Washington and Lee University + Duo
Washington and Lee University in Virginia, one of the oldest liberal arts universities in the U.S., implemented Duo including Cisco Identity Intelligence and multi-factor authentication (MFA), across the college with only a small security team.
The rollout of Duo across the college not only protects us against the random attacks everyone has to defend against, but also against targeted, sophisticated attacks designed to cause the most disruption.
Challenges:
Washington and Lee University is a relatively small college with almost three centuries of history, but it faces very modern challenges. Like many educational institutions, attackers see it as a prime target, particularly for phishing and ransomware attacks.
The college has a small IT security team, tasked with keeping all of its systems safe. The team noticed a disturbing pattern—alongside the everyday cyberattacks that any organization faces, there were more sophisticated attempts to compromise credentials and then make use of the compromised credentials to gain network access. For example, attackers would wait until holidays or Friday evenings to try their luck with the stolen credentials, when there were fewer security staff available to respond.
The move to the cloud also made life more difficult. Physical location and being on the college network were no longer a good way to limit access, making a "zero trust" approach more suitable.
Washington and Lee University needed an identity security solution that would provide deeper insights into the attacks taking place, was simple to implement, and wouldn’t overwhelm its staff with help desk requests.
Duo's Solution:
Duo’s security solutions addressed the university’s challenges with:
- Cisco Identity Intelligence (CII): An AI-powered identity security solution that bridges the gap between authentication and access, CII provides insights into identity-based risk from all relevant identity sources to enable the right remedial action.
“Cisco Identity Intelligence has already been invaluable in identifying attacks—for example, a student apparently trying to log in from multiple countries at the same time—and finding and removing old unused accounts.” —Karla Bunn, IT Systems Analyst
- Simple rollout and integrations: Duo integrates seamlessly with virtually any application, creating the same experience whether users are working with Okta, Workday, RDP access, or other software.
- Intuitive user experience: The small team needed an MFA solution that was not only easy to integrate, but also simple for students and staff to use and avoided support headaches.
- Universal prompt: Duo’s universal prompt gives users the same login user experience across many applications, so they have a better grasp of what is being asked of them—and better equipped to resist credential compromise caused by MFA fatigue.
Benefits for Washington and Lee University:
The university rolled out Duo one department at a time, with some requiring more support than others. With Duo now part of everyday college life, the benefits have included:
- Better insights: The combination of Duo with Cisco Identity Intelligence has made it easier to identify attempts to infiltrate systems and identify old and orphaned accounts that create extra risk, meaning security has changed from being reactive to proactive.
- No perimeter, no problem: Although the college does not offer remote learning, faculty and students can access materials over breaks, at conferences, or from home. While on campus and on the college network, for example accessing data in a classroom from a secured and trusted device, MFA requests can be modified to not get in the way of teaching.
- Far fewer compromised accounts: The college was not only fighting against attempts to compromise credentials, but also against the use of credentials that had already been compromised through reused passwords, successful phishing attempts, and more. The implementation of Duo and CII has greatly enhanced security by significantly reducing the number of compromised accounts to nearly zero, and prevented the successful use of for those few credentials that did get compromised.
Using Duo is a “no brainer”
Washington and Lee needed MFA to protect the university’s systems and its users. However, there was a need for more than a basic MFA solution to tackle sophisticated threats, and to provide ongoing protection. Dirk van Assendelft, Director of Core Systems said:
“The decision for us to use Duo was easy. We didn’t just need multi-factor authentication; we needed something that would integrate easily and become our one-stop solution for identity-based threats—and Duo delivers that.”
Bunn added that ease of use was critical to the rollout’s success, and that it was important not to interrupt teaching time:
“The universal prompt means that our users not only find it easy to log in, but it also becomes familiar, every day, and easier to spot attempts by bad actors to subvert the system. There is now an expectation that if you’re a student, faculty, staff, or even a vendor or volunteer, you will be using Duo whenever authentication is needed. This expectation makes our lives far easier.”
