"Ninety-nine percent of attacks can be blocked with multi-factor authentication (MFA)” is an oft-discussed quote from 2019. Since then, MFA has since become a necessary defense for any cybersecurity strategy to defend against attacks.

But times change, and what solved our challenges in the past doesn’t necessarily work today, at least not in the same form. Attacks have evolved. New threat types such as push-bombing, social engineering, and spear phishing are forcing organizations to do more than rely on MFA alone. To stay protected, you need to increase the effectiveness of your MFA with powerful next-generation capabilities such as passwordless, risk-based authentication, adaptive access policies, and identity visibility tools. But with so many MFA solutions available, how do you identify the one that best suits your organization?

5 Key Criteria to Evaluate

In our MFA Buyer’s Evaluation Guide, we go in depth on the five key criteria you should look for in any security solution.

• Security Impact — The most critical security aspects of an authentication solution are how effective it is against threats related to credential theft and account takeover as well as its underlying security and reliability. If the primary goal is to reduce the risk of a breach and a solution is easily bypassed or doesn’t provide comprehensive protection that keeps up with and responds to new and changing threats, it’s not worth implementing.

• Strategic Business Initiatives — Consider how MFA integrates with your business initiatives, both now and in the future. This includes legacy systems, bring your own device (BYOD), remote work, and the adoption of cloud applications. Another business driver to consider is compliance regulation requirements, which can vary by industry and location.

• Total Cost of Ownership (TCO) — TCO is everyone’s favorite topic. It’s another way of saying, “What’s this really going to cost me?” Total cost of ownership includes all direct and indirect costs of owning a product. For an MFA solution, that can include hidden costs such as upfront capital, licensing, support, maintenance, and other unforeseen expenses over time, like professional services and ongoing operation and administration costs.

• Time to Value — Another favorite topic is time to value, something we like to call time to security. Time to value refers to the time spent implementing, deploying, and adapting to the solution. Determine how long it takes before your company can start realizing the security benefits of an MFA solution. This is particularly important if you ever experience a breach or security incident.

• Required Resources — You’ll want to consider the time, the personnel, and any other resources required to integrate your applications, manage users and devices, and maintain your solution. Your MFA provider should be able to tell you what they cover and where you need to fill in the gaps.

With the increase in attacks targeting your users’ identities, you also want to look for a solution that delivers identity security. According to a report from Cisco Talos, Cisco’s threat intelligence and research organization, in the last year, 80% of breaches leverage identity as a key component. So, when you’re evaluating MFA solutions, make sure you look into their identity security capabilities so you can protect against threats designed to steal your users’ identities and then use those credentials to launch attacks that can lead to a breach.

Duo Can Help

Now that we’ve identified the criteria to evaluate in an MFA solution, let’s take a look at how Duo can help you achieve modern protection without getting in the way of your users:

1. Security Impact
   
   Duo protects access to all your apps including enterprise cloud apps, on-premises and web apps, and custom apps that use SAML or OIDC. Pretty much any app you can think of. Duo passwordless reduces your reliance on passwords, improves user experience, reduces IT overhead, and strengthens security posture.
   
   Duo Risk-Based Authentication takes baseline authentication behavior and evaluates contextual signals to dynamically adjust authentication requirements in real time. With Duo and Cisco Identity Intelligence, you can detect identity-based risks from all your identity sources—identity providers, HR and ticketing systems, and more—to take the right remediation action. You can also identify gaps in MFA coverage, dormant accounts, and privilege creep to reduce the risk of a breach

2. Strategic Business Initiatives
   
   Achieving the initiatives that drive your organization forward is critical to its success. Moving to the cloud? Duo is built on a scalable, cloud-based platform that requires minimal setup and removes costly maintenance. Need to lock down application access to only managed devices or allow access from personal devices with a bring your own device (BYOD) policy? Duo Trusted Endpoints lets you do both.
   
   With Duo Passport, you can provide a secure and seamless sign-in experience that increases workforce productivity and lowers the administrative burden for IT. Duo can also help meet compliance requirements and regulatory framework guidelines such as PCI, HIPAA, GDPR, NIST, and others.

3. Total Cost of Ownership (TCO)
   
   Duo makes it easy to understand the full cost of acquiring an MFA solution. We offer a simple subscription model priced on a per user basis, billed annually, with no extra fees for new devices or applications. With Duo MFA, you get the most value with no hidden costs such as upfront capital, licensing, support, maintenance, operating or other unforeseen expenses over time.

4. Time to Value
   
   Duo lets you try before you buy, helping you set up pilot programs before deploying Duo to your entire organization and realizing the value of your investment.
   
   Quickly add new users through bulk enrollment, self-enrollment, or a directory sync. The Duo Mobile app allows users to easily download the app onto their devices, while a self-service portal also lets them manage their own accounts and devices, reducing help desk tickets and support time.

5. Required Resources
   
   Duo integrates with all of your apps with no need for extra hardware, software, or agents. Extensive documentation, APIs, and SDKs make implementation seamless. Because Duo is a cloud-hosted solution, updates are rolled out frequently and automatically to patch for the latest vulnerabilities, so you don’t need to hire a dedicated team to manage the solution.

Looking Deeper

Regardless of where you are today with your MFA, it’s important to evaluate any solution in the context of these criteria. If you’d like to dig deeper into each criteria, we’ve got more information in the MFA Buyer’s Evaluation Guide.

You can also watch our on-demand webinar, Get Defensive With Your MFA, as well. Remember, times change, and threats evolve, so your MFA solution should as well.

Throughout my career, I've had the privilege of working across several diverse industries. One aspect that consistently captivates me is the unique jargon associated with each role—terminology that often seems bewildering at first. For instance, in the semiconductor industry, "doping" isn't related to any athletic scandal; rather, it refers to altering the electrical properties of silicon. In the pipeline corrosion prevention field—which, believe it or not, is quite real—a "holiday" isn't about taking time off but rather indicates a spot where the pipeline's coating has chipped away, exposing the metal to potential damage. Working with IT administrators, I've learned that "agent fatigue" doesn't relate to a weary CIA operative. Instead, it describes the challenge they face when managing multiple vendors' applications on their organization's devices.

Given the saturated landscape of applications, IT administrators must be discerning about which ones to deploy across their fleet of devices and users. The process doesn't stop at deployment. Administrators also face the ongoing challenge of maintaining these applications and ensuring they operate smoothly within the organization's infrastructure. Additionally, gaining approval from leadership adds another layer of complexity, as they must demonstrate the application's benefits and align it with strategic goals. It's no surprise then that selectivity is crucial, as each application must deliver significant value to justify its integration into their systems.

Understanding these challenges has driven our strategy for building out Duo Desktop, our lightweight client application. To be a contender for prized space on a user's machine, we need to deliver substantial value to our users. For this reason, we have evolved the application from merely providing health checks to incorporating a myriad of features that ease the burden of MFA, enhance security, and offer an additional method of authentication.

Duo Passport: Streamlined Access and Enhanced Productivity

Imagine logging into your work device and being able to navigate through all approved web and local applications without the constant interruption of authentication prompts. Duo Desktop with Passport makes this a reality by providing a streamlined login solution that minimizes MFA fatigue. Users enjoy a single, secure login experience, allowing them to move effortlessly across applications, browsers and thin/thick clients while maintaining productivity. Duo keeps your users secure without getting in their way with relentless authentication prompts.

Proximity Verification: Phishing-Resistant, Seamless Authentication

Duo Mobile and Duo Desktop's Proximity Verification offers a powerful defense in the fight against phishing. Utilizing Bluetooth Low Energy (BLE), this feature ensures your devices are nearby when logging in and automatically responds to the push verification without requiring user input. The magic lies in the secure communication between Duo Desktop and Duo Mobile, providing seamless, phishing-resistant authentication.

Duo Desktop Authentication: Secure Access Without Additional Devices

There are times when a smartphone or hardware token might not be available, and Duo Desktop Authentication is ready to fill that gap. It allows for secure authentication directly from your laptop or desktop, ensuring you're always equipped for secure access, regardless of the situation. It’s a straightforward solution that simplifies authentication, making security accessible and reliable.

Risk-Based Authentication: Dynamic Security Tailored to You

Security needs can vary greatly depending on context, and Duo's Risk-Based Authentication adapts to this reality. By assessing risk levels in real time, it tailors authentication requirements based on user context, location, and device proximity. This means you get a higher level of security without compromising user experience. It's dynamic security at its finest, ensuring protection while keeping the process smooth and user-friendly.

Health Checks: Continuous Security Compliance

Maintaining the security of your devices is a continuous process, and Duo Desktop's Health Checks are here to help. This feature acts like a vigilant guardian, continuously assessing your device's security posture. It checks critical elements such as your OS version and patch level, password protection, disk encryption, firewall status, and security agents. By ensuring your devices meet security standards, Health Checks play a pivotal role in protecting access and maintaining compliance, giving you peace of mind.

Trusted Endpoints: Safeguard Resources from Untrusted Access

Duo's Trusted Endpoints feature identifies and verifies devices that are owned or managed by the organization, effectively blocking access from untrusted endpoints, like unmanaged devices with poor security or devices used by an attacker. This proactive approach ensures that your resources are safeguarded against unauthorized access, providing a robust layer of security. This can be really helpful in scenarios where users have limited access to advanced second factors or are at greater risk to MFA phishing attacks.

Duo Desktop has been thoughtfully designed to provide substantial value that earns its place on users' devices. With advanced features like easy MFA and strong security, it simplifies management and fits right into your strategic goals. As you consider the applications that will best serve your organization, count on Duo Desktop to be the reliable partner that not only meets your needs but goes above and beyond. We're dedicated to constantly improving Duo Desktop, ensuring it remains the top choice for IT admins by making deployment and maintenance as simple as possible.

As many a podcast host will tell you, it’s about time you used a consumer or personal Virtual Private Network (VPN). VPNs have become commonplace, serving various purposes from the noble, like protecting an individual’s digital footprint, to the dubious, like accessing geo-restricted content.

