As part of its security audits, the Manager of IT Security at this company, performs penetration testing drills on all the organization’s employees. In one particular drill, this security leader found that many of the employee accounts were easily compromised with a simple phishing email. He realized that the organization’s sensitive data was at risk and acted quickly to remediate the problem and add two-factor authentication for all employees and contractors, starting first with remote access VPN and admin access to our wireless solution manager.
He researched several products and selected Duo, Microsoft and Symantec for full evaluation. After testing the three two-factor authentication solutions for a week, he came to the conclusion that neither Microsoft or Symantec would work for their use-cases.“Microsoft’s on-premise solution needed to be online 24/7 in order for the multi-factor authentication to work. That limitation simply didn’t cut it for us because if the server was down then the authentication would not work. We don’t have time and resources to manage the server on-premise, perform updates and install patches manually.” Additionally, the IT Manager found that application integration with Microsoft was clunky. His team needed several workarounds and hours of additional coding to make the applications work. With Symantec, the finding was that “many of their integrations, especially with Juniper VPN, were not out-of-thebox. Symantec asked us to perform XML imports for the integrations and we simply didn’t have the time to do that.”
His requirements were clear. He needed a solution that was always up and could integrate with all his applications quickly and out-of-the-box. With Duo’s cloud-based solution, he didn’t have to maintain or deploy any servers in-house. “When I started to test Duo, it look me no more than five minutes to get started and less than thirty minutes to integrate with our Juniper VPN. The documentation was simple and it was really easy and straightforward. I was sold.”
Managing Device Access With Duo
After successfully deploying Duo to all corporate users, the IT Manager wanted to prevent out-of-date employee devices from getting access to sensitive applications. “Out-of-date devices can have many vulnerabilities that an attacker could exploit to gain access to corporate data,” he said. With Duo, he was able create a policy to prevent devices running out-of-date operating system (OS) from getting access to sensitive applications. In the future, the goal is to prevent out-of-date and unsupported browsers and Flash plugins from gaining access to applications as well.
Their use of Duo in conjunction with a mobile device management (MDM) product and Microsoft system center configuration manager (SCCM). “It’s a complementary environment and I consider Duo as a security solution that minimizes the risk of data breach due to stolen credentials. The additional perk of using Duo’s Platform Edition is that I can get insights into the security health of all managed or unmanaged devices and set policies to allow or prevent devices from getting access to applications based on the security health of the device. I can’t do that with agent based solution like MDM or SCCM.”
“I would recommend Duo to all admins considering deploying two-factor authentication for their applications," the IT Manager said. "Duo’s approach of providing access based on user and device health is perfectly aligned with the threats organizations face from attackers targeting users and their devices."