Guest blog courtesy of Cisco.
The security industry has diligently battled compromised credentials, evolving from passwords to multifactor authentication (MFA) to passwordless — our most secure and phishing-resistant method to date — and one that is fully supported in Duo. Despite these advancements, we still see many identity-based breaches year over year. Why?
For one, MFA coverage is still vastly incomplete, with weaker forms of MFA now easily bypassed by attackers. And second, organizations still face practical challenges deploying passwordless solutions. Despite their remarkable security value, our 2024 Trusted Access Report reveals that passwordless methods still account for less than 5% of authentications.
This means there are serious holes in our authentication armor today. To duct tape over these gaps, we’ve often demanded our users repeatedly prove their trustworthiness — a cumbersome and frustrating experience.
To simultaneously address the increase in identity-based attacks and ease the frustration of repeated authentication, Cisco Duo is proud to announce our new solution: Continuous Identity Security. Continuous Identity Security minimizes these gaps today in chaotic real-world environments with multiple identity providers (IdPs), hybrid workforces, unmanaged devices and legacy applications. With Continuous Identity Security, you can be safer while working towards a passwordless future.
“Continuous Identity Security minimizes these gaps today in chaotic, real-world environments with multiple identity providers (IdPs), hybrid workforces, unmanaged devices and legacy applications. With Continuous Identity Security, you can be safer while working towards a passwordless future.”
To deliver Continuous Identity Security, Duo has developed two new pieces of functionality: deep integration with Cisco Identity Intelligence and a seamless new access experience, Duo Passport.
Our integration with Cisco Identity Intelligence adds value on top of your identity and security investments like Microsoft Entra and Okta. It uses AI to analyze all identity-related activity across all accounts, all devices and IdPs to provide deep visibility into identity infrastructure and continuously inform Cisco Duo enforcement points.
The benefit is twofold. Organizations get a strong understanding of what’s happening in their identity environments, enabling them to improve posture by increasing MFA coverage, decreasing dormant accounts and controlling administrator privileges more concisely. Additionally, Duo access decisions are now enriched with identity data. For example, if an administrator takes a risky action or a dormant account attempts access after months, Duo can increase authentication requirements.
If Cisco Identity Intelligence enhances security, Duo Passport dramatically enhances user experience. Passport takes the promise of traditional Single Sign-On (SSO) solutions (i.e. one login, many use cases) and expands it beyond SaaS apps to multiple browsers, operating systems and thick clients. Now, a user can login securely to their laptop and that trust will be seamlessly brokered to the web, but also to thick client logins like a VPN. The experience is seamless and secure for end users, drastically reducing the repeated authentication requests they face daily. In fact, a preview customer reduced authentications by 66% in their environment.
“In fact, a preview customer reduced authentications by 66% in their environment.”
However, the expedited experience only persists in trusted scenarios. Duo will continuously assess the risk throughout the user’s session — before, during, and after login. In suspicious situations, Duo will dynamically increase authentication requirements, or even block a user.
With Continuous Identity Security, organizations can protect themselves against the sharp rise in identity-based attacks — all while maintaining a seamless access experience for their end users. Security is better because organizations now have deep visibility into identity environments and access decisions are enriched with both device and identity context. Yet, user experience is also improved because Passport and continuous analysis means trust can be shared between authentication checkpoints, reducing authentication frustration.
While the ultimate goal is a fully passwordless landscape, the journey there is complex. Duo offers a powerful new solution for today's security challenges. With Continuous Identity Security, we make a large step forward in our commitment to frustrating attackers while delighting users. If you’d like to learn more about Continuous Identity Security, register for our webinar, read more at our solution page, or just drop us a line.