However, personal VPNs present a hidden threat when misused by attackers to obfuscate their location, posing significant security risks to organizations. Understanding and addressing personal VPN use is crucial for IT and Security teams to protect their networks effectively.

CISA Highlights the Risk of Personal VPN Use

VPNs are often touted as tools for privacy and security, but they can also be exploited by threat actors. The Cybersecurity and Infrastructure Security Administration (CISA) has highlighted their effective use in attacks. To subvert detection logic that relies heavily on IP address, threat actors are adopting personal VPNs to blend in with typical users. This tactic can make malicious connections harder to distinguish, enabling attackers to sneak through the cracks more easily.

The Role of IT and Security Teams

To safeguard your organization's security, it is vital to have a clear policy on personal VPN use. Depending on your organization's security requirements, you might consider banning them altogether or regulating their usage. Policies should be designed to prevent unauthorized access while allowing legitimate use cases under strict guidelines.

Detecting Personal VPN Use

Effective detection and response to personal VPN usage begins with understanding personal VPN use within your workforce. One way to gain this visibility is to use Cisco Identity Intelligence. This tool aggregates identity and access data across multiple sources and then provides a powerful analytical layer on top. One of its popular checks is designed to identify users logging in from personal VPNs, potentially evading IP-based controls and detections.

With compatibility across platforms like Microsoft Entra ID, Okta, Google Workspace, Salesforce, and Duo, Identity Intelligence provides a comprehensive view of VPN-related activities, helping teams verify usage against corporate policies and clarify access policies with users.

Strengthen Your Security Posture

Incorporating a robust detection mechanism for personal VPNs is a proactive step towards enhancing your organization's security posture. Evaluate Duo and Cisco Identity Intelligence to gain deeper insights and control over VPN activities within your network. By taking these steps, you can ensure that your defenses remain effective against evolving threats. If you’d like to learn more or see a demonstration, contact your Duo representative or reach out to a Duo expert.

Customers expect their managed service providers to be knowledgeable, reliable — and fast.

When a business faces an IT issue and needs assistance, every minute lost means a hit to productivity and mounting frustration on the part of the customer. As time ticks on, the MSP responsible for fixing the problem bears the brunt of this frustration, especially when it takes too long to even acknowledge there’s a problem.

Angry clients are more likely to find a new MSP, which makes fast response times crucial to maintaining a healthy, long-lasting relationship. IT issues happen, but helping employees get back to work quickly reassures clients that they’re in safe hands for future issues. It avoids a “snowball effect” where one small mishap creates bigger problems elsewhere as delayed tasks cause work to grind to a halt.

Best Duo practices to drive faster response

Unlike other emergency services, MSPs can’t respond faster with a blue light and a siren. Instead, MSPs can do two things to improve their response time: first, take steps to make sure they can act quickly and second, prevent future issues — and tickets — from happening in the first place.

As security’s new first line of defense, the right identity solutions offer a lifecycle advantage that delivers on both fronts.

Know the right tools to respond and act quickly

1. Deploy strong security in minutes

Speed to security is critical for clients facing an active attack or meeting an audit deadline. Duo helps MSP deliver on MFA, SSO, and device trust quickly — starting with the initial rollout.

Duo’s user-friendly and guided interface makes onboarding easy and makes sure a client’s first contact with the MSP’s support team is a good one. Complete deployment in minutes and have users choose between different authentication options, selecting the one that works best for their needs.

Watch: Duo MSP Tech Talks Customer Deployment in 60 Minutes

2. Streamline with a multi-tenant administrator dashboard

With many clients to manage, centralizing day-to-day operations delivers a valuable speed advantage. The Duo multi-tenant Admin Panel dashboard allows MSPs to monitor and manage all client accounts from one place, simplifying oversight and speeding up incident response. Managing access from a single platform reduces the time support teams spend switching between different screens and systems so they can find and resolve real issues faster.

From a support side, it’s easier for a help desk or MSP to manage the queries that come in. You don’t want to have to run around and look at a lot of different places, and with Duo you can find everything in one place. —Ian O’Connell, Security Operations Center Team Lead, CommSec

Read the full MSP Case Study

3. Verify caller identities as they come in

Sometimes the most critical security step is verifying the caller on the other end is who they say they are, which is not always an easy feat. With Duo’s built-in helpdesk verification tool, send a push notification to the person requesting assistance directly from the Admin Panel.

Verify Users with a Duo Push. Get the documentation for Help Desk Push

Read more: Defending Against Help Desk Attacks

Decrease tickets and save more time

The MSPs with the fastest response times aren’t necessarily going to be those with the largest support staff — although that doesn’t hurt. Rather, ensuring that support teams that aren’t buried in unnecessary requests can definitely contribute to a speedier reply and greater focus on improving security.

4. Set smarter access policies

Making authentication as simple as possible for trusted users means they are far less likely to need help. Duo lets MSPs reduce the need for repeated logins and manual intervention by setting security policies that automatically adjust based on the context of end-users’ access requests. A risk-based approach changes the level of authentication required based on factors such as location, device, and network connection.

Learn: Duo Risk-based Authentication

5. Turn on self-service remediation

Avoid having a user submit tickets in the first place with built-in self-remediation. When users do need help updating OS, Duo guides them through a remediation process can avoid the need for a support ticket altogether. Many people prefer to reset their passwords or update devices on their own, and self-service reduces the workload for the MSP at the same time.

Demo: Guided User Self-Remediation

6. Stay on top of security with automated alerts

Automated alerts and comprehensive reporting let the MSP team identify and address potential threats — before clients get in touch. Parsing through authentication logs can help reveal issues that can be fixed before the customer is even aware, especially for MSPs managing larger organizations.

With Cisco Identity Intelligence, get a level of visibility across a client’s Duo deployment and other identity storages. Set up email alerts for the security issues your clients care about, like dormant accounts, shared authenticators, and over-permissioned users. Or, MSPs can directly integrate findings with ticketing services to open new tickets and display existing tickets related to discovered users.

Use Cisco Identity Intelligence to drill down into and report security concerns, like which client accounts aren’t protected by MFA.

Stay on top of security and compliance concerns and show clients the value of identity threat detection and identity posture management.

Learn: Duo + Cisco Identity Intelligence

Deliver a win-win experience with Duo MSP

MFA is often the first step in a cybersecurity journey. Duo ignites those ‘what else are we doing?’ thoughts with our customers, and that’s been very positive for us as well.” — Michael Piekarski, Director of Cybersecurity at Arraya

The MSP business model relies on recurring revenues, and this depends on delivering fast, reliable service. Profitability also depends on resolving queries without having to make a site visit whenever possible.

Clients judge MSPs on how well they handle day-to-day support requests as much as they do IT infrastructure overhauls and new software rollouts. The more responsive and resilient the service an MSP provides, the happier customers will be — and the more profitable their own business will be – in the long run. Secure, simple identity workflows reduce response times in the right way to keep users and clients happy, reduce support teams’ workloads, and scale to drive future growth.

Duo’s “no-barriers-to-entry” MSP model allows products to be deployed with no downtime or lengthy sign-up and certification processes. Strong documentation and a simple, straightforward app and intuitive admin panel make it easy to roll out new services quickly.

Learn how to join the partner program today by visiting the Duo MSP page.

Users don’t like passwords and logging in, period. MSPs should like passwords even less since, according to Gartner, 40% of all help desk calls are related to password resets. That’s valuable time the staff could spend resolving bigger problems faster.

While the enforcement of multi-factor authentication (MFA) makes logging in more secure, it inevitably runs the risk of adding steps to a process users already find annoying. When people get frustrated by juggling too many credentials, PINs and devices, they tend to find workarounds.

These shortcuts creatively circumvent security practices in favor of convenience — like saving passwords to a browser, or extensions that automatically enter MFA codes. While this may avoid authentication fatigue, it certainly risks and may even violate some security standards.

MSPs have the opportunity to deliver better, faster, more secure authentication that clients will actually adopt. Turn on Duo Passport in two clicks and offer a true single sign-on experience with all of Duo’s award-winner, user-friendly interfaces.

Eliminate repetitive logins with Duo Passport

Most users don’t mind logging in once at the beginning of the day, but logging into multiple services several times a day would test anyone’s patience. Each attempt is a point of friction for the end-user, having to pull out their phone or punch in yet another 6-digit code just to check their email.

MSPs can solve this with a single sign-on experience that begins with the first operating system login and carries clients’ employees through their entire workday. Duo Passport enables seamless access even as the user switches to new applications, including browsers, traditional SSOs, and thick client apps like Outlook or VPN, reducing logon fatigue.

With Duo Passport, the user logs in once, and their authentication status is maintained across all applications, both in the browser and on the desktop. Once authenticated, Duo continually verifies trust for every access request based on adaptive and risk-based policies behind the scenes — without re-prompting users for authentication. This seamless experience means that end-users can focus on their work without constant interruptions, and administrators still get a comprehensive log of login attempts.

"Duo Passport reduced end-user authentication by more than 65% in one customer, who tested it over several months."

For MSPs looking after multiple customers and many users, the number of authentications necessary each day drops dramatically — as do the number of issues that the MSP needs to resolve.

Bring Passwordless to the Windows Logon Experience

Securing Windows Logon continues to drive demand for managed security services and is one of Duo’s most popular MSP use-cases. Cisco Duo is thrilled to announce that Passwordless Authentication for Windows Logon is now generally available in all Duo Editions.

An improved user experience makes adopting new security a welcome change instead of an imposition. Duo Passwordless was built to make the experience of logging in faster and easier than ever, without compromising on strong authentication.

Duo Passport and Passwordless build upon Duo’s popular Windows Logon protection to enable authentication at the OS level, making it the first thing people do and the last time they need to authenticate, unless there is a risk-based reason for more security. Together, the two capabilities deliver a true and secure single sign-on experience for the workforce right when they start their day by logging into a Windows device.

