2:00-2:25 PM
Where: Mandalay Bay D
Speakers: Karianne Butler, Director of Duo Product Management; Ted Kietzman, Duo Product Strategist

End-to-end phishing resistance might sound like a pipe dream, but Duo is making it achievable. Karianne and Ted will unpack the hurdles organizations face in adopting phishing-resistant MFA and share deployable solutions that protect every step of the identity workflow.

"How do I...?" Answering Common Passkey Questions from Relying Party Devs

When: Friday, June 6th from 9:40-10:05 AM
Where: Mandalay Bay I
Speaker: Matthew Miller, Passwordless Technical Lead, Cisco Duo

A must for developers navigating FIDO2-based authentication, this session features Matthew Miller will addressing common passkey implementation questions and explores exciting new features in WebAuthn L3.

Be sure to stop by Duo Booth #501 in the exhibit hall to meet our team, see live demos of our new IAM capabilities, and learn how Duo delivers a security-first solutions that frustrate attackers—not your users.

If you're a current Duo customer, reach out to your account team to schedule one-on-one meetings with our product and engineering executives on-site. We’d love to hear your feedback and discuss how Duo can support your identity security needs.

Identiverse 2025 isn’t just an opportunity to hear about the latest trends in identity—it’s a chance to connect with the global IAM community and explore the future of identity security. Duo’s presence at this year’s conference reflects our commitment to driving innovation and empowering organizations to defend against today’s most sophisticated identity-based threats.

Whether you’re interested in attending our keynote, diving into one of our sessions, or connecting with us at the booth, we’d love to see you there. Let’s work together to build a more secure and resilient identity future!

]]>
<![CDATA[Meet the new Duo IAM]]> mcaulfie@cisco.com (Matt Caulfield) https://duo.com/blog/meet-the-new-duo-iam https://duo.com/blog/meet-the-new-duo-iam Product & Engineering Wed, 28 May 2025 00:00:00 +0000

Identity is under siege. Sixty percent of all Cisco Talos IR cases in 2024 saw identity as a key component of reported attacks. Organizations are facing relentless challenges in keeping their systems secure. As attackers grow more sophisticated, traditional Identity and Access Management (IAM) providers have fallen short, leaving critical gaps in their defenses.

At Duo, we’ve been watching this unfold, and honestly, we’ve had enough. That’s why we’re proud to announce that Duo is officially expanding into the IAM market, bringing our trusted security expertise to an area long overdue for disruption.

Traditional IAM providers have historically prioritized business enablement over robust security, resulting in clunky, costly, and inefficient solutions that are difficult to deploy and vulnerable to identity-based attacks. Duo’s new IAM solution changes the game by being security-first, easy to use, and built to frustrate attackers—not your users.

For too long, defenders have focused solely on login protection with multi-factor authentication (MFA). While that’s a critical step, attackers have learned to adapt, finding new ways to bypass traditional defenses. AI significantly exacerbates the situation by amplifying the scale, speed and sophistication of account takeover attacks, enabling automated and highly adaptive social engineering techniques. This creates a real identity crisis.

Duo’s IAM solution rises to this challenge by now offering end-to-end phishing resistance as a core feature, delivered right out of the box.

This experience includes innovative features like:

  • Proximity Verification: A new, easy-to-deploy form of phishing-resistant MFA that is designed to protect against adversary-in-the-middle attacks.

  • Complete Passwordless: Eliminating passwords from enrollment and fallback, so users never have to rely on outdated, insecure credentials.

  • Seamless Help Desk Verification: A new tech partnership enabling identity verification for help desks, safeguarding against social engineering attacks.

With Duo, organizations unlock a deployable, seamless experience for end users, ensuring the highest level of security while maintaining simplicity and ease of use.

At Duo, we believe protecting identity workflows isn’t enough. Organizations also need tools to continuously monitor and respond to changes in identity risk. That’s why we’ve introduced Identity Intelligence, which provides:

  • Comprehensive Visibility: Gain insights across your identity ecosystem, including on-premises, legacy, and non-human systems.

  • Proactive Security Insights: Stay ahead of risks with actionable recommendations.

  • Dynamic Risk Assessment: A distilled User Trust Level dynamically informs access decisions and accelerates threat detection across the Cisco Security stack.

And the best part? This functionality works with any identity stack, giving organizations the flexibility to enhance their existing systems—whether or not Duo IAM is the primary component.

We understand that identity isn’t exactly a new space. Every organization has some sort of existing identity infrastructure. That’s why we’ve built our solution to be flexible. For example, some of our preview customers run Duo IAM as a secondary directory for their contractors and third parties. We’ve also had customers place Duo “in-front” of their existing IAM stack as an “identity broker” enabling consistent, phishing-resistant, passwordless policy for their workforce, even with multiple backend identity providers from other vendors. Our robust user directory and identity routing engine make this possible.

