“Just go with Duo. It is proven, reliable two-factor authentication for Juniper that is easy to deploy and support. You can’t really do much better than that.”
— Dan Frye, Senior VP of Corporate Security
Global technology and management consulting company with about 1,000 employees working remotely
Concerned about vulnerability from phishing and spear phishing emails
Integrated Duo with their Juniper VPN in a matter of hours
Dan Frye is well aware of the avenues an attacker can use to break into the systems of — he hires them himself. As the Senior Vice President of Corporate Security, Dan subjects the systems and network of this globally-distributed technology and management consulting firm to a steady stream of social engineering, phishing and pen testing. According to Dan, "We've got roughly 1,000 people in the company. Most of those are remote. Our testing found that one of our main threat gateways was around remote access to our Juniper VPN. Phishing emails trying to trick people into giving up their login credentials posed a growing threat."
They took a two-pronged approach to mitigate the damage from phishing and spear phishing emails. One was to improve spam filtering and phishing filtering capabilities at the e-mail gateways. The second was to secure authentication credentials. They knew they were vulnerable if an attacker was able to steal the credentials of an employee. "At that point, two-factor just seemed like a no brainer, something that was out of band, easy to deploy and had a pretty good ROI to it".
As a Juniper customer for more than ten years, it was important to Dan that any security solution be able to seamlessly integrate with Sierra-Cedar's Juniper VPNs. For a time RSA was a viable option, but after a security breach where attackers compromised RSA’s network of tokens there were concerns about the integrity of their solution. Sierra-Cedar also considered PhoneFactor, but the two-factor solution they kept coming back to was Duo Security.
According to Dan, integrating Duo with their Juniper VPNs and getting it up and running only took a couple of hours. "Duo's instructions for integrating with a Juniper VPN were flawless. We went to the site, looked at the 'how-to' screen shots, and click, click, click we were finished. The instructions led us through what we needed to type, explained how the keys worked, we typed them in and were done. Duo was very, very simple." Dan says they've never had any real integration problems with Duo. Even when Sierra-Cedar acquired new companies they have been able to integrate Duo without any problems, whether the integration involved another Juniper solution or a different VPN product altogether.
Like most IT professionals, Dan would classify some of the users at Sierra-Cedar as "quite challenging at times." Dan was pleasantly surprised when even his most challenging users were able to sign up and use Duo without any problems. "The only time we get a trouble ticket is when someone replaces their smartphone. Other than that we don't get any trouble tickets about how to set Duo up or how to use it. It makes my job much simpler." Dan says the flexibility of Duo 2FA keeps users around the globe very happy. "They can use landlines, they can use SMS, they can use the smart phone app, they can use tokens. Duo allows our users to be mobile and flexible. That fits our business model really well."
When Sierra-Cedar initially announced that they were going to deploy two-factor, they received some pushback from people who had unhappy experiences with two-factor in the past. Dan says that changed as soon as they deployed Duo. "Once folks started using Duo, we had absolutely zero pushback. There was never any pushback on why we needed two-factor authentication. The pushback was always about how difficult it was to use other solutions. With Duo it is so easy — your phone beeps, you look down, you hit the button, you're in. It really is seamless. And the integration with Juniper was seamless too: People type in the username, password, hit an extra button, click the screen and that's it."
Dan recommends Duo often, "Both Duo's technological solutions and their people are reliable and flexible. We've been able to deploy Duo for a variety of use cases across a variety of international and domestic business units. We've never found a case where we couldn't use Duo."
To other Juniper customers Dan says, "Just go with Duo. It is proven, reliable two-factor authentication for Juniper that is easy deploy and support. You can't really do much better than that."