Read the full GA announcement: Announcing Passwordless Authentication for Windows Logon

Speed to Security and ROI with Duo MSP

For MSPs, rolling out new security functionalities can be a more involved process. Even so, the benefits of reduced costs and stronger security are hard to ignore.

Administrators have been pleasantly surprised by the ease of setting up Duo Passport, with only two clicks required. Designed to be a layer of security that works with any customer environment, Passport is compatible with most identity providers and supports managed and unmanaged devices. This simplicity translates into reduced administrative burden and faster implementation. Once Duo Passport is up and rolling, the ongoing care and feeding of the feature is minimal.

Duo Passport is an essential step on our road to making secure access the default for our customers. We selected Duo as our partner because of their attention to ease of use and their expertise across platforms. We are accelerating our deployment of Duo Passport to maximize the strength of our customers’ defenses while we keep interruptions of their workflows to the minimum.” — Justworks, a pure play MSP founded in 1996

Add Duo Passport, Passwordless, and advanced identity security to your managed offerings through the Duo MSP Program. Duo allows MSPs to manage all customers in one console, offering pay-as-you-go pricing to scale with the business, lower TCO, faster ROI, and the support needed to start your customers on the path to stronger security.

The best way for MSPs to get started is by trying out Duo Passport and passwordless functionalities themselves with program NFR licenses. Learn more about setting up Duo Passport on our documentation pages or click-through a demo of Duo Passport in action.

Join the Duo MSP program today

To offer your customers world-class identity security with fast ROI and a beloved user experience, visit the Duo MSP page.

A new set of 2025 HIPAA security updates are on the horizon, bringing significant changes that aim to bolster the protection of electronic protected health information (ePHI). As cyber threats intensify, these updates are more than just regulatory formalities; they are critical measures to safeguard sensitive data.

Published in early January, the 2025 HIPAA Security Amendments are set to significantly enhance the protection of ePHI. The proposed changes are based off the US Department of Health and Human Services’ (HHS) goals of both addressing changes in the health care environment and clarifying what compliance obligations look like for regulated entities.

Organizations have 180 days to reach compliance according to stricter standards of identity cybersecurity if the proposed updates pass.

In order to be prepared, here are four things your organization or managed security service provider should focus on:

1. Deployment of mandatory security controls

2. Securing against known vulnerabilities

3. Documentation for annual audits

4. Clear goals for visibility, prevention, and remediation

But first, a quick recap of how the standard has evolved.

Background on the HIPAA Security Rule

The last major revision of the HIPAA Security Rule dates back to 2013 and the “Omnibus HIPAA Final Rule,” introduced to strengthen patient privacy and security protections. Amongst other requirements, the HIPAA Omnibus Rule of 2013 made business associates of covered entities directly liable for HIPAA compliance and adopted a four-tiered civil monetary penalty structure for violations that bumped the maximum fine from $25,000 per year to up to $1.5 million. That is to say, healthcare organizations and business partners may face greater liability in case of a security breach.

Between 2022 and 2023, the HIPAA Journal reported a jump from 51.9 million to 168 million records impermissibly disclosed. In 2024, the average data breach size jumped from 225,000 to nearly 400,000, though reports are still being counted. These alarming statistics underscore an urgent need for an amendment that encourages more stringent security measures to protect patient information.

Imaged sourced from HIPAA Journal, January 20, 2025

Key proposed changes to HIPAA Security Rule in 2025

1. Deploy mandatory security controls, such as MFA

“[The Department] provides that MFA as a source of identity and access security control is an important means to control access to infrastructure and conduct proper change management control.” — HIPAA Security Rule To Strengthen the Cybersecurity of Electronic Protected Health Information, 2025, p. 87

The implementation of multi-factor authentication (MFA) is no longer optional. While the current Secure Rule allows distinction between “required” and “addressable” implementation specifications, the 2025 update makes all implementation specifications required with only specific, limited exceptions. That makes deploying security controls like MFA to all users essential for reducing unauthorized access risks.

In the proposal, regulated entities would be required to apply the proposed rule’s specific requirements for authenticating users’ identities through verification of at least two of three categories of factors of information about the user:

• Information known by the user, including but not limited to a password or personal identification number (PIN).

• Item possessed by the user, including but not limited to a token or a smart identification card.

• Personal characteristic of the user, including but not limited to fingerprint, facial recognition, gait, typing cadence, or other biometric or behavioral characteristics.

Cisco Duo’s award-winning MFA strengthens access control, providing an additional layer of security that is crucial for protecting PHI without adding unnecessary friction for busy end-users and health practitioners. Importantly, it protects against advancing identity-based attacks by offering wide coverage of authenticators—and the option to intelligently “step-up” login security according to detected risk patterns and access behaviors.

With the widest range of supported authenticators, Duo helps organizations transition away from weaker SMS and phone-call 2FA and towards push-based smartphone apps with verified number matching and phishing-resistant or passwordless authenticators.

Learn more about the types of Duo authenticators available.

2. Defining and preparing against known vulnerabilities

With the proposed amendment, organizations must now identify potential threats and vulnerabilities with greater accuracy, and with increased frequency at least once every six months (p.385). This includes insights across the supply chain, including external contractors and any partners who may have access to ePHI.

The Department also specifically updated the Security Role to define vulnerability, identifying that: “...exploitable vulnerabilities exist across many components of IT infrastructures including, but not limited to, servers, desktops, mobile device operating systems, web software, and firewalls” (p. 99).

In addition, HHS recommended that regulated entities “install vendor patches, make software updates, and monitor sources of cybersecurity alerts describing new vulnerabilities,” (p. 99) citing the NIST National Vulnerability Database and CISA’s Known Exploited Vulnerabilities Catalog.

Outdated software and operating systems pose common challenges for organizations looking to improve security—especially in a field like healthcare with several types of devices and legacy applications. One option is to install device managers like Cisco Meraki, Jamf, or Intune onto endpoints to enforce updates. However, for healthcare practices with contractors, unmanaged and BYOD devices, or simply desiring a less-invasive option, the management and maintenance of vulnerability patching can quickly become an IT strain.

Duo’s agent-free approach enforces device trust is at every point of authentication, checking for OS patches, firewall, encryption, and other security policies before granting access into sensitive ePHI. Without heavy, permission-demanding clients to install, Duo Desktop verifies the health and security of endpoint devices. The Duo Authenticator app also picks up on mobile device telemetry like if a device is running the latest OS patch, has full disk encryption enabled, and whether the device is jailbroken or rooted.

A lightweight client application for macOS, Windows, and Linux, Duo Desktop checks for device vulnerabilities before granting access. Available in Duo Advantage and Premier editions.

Duo analyzes what’s running on all users’ devices — managed or unmanaged, without the use of an agent. With data in an actionable device health report, administrators can easily see:

• An analysis of users’ devices, including current device OS, browsers, Flash and Java versions.

• Security health trends of all devices accessing business applications, including which devices are outdated or need to be updated by end users.

• The latest security events that may result in outdated devices, including a new browser or plugin update released by a software vendor.

Rather than pushing an update to the device, Duo encourages end-users to self-remediate out-of-date endpoints by only allowing access to protected applications if the device passes an organization’s configurable policies. This also cuts down on costly and unnecessary helpdesk and IT costs.

3. Have documentation for annual audits

Annual audits will now be a requirement for ensuring ongoing compliance according to proposed updates.

While the Security Rule does not currently require regulated entities to conduct internal or third-party compliance audits, such activities are important components of a robust cybersecurity program. Cybersecurity audits for insurance and regulatory bodies typically request paper trails documenting users, the applications they access, and the devices they’re accessing resources from. This can be challenging to deliver on—especially for supply chain partners or contractors with unmanaged devices.

Duo’s identity security solution provides complete device visibility into both managed and unmanaged devices. With Duo, you can maintain an inventory of all trusted devices accessing corporate resources, identify at-risk devices, and gain a deeper understanding of your security environment. This not only helps in preparing for audits, but more importantly continuously reduces risk by verifying trust of users, patching device vulnerabilities, and minimizing instances of shadow IT.

Duo’s dashboard provides security administrators with a snapshot of the overall access activity across their organization. The Duo Admin Panel simplifies ongoing compliance processes with comprehensive audit logs and reports for all users, applications, devices, and associated authentication behaviors, facilitating easier audit preparation and certification. Admins get timely lists of access attempts and the MFA protections in place for a specific user. They can also identify how many accessing devices have out-of-date operating systems and enable self-remediation.

A view of authentication insights in the Duo Admin Panel, available in all Duo editions.

“The dashboard gives us a high-level view of our organization. Useful information such as login failures, who logged into which application and when, number of deployed licenses and inactive users are all available right there. I can then easily drill down to the details of a specific login event with just a few clicks. We did not have this level of information before Duo.” — Security Architect, on how Duo helps to meet compliance and protect private patient information for a major healthcare provider in the Pacific Northwest. Read the full case study.

See the types of reports and logs available through the Duo Admin Panel.

4. A focus on visibility, prevention, and remediation

It’s clear that identity security will be a growing priority in 2025, especially with 80% of breaches leveraging identity as a key component according to Cisco Talos incident response reporting. Having complete visibility across an organization’s entire user environment is essential to reducing the risk of compromised credentials or other vulnerabilities—and a helpful tool for generating security reports.

With a complete view of your entire user inventory – including employees, contractors, and vendors – you can significantly reduce the risk of a breach and protect sensitive PHI data. Duo and Cisco Identity Intelligence pool insights across identity providers and storages, which make it easy to clean up dormant accounts, expand multi-factor authentication usage, and reduce administrator privilege creep. It also enables continuous status checks on the compliance requirements that are important to the industry.