For organizations ready to make the leap to a fully secure identity infrastructure, Duo now offers everything you need in one place. With Duo Directory, you can easily sync users and attributes with external sources and then leverage our popular SSO and MFA capabilities to provide seamless access management.

We’ve also made migration simple with tools like Routing Rules and an AI Assistant to help organizations transition without disruption. Whether you’re integrating Duo into your current stack or building from scratch, our solution is designed to make security effortless.

Duo’s expansion into the IAM market isn’t just about addressing the failures of traditional providers—it’s about doubling down on our commitment to an “identity-first” approach to zero trust. By integrating seamlessly with the broader Cisco Security ecosystem, Duo ensures organizations can protect their users, data, and systems with the most advanced tools available.

The days of weak identity defenses and clunky IAM systems are over. With Cisco Duo, organizations finally have a partner that prioritizes security without compromising usability. Together, we can defend against identity-based threats and make the digital world safer for everyone.

Are you new to Duo? Sign up for a free trial today!

Are you an existing Duo customer? Duo's IAM is now available for all customers.

]]>
<![CDATA[No Agent Required: Duo & Microsoft Edge for Business improve device trust]]> sgrebe@duo.com (Scott Grebe) https://duo.com/blog/duo-microsoft-edge-for-business-improve-device-trust https://duo.com/blog/duo-microsoft-edge-for-business-improve-device-trust Product & Engineering Wed, 30 Apr 2025 00:00:00 +0000

One of the key tenets of a zero trust security strategy is verifying a user’s identity before they’re granted access to network resources. Another important tenet is device trust. Does the device have a healthy security posture? Is the endpoint one that we “know” whether it’s company-issued or someone’s personal device?

It’s with this latter question in mind that Cisco Duo is excited to announce an extension of our partnership with Microsoft. Together, we’re introducing the Microsoft Edge Device for Business Trust Connector (DTC), a native integration between the Edge for Business browser and Duo Trusted Endpoints. The integration identifies trusted endpoints through the managed Edge for Business browser so you can control application access and enforce browser-based protections without installing an agent on the endpoint.

"We are thrilled to announce the integration of Cisco Duo Trusted Endpoints with Microsoft Edge for Business. This collaboration empowers our mutual customers to extend the reach of their security investments, offering robust and seamless browser protection without the need for additional agents. As the browser has become a vital tool for work, we look forward to building even greater capabilities together."
Arunesh Chandra, Principal Product Manager, Microsoft

Increasingly, organizations are moving to hybrid environments. This means you may need to support flexible work patterns (remote and in-office), different device types (company-issued and personal), or a varied workforce (employees, contractors, etc.). You also face aggressive cybersecurity threats, rising expectations to protect sensitive information, and the need to stop unauthorized AI use. Central to these concerns is the web browser which often serves as the primary gateway to your corporate resources and AI.

The new Duo Trusted Endpoints integration with Microsoft Edge for Business enhances security in hybrid work environments. It addresses cybersecurity threats caused by stolen credentials and protects sensitive information by verifying trusted devices within Microsoft Edge for Business. When the browser is managed by the Edge management service, the integration allows Microsoft to assert a device's trust and share its status with Duo, which then incorporates device trust into the authentication process, verifying user and device security. By identifying trusted endpoints, you’re able to restrict application and resource access to only those devices you know through a Trusted Endpoints policy.

Diagram showing how Microsoft Edge for Business and Duo Trusted Endpoints work together for secure authentication.

In addition to greater security, your users also get a better experience. Organizations often require employees to install an agent on their endpoint to identify if the device is managed. This doesn’t always go over well with employees, especially if it’s a personal device. By establishing trust through the Edge for Business browser, the Device Trust Connector removes the need for users to install an endpoint agent. It’s a win-win.

The Device Trust Connector integration provides some great benefits. Let’s take a look:

  • Simplified security: Easily verify users are interacting with a trusted Microsoft Edge for Business browser

  • Agentless data collection: Remove the need for an endpoint agent by collecting and sharing device trust signals through the Edge for Business browser

  • Support for hybrid environments: Create a Trusted Endpoints policy that supports company-issued, shared, and personal Bring Your Own (BYO) devices

  • Conditional access control: Allow application access only from known, trusted devices, while blocking access from unknown, untrusted endpoints

  • Simple setup and management: The Device Trust Connecter is an out-of-the-box integration, making administration fast and easy via the Duo Admin Panel

Duo makes it easy to extend and enhance security by verifying trust in every device, whether corporate or personal, without an installing agent through the Microsoft Edge for Business Device Trust Connector. Trusted Endpoints is available to Duo Essentials, Advantage, and Premier edition customers at no additional charge.

To get started setting up the integration, read our Microsoft Edge for Business Device Trust Connector documentation. You can also watch our Duo + Microsoft Edge for Business Device Trust Connector demo.

Finally, visit our Cisco Duo + Microsoft partner page to learn more about Duo’s partnership with Microsoft and how it benefits customers.

]]>