Duo Auth Proxy
New Duo Integrations Enhance Security Visibility and Threat Intelligence in SecureX Platform
Success in many occupations depends on being visible. Any pilot, professional athlete, or security operations (SecOps) analyst can attest to this. Simplicity is another. Making decisions is made simpler and more effective when you have the resources and knowledge you require at your fingertips. On the other side, poor visibility frequently results in errors brought on by a lack of insight. Additionally, dealing with various or excessively complex systems can be irritating and time-consuming. These are some of the issues we’re trying to solve with our recent announcement that SecureX, Cisco’s cloud-native security platform that connects the depth of Cisco’s integrated security portfolio and the customer’s infrastructure for a consistent experience, has integrated telemetry from Duo’s Trust Monitor and Device Insight features.
Enhanced Security Visibility and Threat Intelligence
To draw attention to unusual login activity and aid SecOps in looking into potentially compromised accounts, Duo launched Trust Monitor in November 2020. In order to do this, Trust Monitor gathers and instantly analyzes authentication data (telemetry) in order to create user profiles that it then compares against upcoming login attempts. For instance, Scott routinely uses Microsoft Office on his Mac running macOS Monterey from California each morning at roughly 7:30 a.m. If Scott’s login information is suddenly used at 2:00 a.m. to access a finance application from a Windows 10 PC in Asia, Trust Monitor flags the login attempt as possibly suspicious since it differs from Scott’s typical login behavior and may indicate that his account has been compromised. SecOps analysts have better security visibility into possible attacks when this information is made public.
Device Insight inventories endpoints to offer information on device status, whereas Trust Monitor flags unusual logins. How many network endpoints, for instance, are running the most recent OS? The browser must be current. How about the Java and Flash plug-ins? Customers of the Duo Beyond edition can filter by trustworthy and untrusted endpoints. The Mobile Devices website offers more specific information on OS versions per device, smartphones and tablets that have been modified, and the use of security features like screen lock, disk encryption, and biometrics.The operating system and browser versions of the devices used to access the network over the preceding seven days are displayed on the Laptops & Desktops page, which is also present.
We’ve advanced the situation in 2022. Customers of Cisco Secure who subscribe to Duo Get or Beyond can now access Trust Monitor and Device Insight telemetry straight from their SecureX dashboard. Trust Monitor and Device Insight join the other Cisco Secure products in the SecureX ecosystem to give SecOps analysts improved threat intelligence. By using such data, analysts can better understand their current security posture and policies and take appropriate action to increase (or decrease) access requirements as necessary.
Benefits of the SecureX Ecosystem
In addition to providing high-level visibility into security events and endpoint posture, the integration of Trust Monitor and Device Insight telemetry into SecureX has further advantages. Through an integrated security ecosystem strategy, businesses that use Duo in conjunction with other Cisco Secure technologies achieve their security objectives more quickly and effectively. SecOps teams can also: thanks to the integration:
- Consolidate user endpoint information with Duo authentication log data to extend and improve threat detection and cybersecurity visibility.
- Simplify security operations by using a single platform to access security event data from throughout the network environment.
- Assemble and connect information on global threats to give a unified overview of the danger landscape.
- Getting rid of the requirement to log into the Duo administrator dashboard separately will reduce the amount of time spent on manual activities.
- By presenting actionable security events from several Cisco Secure solutions, reduce the amount of time needed for remediation.