Cisco Identity Intelligence adds a comprehensive layer of visibility, detection, and remediation that defends against security vulnerabilities outlined by HHS:

• Filter for users and identities that do not have MFA configured across all storage locations and MFA providers

• Get detailed insights on the devices accessing organization resources on a per-user basis, and set alerts for critical resources

• Run security checks that search for known vulnerabilities and align to security frameworks including MITRE ATT&CK, NIST, and CIS

• Generate reports on common audit requirements like MFA enrollment, license utilization, device operating system information, and shared accounts

A view of the checks performed by Cisco Identity Intelligence across all identity storages. Set up automated alerts for your organization’s security priorities, including checks aligned to industry and compliance frameworks. CII is available with the Duo Advantage and Premier editions.

The financial implications of these changes are significant, with estimated costs of $9 billion in the first year according to the Department of Health and Human Services (p. 302). However, the cost of inaction—potential data breaches, compromised patient safety, and legal repercussions—could be far greater. The Security Rule updates are not just about compliance; they are about safeguarding critical infrastructure and patient data, so visibility is key.

Take Identity Security to the Next Level with Duo

“The HHS 405(d) Program’s ‘Health Industry Cybersecurity Practices: Managing Threats and Protecting Patients’ recommends a layered approach to cyber defense (i.e., if a first layer is breached, a second exists to prevent a complete breach).” — HIPAA Security Rule To Strengthen the Cybersecurity of Electronic Protected Health Information, 2025, p. 86

The 2025 HIPAA Security Updates mark a significant shift in healthcare security practices. While MFA is a powerful tool that offers significant benefits in protecting PHI, it is no longer sufficient for the fight against unauthorized access. Identity security features like Duo’s device trust and adaptive authentication establish additional layers of security that both protect ePHI and defend organizational liability. For example, the ability to enforce security posture on the devices accessing sensitive patient health information with system reporting can help provide evidence of device encryption if equipment is lost or stolen.

Organizations that achieve compliance avoid audit penalties and enhance their overall security posture for future requirements. Duo’s easy-to-use interface and clear pricing reduces the TCO associated with traditional security tools like hardware tokens as well as deployment costs and undue burdens on IT teams.

Duo helps protect confidential patient information by integrating with Epic’s EHR to provide secure remote access that’s tailored to the needs of the healthcare industry. Duo supports Epic's newest Hyperdrive e-prescription workflow and continues to support the original Hyperspace workflow.

When it comes to the go-live of this specific Security Rule update, stakeholders have a 60-day window to submit comments on the proposal. In the meantime, healthcare organizations should begin reviewing their security programs internally or with their security providers and prepare for upcoming changes.

• For a fact sheet on the new HIPAA Updates, visit the HHS website.

• For more details on why Duo for Healthcare, visit the Healthcare solutions page.

• If you’re a managed service provider looking to become a Duo partner, visit the Duo MSP page.

Most people understand that Multi-Factor Authentication (MFA) is important. Among the myriad of security measures, MFA stands out as a crucial control to safeguard sensitive information and prevent breaches. Despite its effectiveness, many organizations still face challenges in achieving comprehensive MFA adoption across their entire user base and applications.

The Role of MFA in Preventing Breaches

MFA significantly reduces the risk of unauthorized access by requiring users to provide multiple forms of verification. According to Microsoft, enabling MFA can block over 99.9% of account compromise attacks. This statistic underscores the vital role MFA plays in an organization's security posture, making it an essential component in the fight against cyber threats.

The Need for Comprehensive MFA Coverage

Partial MFA deployment is akin to locking every door to your house – except one. If there’s a door open, attackers will find it – it's just much easier to waltz in an unlocked door! Organizations that roll out MFA only to select users or applications inadvertently create vulnerable points. To secure the organization more fully, it is imperative to extend MFA coverage universally, ensuring no aspect of the system remains exposed.

The Importance of Strong MFA

Not all MFA methods provide the same level of security. Basic forms like SMS-based MFA are susceptible to SIM swap attacks and push-based MFA can fall victim to push bombing. Hence, organizations are advised to adopt phishing-resistant MFA options, such as Passwordless or FIDO2-based options. Don’t just take our word for it, phishing-resistant MFA is consistently and repeatedly recommended by the Cybersecurity & Infrastructure Security Agency (CISA). Research also indicates that as attackers become more sophisticated, they are increasingly able to bypass traditional MFA mechanisms, highlighting the need for stronger, more resilient authentication methods.

Introducing: MFA Adoption Dashboard

To help organizations maximize their MFA effectiveness, Duo’s Identity Intelligence functionality is introducing a pivotal tool: the MFA Adoption Dashboard. It synthesizes complex data into actionable insights, addressing the common challenges of MFA deployment:

1. MFA Hygiene and Threats: Prioritize key areas for improvement by identifying critical gaps and behaviors that may compromise security.

2. Factor Usage and Enrollment: Analyze enrollment versus actual usage to ensure MFA factors are not just installed but actively protect against breaches.

3. Passwordless Adoption: Highlight progress and areas needing attention in the transition to passwordless authentication.

These insights empower organizations to refine their MFA strategies, fortify their defenses, and maintain transparency with stakeholders through easy-to-understand reports and visualizations.

Achieving Comprehensive MFA Coverage

In conclusion, widespread and strong MFA adoption is a critical element in securing an organization's digital assets. By leveraging tools like the MFA Adoption Dashboard, organizations can gain a comprehensive understanding of their MFA posture and take actionable steps to enhance both coverage and strength. As cyber threats continue to evolve, it is essential for organizations to remain vigilant and proactive in their MFA implementation strategies, ensuring robust protection against potential breaches.

If you’re interested in learning more, reach out to your account representative or contact a Duo expert today.

Users are weird. That’s not a value judgement – it's just true that end users in an organization do all sorts of things. The job of IT and Security professionals is often to label this weirdness with value. Are these actions “good weird” (ex: taking a trip to a new location to close business)? Are they “bad weird” (ex: a user’s account has been dormant but now tries to sign in without MFA)?

The faster teams can make these judgements the better. Duo’s Identity Intelligence feature offers a powerful tool in this domain: the User Trust Level. This innovative approach helps organizations manage user-related risks more efficiently by assigning trust levels based on a comprehensive evaluation of user behavior and context.

What is a User Trust Level?

The User Trust Level is a dynamic assessment of risk associated with each user in your organization. Cisco Identity Intelligence calculates this level by analyzing various factors such as user behavior, context, and historical data from multiple identity sources.

The algorithm first sets out a framework of risk types. For example, there is “inherent risk” or the elevated risk of a powerful user like an administrator or executive. There is also “posture risk” or the risk of account takeover given the current security controls assigned to and used by the user. The algorithm maps risk to each of the various components using the data available (the more data available – the better) and then distills those components into an overarching User Trust Level. User Trust Levels range from "Trusted" to "Untrusted" and serve as indicators of how safe or risky a user is at any given time.

The Value of User Trust Levels

In an ideal scenario, User Trust Levels would be shared in real-time across all systems, seamlessly enhancing security workflows and policy decisions. Imagine a world where the slightest change in user risk is effectively accounted for and shared instantly with relevant access points like Secure Service Edge (SSE) or Firewall tools. These tools could always make the most informed decision possible about access. And, to be clear, Cisco is building this vision by integrating the User Trust Level into its broader portfolio. The philosophy of this effort is critical – because sharing enriched user context across the broader networking and security ecosystem is fundamental to an “identity-first” approach to Zero Trust.

How to Leverage User Trust Levels in Your Organization Today

While the theoretical benefits of User Trust Levels are significant, practical implementation requires some consideration. One key aspect to understand is that today’s User Trust Levels, though informed by a multitude of data points, should often incorporated into decisions as a directional variable, but not the only variable. They provide a holistic view of a user's risk profile over time and therefore should be used like IP reputation to inform actions and decisions.

User Trust Levels are best utilized in workflows where they can be assessed as part of a broader context. For example, in threat detection and response workflows, the trust level can help prioritize which users require immediate attention and remediation. An "Untrusted" user signals high priority and should prompt further investigation, especially when correlated with alerts from other security tools.

Another practical use case involves access policy decisions. As a concrete example, Cisco Secure Access can ingest the User Trust Level — and in the future, will be able to designate which resources a user can access or authentication requirements for users with a specific trust level. However, while it seems fine to use User Trust Levels for dynamic access control, the implications of doing so are important to consider.

“What happens when a user is blocked?” is a key question to answer. If access is denied based on a low trust level, there must be a clear process for users to regain access, preventing unnecessary disruptions. There are other ways to approach the problem as well. Perhaps risky users are not blocked outright – but they must perform a form of phishing-resistant MFA to gain access after being labeled “untrusted.”

On the flip side, when trust levels are "Trusted," there must also be stop gaps in case that User Trust Level calculation was missing a critical piece of information. Therefore, policy should never be so lenient such that the User Trust Level assessment is the only thing standing between an attacker and a valuable resource.

However, all this being said, User Trust Levels are still a great way to enrich all of these workflows and decisions! A User Trust Level is not a silver bullet, but it is a fantastic way to improve defenses.

Taking Concrete Steps Towards an Ideal Future

The User Trust Level is a transformative tool in the realm of identity security, offering a nuanced approach to managing user risk. By understanding its theoretical value and practical implications, organizations can better integrate it into their security strategies, leveraging it to enhance detection, response, and access decisions. As Cisco continues to innovate in identity intelligence, User Trust Levels will undoubtedly play a pivotal role in shaping the future of cybersecurity. To understand more about how to use User Trust Levels to secure your organization – contact a Duo expert.

“The best way to break in is through the front door.”

We’ve heard some version of this phrase many times over, whether it pertains to a bad actor physically breaking into a secured building or socially engineering an unsuspecting victim to provide access to protected information. The cybersecurity landscape is littered with front doors, while modern society’s reliance on digital technologies is only increasing. Inevitably, several times during the workday, employees need to enter their credentials to when they turn on or unlock their device with Windows Logon — the front door. The ability to safely access our computer plays a key role in developing trust in adopting these technologies which do more good than harm.

In the world of access management, we have seen wide deployment of multi-factor authentication (MFA) at the point of the Operating System (OS) to invoke the layer of something you know (i.e., a password) and something you have (i.e., a registered device). This move made it harder for bad actors to gain unauthorized access to the endpoint device and the data on it. Consequently, these adversaries have since adapted and continue to find creative ways to pass through the metaphorical front door of our machines. The latest trends notoriously involve a cocktail of push phishing, password spraying, stolen credentials and many other nasty ingredients.

To address the burden that these attacks place on ‘all those who want to protect their local logins’, Cisco Duo is thrilled to announce that Passwordless Authentication for Windows Logon (PWL OS Logon) is now generally available (aka GA) in all editions!

Passwordless for Windows Logon is compatible with Duo Passport, a new capability that we announced at RSAC 2024. Together, the two capabilities deliver a true and secure single sign-on experience for the workforce right when they start their day by logging into a Windows device.

See the video at the blog post.

How does this improve the proverbial front door?

Cisco Duo’s approach to a passwordless experience at the OS enables a stronger, usable defense in variety of ways (in addition to not having to enter your password):

Stronger

Useable

Where won’t Passwordless for Windows logon work yet?

This version of Passwordless for Windows logon will not work in RDP (remote desktop) sessions. Given the crossing of the trust boundary, our research shows that a different approach will be needed in the future to assert the trust of the same user on the same device.

This version of Passwordless for Windows Logon also will not work with the Remembered Devices policy (aka ‘Remember Me’) yet. This is because the removal of passwords at the entry point will require end users to prove they are who they claim to be via proximity + biometric while logging into the workstation to resume a session. We plan to investigate this as a feature offered in future versions, however!

Passwordless Offline Mode is coming soon — it is in our roadmap, but not here yet! The current experience will default to the existing Windows Logon Offline mode.

How can I try Duo Passwordless for Windows logon?

If you’re interested in trying out the release, you can find the release note. For installation specifically, look for the GA build, Version 5.0.0.0 on the checksums page. All are welcome!

For the past few years, we’ve observed an increase in identity-based attacks across all sectors. To illustrate the point, last quarter our own Cisco Talos team saw “a surge in password-spraying attacks.” In one of their documented cases, an organization reported that 13 million authentication attempts were made in 24 hours against known accounts. In the case of password spray, looking for startling increase in authentication traffic can be vital.

However, other identity-based techniques are difficult to detect because uncovering one stolen credential in a sea of valid sessions is like finding a needle in a haystack. IT environments are increasingly complex, and applications, security products, and identity providers don’t speak the same language, leading to more silos, even when everything was designed in the name of simplicity.

The Shared Signals Framework is a standard from the Open ID Foundation that seeks to solve this problem. The framework provides a secure way for entities involved in identity management to exchange signals that help ensure the integrity, trustworthiness, and security of user activity, even post-login. Service providers can broadcast any anomalies that could indicate session hijacking, account takeover, or fraud, so that other providers can quickly take action to verify that the user account is safe.

Cisco has played a key role in the development of the Shared Signals Framework, and we plan to continue our investment in the evolution of the standard. In 2021, we launched SharedSignals.guide to help developers learn about the framework and how to adopt it. One of our principal engineers serves as a co-chair of the Open ID Foundation’s Shared Signals Working Group, where he helps with the development of the standard. Most recently, in December of 2024, we attended the Gartner IAM conference interoperability event, where we demonstrated the power of Shared Signals in detecting and preventing session theft, a top security concern for our customers.

We partnered with AppOmni and SGNL to showcase a powerful story in which AppOmni identified a risky and compromised session and transmitted that event to Duo. Duo then revoked the Duo session and required the user to authenticate with a more secure factor via step-up authentication. In the final part of the demo, Duo transmitted the event to SGNL, who revoked the user’s SaaS application sessions. This helps security teams reduce the potential for lateral movement once a user’s credentials have been compromised, and importantly, significantly reduces the time to resolution. Attackers have easy access to toolkits that allow them to exfiltrate large amounts of data faster than a human can reasonably respond to. The Shared Signals Framework allows customers to respond to threats in real-time and ensure that the user is who they say they are.

Session theft is just one threat that the Shared Signals Framework can help protect against. Many different kinds of security vendors participated in the interop event in December, highlighting the capabilities of this new framework. We saw demos from MDM products, IGA vendors, and other identity providers that showed how Shared Signals can be used to dynamically change user permissions based on risk. If risk is detected on a device, for example, Shared Signals can help an organization minimize possible damage by locking down the identity and application sessions. Today, this would take a lot of correlation and time, all the while allowing the attacker to try and gain access to more sensitive resources, but Shared Signals makes this enforcement happen in real-time.

We are also exploring how Shared Signals helps deliver a better experience across Cisco products. Customers who use multiple Cisco security products together can look forward to Duo sharing identity data to a variety of products all in real-time for better security outcomes. Imagine, for example, that Duo detects a pattern of logins that are highly suspicious from a particular user. With Shared Signals, Duo could send that data to Cisco XDR to help enrich the detections happening there. With Cisco Secure Access, Shared Signals can help Duo communicate risk to cut off access to the network. We are very excited to see how Shared Signals with Duo can help on your identity security journey.

If you’d like to learn more about how Duo and Cisco are using Shared Signals – please feel free to reach out to your account team or contact us.

With the rate that new threats emerge, it may come as no surprise that cyber liability insurance can be traced back to 1997.

In its modern iteration, cyber liability insurance mitigates the losses and business costs associated with cyber incidents and resulting downtime. CyberCube, a company specializing in quantifying cyber risk, estimates that the U.S. standalone cyber insurance market could reach $45 billion in premiums by 2034.

It remains a challenge for smaller organizations to know exactly what insurers are looking for and avoid being priced out of policies. These smaller companies won’t have the resources to implement the holistic security strategy expected by insurers. At least not alone.

Today, many now turn to MSPs to provide technical support and help advise on an insurance policy (along with their digital infrastructure). But what do they need to know?

What would an insurer do?

Supporting SMB cyber insurance requirements means MSPs need to think like an insurer; what’s their customer’s data backup plan? Are endpoints protected? Are network ports closed?

The reality is that cyber insurance isn’t too dissimilar to traditional liability insurance. Home insurance is void if you leave your door unlocked, so why should cyber work any differently? Just like home insurers will recommend access control, cyber liability insurance has its own requirements:

1. Authentication is ‘key’ and a core requirement

Considered by insurers as one of the most important security controls, multi-factor authentication (MFA) protects against stolen credentials by using two or more factors to identify the user (beyond the traditional username and password). It is the best defense against identity-based breaches, preventing over 99% of account compromise attacks. In an insurer’s eyes, this represents the foundations of a zero-trust posture, i.e., the ‘locked door’ of your digital environment.

MSPs can support this MFA requirement, ensuring important nuances like integrating advanced protection for admins (with access to sensitive information), as well as covering all applications and edge cases. It’s also important to support two-factor authentication for Remote Desktop Protocol (RDP), which allows users to remotely access and control a computer. This is typically an easy way for threat actors to enter a system – Sophos found that RDP is abused in 90% of cyber-attacks!

2. Healthy devices reduce risk and keep premiums low

Hybrid work and increasingly diverse IT ecosystems have complicated the access conundrum, with many SMBs relying on a BYOD policy today. Insurers will expect stringent policies around devices accessing an organization’s systems – managed or unmanaged, with the full range of operating systems. MSPs can offer client value by managing and reporting on device health indicators such as firewall status, disk encryption status, presence of endpoint detection and response agents, and software vulnerability updates. Help SMB customers keep device hygiene risks low by setting device health-based access policies and enable users to self-remediate without having to open a ticket.

The best practices from five years ago tend to still be the best practices. An insurer just wants you to prove that you’ve implemented those best practices. And that will be very effective in bringing your insurance premiums down.” — Webinar: CyberCube and Duo Security Answer Top Cyber Insurance Questions

For more on what insurers look for, check out our ebook Cyber Liability Insurance for Small and Medium Businesses for the essentials.

What can Duo do?

Using the right tools is crucial to help SMBs meet cyber insurance requirements and reduce premium costs by putting security best practices in place. With Duo, MSPs can:

• Support leading authentication methods, including number-matching verified push, biometrics, FIDO2 security keys, OTP hardware tokens, mobile app and SMS passcodes.

• Reduce RDP risk by adding two-factor authentication to Windows and Windows Server logon scenarios.

• Integrate across more than 200 applications out-of-the-box, as well as devices or systems using RADIUS for authentication (Cisco Duo integrates with VPN or devices by installing a local proxy service on a machine within a network).

• Allow access to only devices that meet an organization’s trust and compliance requirements, and turn on guided self-remediation for end users.

• Improve endpoint security by ensuring devices are up to date through regular automated pushes and providing the ability to monitor and set access policies.

• Ensure organizations comply with changing industry regulations — like the Federal Trade Commission’s MFA Safeguard requirements — with compliance-friendly reporting and logs.

Duo MSP makes it easy for partners to buy, manage, and grow. Learn more about the Duo MSP program and its benefits on our partnership page.

Humans aren’t machines, and naturally they make mistakes. In fact, Verizon’s most recent Data Breach Investigations Report found 68% of breaches involve a non-malicious human element.

This is a statistic MSPs know far too well. They’re aware the human factor is one of the most unpredictable within the security mix. Combine this with remote working practices, and MSPs have a lot to manage. How can they help customers get secure access right?

Security or productivity — that's not the question

A hybrid workforce typically relies on a variety of devices, and the rise of BYOD (Bring Your Own Device) policies can create problems for security. Often, these devices are unmanaged and outside of an MSPs control, restricting the level of insight for making access decisions.

But hybrid work is here to stay. It has been adopted in 62% of workplaces, according to Zoom, and has catapulted remote access security to the top of the agenda. Associated threats include:

• Password spraying — A type of brute-force attack where a hacker attempts to gain unauthorized access by systematically trying a few commonly used passwords across many accounts. We have seen an increase in this method towards Remote Access VPNs, or as a common attack vector for Remote Desktop Protocol (RDP) abuse.

• Fraudulent Device Registration — An attack where an attacker uses stolen credentials to register a new, fraudulent device to an adversary-controlled account with access to MFA to gain persistent access.

• Push spamming — An attack where attackers repeatedly push second-factor authentication requests to the target victim's email or phone, frustrating them to the point where they accept the false request.

Other MFA-targeting attacks include push phishing and MFA interception, where an attacker steals a one-time code that is sent through an SMS (short message service) or email and proceeds to log in with the user’s credentials and MFA code.

Yet when protecting against these risks and managing access securely, it’s crucial that it’s not a security vs. productivity argument. The two do not have to be mutually exclusive. Organizations still want a seamless experience to access their digital environments, and an MSP shouldn’t simply be adding more barriers to entry.

A three-step process

To provide both positive and secure experiences for organizations, MSPs can focus on three areas. The good news? Duo can help MSPs deliver quality security practices with all of them.

1. User trust

We always hear the saying, “never trust, always verify.” This starts with Multi-Factor Authentication (MFA) and should evolve to include continuous verification, to stop attackers even after the point of login. Following the principle of least privilege, MSPs can create custom remote access policies and controls, defined by roles and user groups to prevent lateral movement.

For Duo MSPs: MFA is one of the strongest security protections, but not all MFA is created equal. Breaches demonstrate instances where traditional MFA like SMS and phone calls have been subverted. Duo protects against MFA-targeting attacks with anti- push-spamming features and a wide range of authentication types, including number matching and phishing-resistant FIDO2 options to help you transition clients away from the less secure methods.

2. Device trust

MSPs need to establish trust in the devices requesting access, whether this be remote employees, contractors or other third parties (when these unmanaged devices are outside their control). Identify risky devices and regularly report on device health to make this possible.

For Duo MSPs: The Duo Admin dashboard helps busy administrators see the whole picture while minimizing the administrative steps. IT admins can understand with just a few clicks which employees are using risk devices with unprotected endpoints and set up access policies tailored to clients’ risk tolerance with Duo Trusted Endpoints.

3. Security from anywhere

If an organization has embraced hybrid working practices, they’re likely running applications across a mixture of cloud environments. For consistent security, MSPs can’t miss security across VPNs, cloud apps, web apps and any custom services.

For Duo MSPs: Duo secures remote access protocols (VPN, RDP, SSH) by providing flexible access solutions used in conjunction with existing VPN solutions, reverse proxies and bastion hosts. When managing security remotely, MSPs can use tools like Duo’s free Helpdesk Identity Verification to ensure they’re talking to the right person on the other side of the phone.

Show your clients that stronger security doesn’t have to be cumbersome and improve productivity with a more straightforward administrative experience. Duo MSP helps service providers buy, sell, and grow Duo’s leading access security solution. To learn more or get started with a free demo, visit our Duo MSP page.

For more ways to protect remote work for your customers and solve other common client pain points, get the partner-ready Duo MSP Sales Playbook.

Over the last few years, identity-based attacks have become increasingly prevalent. This is in part due to the increasing complexity of identity and access management systems and their configurations and, in part, due to the rapidly evolving techniques employed by attackers. Identity-based incidents often begin with malicious actors gaining a first access foothold into a corporate environment.

CISA tracks evolving initial access techniques

Organizations like the Cybersecurity & Infrastructure Security Agency (CISA) have been diligently tracking the techniques employed by attackers to infiltrate systems. As cyber threats continue to adapt, it's essential for businesses to stay one step ahead.

Last year, CISA identified several key methods attackers use to gain initial access to corporate resources. These include exploiting service and dormant accounts, leveraging token authentication, enrolling new devices, and utilizing residential proxies.

Let’s take a moment to review each of the techniques:

How Duo and Identity Intelligence can help detect and prevent these techniques

Duo Security offers a suite of features designed to combat these emerging threats effectively:

The advantage of cross-platform correlation

The real advantage of Duo and Identity Intelligence lies in their ability to correlate activities across disparate identity systems to a single user and their activity. By analyzing cross-platform data components and building a full picture of a risky activity, Duo enables defense-in-depth against identity-based techniques. For example, Duo and Identity Intelligence can see when a dormant account attempts to enroll a new device from a personal VPN.

Duo can then adjust the User Trust Level of the implicated account accordingly, giving security teams the context they need to act effectively.

If you're interested in learning more about how Duo can help you address evolving initial access techniques, check out our Securing Organizations Against Identity-Based Threats ebook. Or, reach out to your account team or get in touch with sales today.

Staying ahead of threats requires proactive measures, and Duo is here to help secure your organization's future.

The phone rings. You answer, and the person on the other side claims to be Employee Joe from one of your clients. He’s asking if you can help him with a password reset and he’s calling from a recognized number…do you trust it?

MSPs will typically recognize warning signs, yet threats are becoming more sophisticated and effectively throw the hymn sheet we’ve all been singing from out the window.

In recent webinar “Preventing Helpdesk Phishing with Duo and Traceless”, Duo PMM Katherine Yang sat down with Gene Reich, Co-founder of Traceless to discuss why stronger identity verification is critical for MSPs and helpdesk teams—especially with the increased accessibility of AI technologies driving identity fraud. Prevention is key, and as Katherine argues, “if verification isn’t present, it really can’t be a trusted interaction.”

Protecting your MSP — The threats

Identity is a growing, and vulnerable, perimeter. The user is often the first and last layer of defense an organization has, and scams are becoming increasingly convincing.

In the 2019 MGM cyber-attack, in which a threat group found its way in through helpdesk impersonation, the hackers were, “young, savvy, and familiar with basic IT workflows, they knew identity and access management protocols and [were] native English speakers.” — Preventing Helpdesk Phishing with Duo and Traceless Webinar

Helpdesk impersonation is a big concern today, with MSPs contending with fraudulent attempts from attackers pretending to be clients. Simultaneously, customers are also targeted by hackers pretending to be their IT team. This includes methods like:

• Vishing: Voice phishing through fraudulent phone calls to trick victims into providing sensitive information, often login credentials or financial details.

• Number spoofing: Pretending to be a legitimate source — a business, colleague or trusted contact to access personal information, money or spread malware.

• Phishing Kits: To make phishing campaigns more efficient, attackers will often reuse their phishing sites across multiple hosts by bundling the site resources into a phishing kit.

The worry is that AI is lowering the barrier to entry for cybercrime, with emails and voice cloning becoming increasingly convincing. Traceless, an advanced threat protection solution for securing modern communications, was founded when Gene realized the risks his own MSP faced in sending and receiving sensitive information. When threat actors figure out how to automate defense evasion techniques, organizations cannot respond and remediate quickly enough. According to Gene, “the automation [and] the tool stack improvement on the attacker side is going to rapidly accelerate and increase.”

Protecting your MSP — The solution

Solving the problem of helpdesk phishing requires preventative action and a tested plan in place to mitigate the fallout if a breach does occur. So how do we bridge that trust between an MSP and client? Gene argues “we need to start thinking critically about MFA securing communications. We are in a world where voice calling is not enough to confirm transactions.”

In a quick poll during the webinar, MSP attendees shared that they use a few mechanisms for verifying identity: security questions, PINs, employee IDs or phone number call-back. For the savvy, an app-based MFA push enabled smoother helpdesk interactions.

It’s all about identify verification. More traditional methods for helpdesks might have been a callback but this can be time-consuming and in the era of ‘vishing’, it is no longer effective.

Watch the full webinar for more security insights, tips and best practices for verifying identities and securing communications with customers.

How can Duo MSP help?

Duo aims to provide a holistic identity security solution with multi-layered defenses and features like device trust and centralized access controls to help MSPs keep their clients safe. This includes:

• Free push verification to check user identity real-time before granting access or making changes, while customers are still on the phone

• Granular role-based controls so employees can still access their data, while keeping more sensitive information secure/reducing risk of lateral threat expansion

• Segmented access policies to keep track of who is accessing from where for greater visibility and to create a baseline for identifying abnormalities

• MFA for an extra layer of security and an audit trail, along with single sign-on and passwordless authentication for more advanced access security protections

A solution worth your time is one that focuses on security efficacy but is also designed for better customer and management experience.

Preventing helpdesk phishing is more than just adding a solution; it's all about layering preventative and responsive measures that will keep pace with modern attacks.

Traceless is a security tool and Duo technology partner that offers advanced threat protection for communication platforms including ticketing and chat. Traceless has prevented thousands of phishing attacks and protects some of the largest MSP and IT departments in North America, ensuring maximum security against phishing, Voice AI attacks, account takeovers and data exfiltration. To learn more about identity verification and secure data transfers with Traceless, visit the Traceless website.

If you’d like to learn more about the Duo MSP program and get started as a partner, visit the Duo MSP web page.

The holiday season is in full swing, and that means cybercriminals are busy building and launching attacks to steal user credentials. Their ultimate goal? To use those valid credentials to gain network access and steal data, employee and customer information, and other valuable resources. They may even use compromised privileged credentials to launch a ransomware attack and hold your organization hostage for a hefty ransom.

Phishing is still one of the most common attack vectors, and the holidays provide an especially appealing time to launch an attack that’s been supercharged by modern natural language processing models and novel QR codes. While we tend to associate phishing emails more with our personal accounts, attacks targeting our work identities whether through socially engineered phishing, brute force, or another form, are very common.

An email containing a QR code constructed from Unicode characters (defanged) identified by Cisco Talos.

For example, this looks legitimate. What if it’s that nice swag box everyone on the team has been getting for the holidays? According to research by Cisco Talos, malicious QR codes are bypassing spam filters in increasingly clever ways. Scanning an unknown QR code is the modern equivalent of clicking on a suspicious link.

No industry is spared this phishing season, though some are targeted more often than others. According to the Cisco Talos Incident Response Team, organizations in the education, manufacturing and financial services verticals were the most affected by identity-based attacks during the third quarter of 2024. Combined, these sectors accounted for more than 30 percent of account compromises. 

What you may not know is that once a user’s identity is stolen, bad actors don’t always use the credentials straight away. They’ll wait until a time when your IT and SOC (security operations center) teams are reduced such as over a holiday break or weekend.

In its 2024 Ransomware Holiday Risk Report, Semperis found that 86% of study participants who experienced a ransomware attack were targeted on a weekend or holiday. Why? Staffing during those times is lighter which means identifying and responding to threats will be slower.

In that same report, 85% of respondents stated they reduce their SOC staffing by as much as 50% on holidays and weekends. It’s easy to see why cybercriminals view this as a good time to strike. After all, why attack when it’s convenient for your victim?

Beyond staying extra vigilant over the holiday season and weekends, how else can you protect against attacks targeting your users’ identities? Here are five actions you can take with Duo to stop threats, with direct links to documentation to get started:

• Deploy Phishing-resistant MFA — According to the CISA advisory on implementing phishing-resistant MFA capabilities, SMS and voice-based MFA are vulnerable to phishing, SS7 and SIM swap attacks.

Duo supports the only widely available phishing-resistant FIDO/WebAuthn authentication through Duo Passwordless, encompassing “roaming” physical token authenticators and “platform” authenticators embedded into laptops and smartphones. But we know that going completely passwordless is a journey. To level up mobile app MFA, turning on Verified Duo Push number matching is an excellent way to protect against MFA fatigue and push bombing attacks.

Bonus Tip! Since MFA/Push notifications are prompted after users enter their credentials, system administrators are advised to investigate fraudulent pushes as well as issue new user credentials. In Duo, see how to easily generate a Denied Authentications report through the Duo Admin Panel.

• Reduce Your Reliance on Passwords — Fewer, stronger passwords can reduce the likelihood of re-used credentials or your users adding an exclamation point to the end of their password leaked one month ago.

Duo’s single sign-on solution (SSO), available in every edition, secures all your organization’s applications and offers inline user enrollment, self-service device management, and support for a variety of authentication methods. Combining passwordless and SSO decreases end-user login fatigue while still maintaining powerful security and incorporating frequent device health checks. With the newly announced Duo Passport, experience just one login and MFA prompt from the beginning of your day to the end.

• Adapt and Respond — With Risk-Based Authentication, you can dynamically respond to changes in risk level by requiring a more secure authentication factor such as a Verified Duo Push or biometrics before granting access.

• Verify Device Trust — Control access to resources on your network by allowing only devices that are part of your inventory of trusted devices — whether managed or unmanaged and company-issued or personal— and that are up to date and have a healthy security posture.

• Gain Deeper Visibility — A key component of Duo’s Continuous Identity Security solution, Cisco Identity Intelligence provides deep visibility into identity-based attacks while also helping reduce gaps in your security coverage before, during, and after login.

This holiday season, spend less time on phishing training and more time perfecting your secret eggnog recipe. Try Duo at no cost with our free trial, or learn more about how to turn on Duo’s advanced identity security features with our on-demand value-maximizing webinar More Bang for Your Buck: Duo Advanced.

The dissolution of the traditional security perimeter and the increase in identity-based attacks has come with its fair share of new risks for security practitioners to consider. From MFA bombing to adversary-in-the-middle (AITM) tactics, there are a variety of ways attackers are targeting weak spots in identity and access management (IAM) infrastructure and processes.

One that has been highlighted by CISA in many of its recent briefs is the Help Desk Attack. This technique involves an attacker contacting the help desk, often with relevant context regarding a high-profile employee, and then demanding a password and MFA factor reset. Typically, the attackers will use urgency and feigned authority to put fictional pressure on the help desk worker (ex: “I am boarding a flight with the CEO, and I need this now”). However, in some cases, attackers will pretend to be a naive worker who does not know how to use technology (ex: “I never understand this MFA stuff”).

The fundamental problem the attacker is exploiting in either case is identity verification. It is difficult to virtually verify a caller is who they say they are in a timely manner.

If the help desk worker complies, the attacker will have gained initial access and will typically reset the account credentials, both password and MFA devices, to be under their control. This first foothold is a dangerous step towards attackers gaining more malignant access and control of internal systems.

So, how should we think about preventing, detecting, and responding to help desk attacks?

Preventing Help Desk Attacks

There are two key components to prevention:

1. Reduce the number of tickets associated with authentication and MFA addressed by the help desk.

2. Equip help desk workers with the proper training and tools to identify and prevent active attacks.

Reducing help desk tickets

Let’s begin with the first component: reducing the number of help desk tickets associated with authentication. This may seem like a round-about way to solve the problem of help desk attacks, but if there are fewer overall tickets associated with the authentication and MFA then help desk professionals have more time to consider each request. There is less urgency for any given ticket, and if an MFA-related request is rare then it will fall under something that should be given more scrutiny. In the end, we’re hoping for this type of reaction from the help desk: “Hey, this type of request isn’t common — perhaps I should double-check it.”

So, how do we reduce help desk tickets associated with MFA? At Duo, we have been working on this problem from three angles.

1. Invest in simple, intuitive design

2. Securely reduce the number of times users are asked to authenticate

3. Empower users to remediate security and IT issues themselves

There are many ways that Duo emphasizes these three pillars in our product, but there are a few examples that should be highlighted. Duo’s Universal Prompt provides a sleek UI that makes it easy for a user to understand their options and how to engage. The Universal Prompt also has customization functionality so organizations can implement their own branding and coloring to make it even easier for users to understand that they’re in the right place.

To securely reduce the number of times users are asked to authenticate, we introduced Duo Passport. Duo Passport securely passes trust between authentication scenarios so that if a user remains in a trusted state, they will not have to authenticate repeatedly.

Finally, to empower users, Duo has features like self-service password reset — instant restore — to get Duo running on new devices, and the device management portal so that users can attempt to solve problems on their own first before reaching out to the help desk.

Equipping the help desk with training & tools

To start, help desk workers should be trained on this type of attack. They should understand that even though asking for a password reset or MFA reset might be a common ask — it is always a big ask. They should also be trained to understand certain signals (e.g., like urgency, fear, and anger) that might indicate a user is trying to pressure them into resetting credentials.

“Even though asking for a password reset or MFA reset might be a common ask — it is always a big ask”

However, even if a help desk worker is trained perfectly, there may be an attacker that sounds legitimate! They may have done research on the potential target and know to sound typical. Most employees asking for help desk assistance probably sound confused and slightly annoyed. A clever attacker will probably take on this tone and attitude. An advanced attacker may utilize novel voice-changing technologies in what’s known as vishing.

Therefore, it is also important to equip the help desk with tools and mechanisms to try and verify the identity of the caller. Traditionally, Duo has done this with our help desk push functionality, which sends a Duo Push to a phone a user controls. However, an attacker will almost certainly claim they’ve lost their phone as well.

One method to confirm the identity of callers is with Duo Push Verification

Therefore, we also recommend the help desk have other tools they can use to quickly validate a caller’s identity. One mechanism to do this with Duo is to use our Identity Intelligence functionality. With Identity Intelligence, a help desk employee can quickly see a user’s typical access activity (e.g., which applications they tend to log into, from where, and with which devices). This information can provide some helpful context in a reset credentials conversation — the help desk worker can now say things like:

• "I see you have a second device registered for MFA. Can I send a verification there?"

• "Name 3 applications you used yesterday."

• "I see that you logged in from an unusual location a week ago. Where did you log in from?"

Identity Intelligence is just one way to verify user identity at the help desk. There are also more traditional mechanisms like knowledge-based authentication (KBA) questions that a user may have set. However, given that the attacker may have also stolen the KBA answers if they are easy to research or steal (e.g., mother’s maiden name), we suggest using data that is more dynamic and specific like the examples above.

Detecting & responding to help desk attacks

Now, even if help desk workers are trained well and equipped with proper verification tools, there still may be a case where an attacker slips through. In these instances, it’s important to detect the compromise as quickly as possible.

Detecting help desk attacks

Again, Identity Intelligence has some powerful features to equip security professionals with context regarding help desk attacks. The tool comes with dozens of alerts built to detect identity-based risk. In the case of help desk attacks, there are specific features and checks that may be most beneficial.

1. Feature: User Trust Level

2. Check: Users Sharing Authenticators

3. Check: Admin Role Assigned to User

Identity Intelligence recently released a feature called a User Trust Level. This takes data on user role and activity to establish how trusted a user is at any given time. While it won’t explicitly detect a help desk attack, the User Trust Level is a helpful tool to see a subset of riskiest users in an environment at any given time. By reviewing and remediating the list of “Untrusted” users, security professionals will heavily improve their susceptibility to identity threats.

Account listed as “Untrusted” after logging in from new location without MFA

Identity Intelligence also has an alert for sharing authenticators. This is a helpful tool when detecting identity threats because often an attacker will target multiple users in an organization. If the attacker uses the same phone number/mobile device with each compromised user, Identity Intelligence will highlight this trend with the Users Sharing Authenticators check. Then, a security professional can remediate the compromised users.

Finally, attackers will almost always look to elevate the privileges of the accounts they now control. Therefore, the Admin Role Assigned to User is a great check for detecting privileges being added to an account. And, Admin Activity Anomaly checks are great for understanding if administrator accounts are acting unusually.

To be clear, detection is always a tricky game — but, by combining User Trust Level with the power of the checks that Identity Intelligence offers, security teams will have a powerful set of tools to identify a potential Help Desk compromise.

Remediating help desk attacks

Once compromised accounts and users have been detected, it’s important to establish a secure remediation process. To start, the accounts should be constrained or blocked from further access until the compromise is resolved. Identity Intelligence has a variety of response mechanisms available depending on the integrations set up. For example, a user can be locked out or quarantined via an action in Identity Intelligence. If the security team leverages a SIEM or SOAR for their response workflow, Identity Intelligence can seamlessly integrate there.

However, one thing to note here - there are many processes in place today that may give control to accounts right back to an attacker. Resetting passwords and MFA factors are only viable controls once trust has been accurately re-established with the account holders. We highly recommend putting in place a mechanism to re-verify users via a strong form of identity verification (ex: a phishing-resistant form of MFA or biometric authentication).

Hopefully, by combining strong mechanisms for prevention, detection, and remediation, organizations can attain a defense-in-depth against help desk attacks. If you’d like to learn more about establishing a robust identity security program from the ground up, check out our eBook Building an Identity Security Program.

Our spurs are jingling and jangling — it's time to hitch our saddles and ride on down to Texas for the Gartner Identity and Access Management Summit. Gartner's IAM Summit is an essential event for IAM and security leaders. Held in Grapevine, Texas, from December 9-11, 2024, the summit gathers thousands of attendees to discuss the evolving landscape of identity, which is crucial for both business operations and cybersecurity.

The summit is always an excellent melting pot of practitioners, analysts, and solution providers — coming together to discuss current IAM industry trends — from the overhyped to the overlooked. If you work in IAM or security, we highly recommend the conference as a place to hear both cutting-edge research and concrete strategies for building a resilient, secure approach to identity.

Why Cisco Duo is excited to attend

Duo has been at the forefront of identity and security since our inception. This year, we are excited to showcase how our product and vision are expanding beyond multi-factor authentication to deliver identity-first security solutions for organizations of any size. Our aim is to provide robust identity security controls that effectively counter identity-based attacks, all while maintaining a user-friendly experience.

However, it’s not just about our product and solutions, but the IAM community building and working together as well. This is why we’ve committed to participating in an interoperability demonstration utilizing the Shared Signals Framework. The goal of which is to showcase how IAM and security tools can more effectively and seamlessly share relevant data across systems.

Visit us at booth #323

Cisco Duo will be at booth #323, centrally located in the vendor exhibit hall.

For any current Duo customers, we invite you to reach out to your account team to set up a meeting with our product and engineering executives who will be on-site:

• Matt Caulfield, VP of Product, Duo & Identity at Cisco

• Didi Dotan, Sr. Director of Engineering, Identity at Cisco

• Chris Anderson, Product CTO, Duo at Cisco

We are eager to hear from you! We are open to any and all feedback: the good, the bad, and the ugly.

Join our talks and demonstrations

We are thrilled to present four talks throughout the summit:

• Strategic Session: "The Evolution of Securing Identity" by Matt Caulfield on December 10 at 3:15 PM CT

• Service Provider Session: "How I Learned to Stop Worrying and Love Identity Security" by Ted Kietzman on December 9 at 11:45 AM CT.

• Theater Session: "How to Both Secure and Delight Your Users with Duo" by Charles Kim on December 10 at 6:00 PM CT.

• Theater Session: "Leveraging Identity Analytics to Bolster Defenses with Duo" by Ivor Coons on December 11 at 1:35 PM CT.

And, we'll be a part of the Shared Signals Interoperability demonstration, which will take place at 12PM CT on both Tuesday and Wednesday during the conference.

Ya’ll come round now; you hear?

We would love to connect with you at the Gartner IAM Summit. Visit us at our booth, attend our sessions, or reach out to your account team to schedule a meeting with one of our executives.

We look forward to seeing you in Texas!

Stepping up to a better, more feature-rich product or service can seem challenging. In the end though, it’s worth the effort, especially when it addresses areas of need. For example, my TV is 14 years old. Although the picture quality is still excellent and there are some decent capabilities I can use, it’s missing many of today’s modern features that deliver a much better viewing experience than what I have now. So, I’ve got a plan to a get a new model that offers the advanced features I want, and frankly need. And yeah, I’m pretty excited. Figuring out how to set up and use some of the advanced features will be challenging, but I’m up for it. I can see the benefits and the value.

More features, more value with Duo Advantage Edition

For organizations on the Duo Essentials edition, stepping up to Duo Advantage edition offers a slew of modern identity security and user experience features that add value to their Duo investment. Let’s take a look:

1. Cisco Identity Intelligence (CII) — One half of Duo’s Continuous Identity Security solution, Cisco Identity Intelligence adds a powerful security layer for any identity infrastructure. CII addresses organizations’ need for comprehensive visibility into multi-vendor identity sources and high-fidelity threat protection. It also reduces coverage gaps by providing a broad range of MFA options for all your use cases plus added security layers using device trust and risk-based policies.

2. Duo Passport — The other half of Continuous Identity Security, Passport enables organizations to provide their workforce with an exceptional user experience by dramatically reducing the number of times users are asked to authenticate. After logging in and authenticating just once on a trusted device, users get uninterrupted access to permitted applications across browsers and thick clients, minimizing repeated authentication requests throughout their workday and increasing productivity.

3. Device Health Checks — Allowing a device that’s running outdated software — like an operating system, browser or plug-in — to access your network is risky. Duo Desktop, Duo’s native client application for macOS, Windows and Linux endpoints, removes that risk by assessing an endpoint’s health posture at the point of authentication to make sure it complies with your access security policy. Devices that fail a health check are blocked from accessing an application. Fortunately, Duo provides guided self-remediation with step-by-step instructions to help end-users bring a device that fails a security check back into compliance without the need to contact IT so they can immediately access the application from the newly compliant device.

4. Risk-based Authentication — If you have a mobile workforce or you like to work from a different location every now and then, Risk-based Authentication evaluates risk signals such as location at the time of login and then adjusts the authentication requirements based on risk level. If the risk is low and trust is high, the user can complete a basic Duo Push. However, if trust is low, the user is asked to step up to a more secure authentication method like a Verified Duo Push or passwordless authentication to re-establish trust.

5. Trust Monitor — If you’ve ever had to sort through mountains of log data to identify anomalous access events that could be threats to your network, you know it’s tedious and time-consuming. Trust Monitor does the work for you by sorting through your organization’s authentication logs and surfacing unusual access and device registration attempts, enabling you to detect and remediate compromised accounts proactively.

6. More Reasons — I know I said there were five reasons, but I’ll add in a bonus round. Stepping up to Duo Advantage also unlocks more of what you get with Duo Essentials — more adaptive access policies, more customizable reports and more insight into devices connecting to your network. In other words, Duo Advantage “Goes to 11.”

Making the move to Duo Advantage

Moving from Duo Essentials to Duo Advantage might seem like a big step up, but for those that do, the benefits are many. Everything I discussed earlier is included in a Duo Advantage subscription. And when it comes to configuring these features, you don’t need to go it alone. Duo Care Premium Support provides customers with the opportunity to work directly with a dedicated Customer Service team to roll out their Advantage deployment.

If you’re interested in test driving the features in Duo Advantage, contact your local Duo reseller or managed service provider (MSP). You can also sign up for a Free Trial which includes 30 days of Duo Advantage edition.

In addition, we encourage you to see what your peers are saying about Duo. You can read customer reviews on sites such as TrustRadius, which just announced Duo as a Buyer's Trust Award winner in the Authentication category for 2025.

The rise of multi-factor authentication (MFA) has been good for security. The merits of MFA have been so widely accepted that governments recommend it, cyber insurance providers often require it, and companies like Microsoft and Google are now mandating MFA for a variety of login use cases.

However, the rise of MFA has come with a correlated challenge: authentication fatigue.

Employees often struggle to navigate the complex web of passwords, authentication prompts and multi-factor authentication (MFA) requirements, leading to frustration and even bad behavior. Repeatedly entering credentials and performing MFA across multiple applications not only wastes time but can also incentivize employees to subvert authentication controls, eroding their security efficacy.

The problem of authentication fatigue is exactly why we introduced Duo Passport about six months ago. By enabling users to log in just once to their work device and gain secure access to applications throughout the day, Duo Passport eliminates the need for repetitive authentication. This frictionless approach to authentication not only boosts end user productivity, but also ensures strong authentication security is in place across diverse IT environments.

To review, Duo Passport delivers a seamless access experience by making the authentication process invisible to users. Upon login, Duo verifies the user's identity and the trustworthiness of the device, whether it's a corporate-managed device or registered with Duo. Once authenticated, Duo continually verifies trust for every access request based on adaptive and risk-based policies behind the scenes — without re-prompting users for authentication. This eliminates the need for users to constantly prove their identity, reducing authentication fatigue and streamlining their workflows.

Since its introduction, Duo Passport has been adopted by hundreds of customers and garnered positive feedback from users and administrators alike.

Here are the top 3 reasons customers are loving Duo Passport so far:

1. Simple Setup: Administrators have been pleasantly surprised by the ease of setting up Duo Passport, with only two clicks required. This simplicity translates into reduced administrative burden and faster implementation.

2. Serious Time Saved: So far, Duo Passport has seamlessly and securely saved users from hundreds of thousands of authentications, equivalent to literal months of time spent authenticating. This time-saving capability demonstrates the significant impact Duo Passport has on user productivity.

3. Minimal Support Cases: Once Duo Passport is up and rolling, the ongoing care and feeding of the feature is minimal. In the last month, there have been 0 help desk tickets associated with using Duo Passport.

As more MFA mandates are put in place, the importance of using a tool like Duo Passport only increases. By reducing authentication fatigue and providing a frictionless experience, Duo Passport empowers users to focus on their work while maintaining the robust security of MFA. The remarkable adoption rates, time saved and minimal administrative burden highlight the tangible value of implementing Duo Passport.

As organizations strive for a secure and seamless user login experience, Duo Passport emerges as the solution that bridges the gap between security best practice and delightful user experience.

Ready to enhance your organization's security and user experience? Explore Duo Passport today and unlock the power of seamless authentication or reach out to sales to learn more.

In today's digital age, the concept of security has evolved far beyond the traditional boundaries of firewalls and antivirus software. With the ongoing movement towards digital transformation, cloud adoption, hybrid work environments and increased business interconnectivity, workforce identity tools have emerged as the new perimeter. This shift has made identity-first security a core component of modern security initiatives, such as zero trust architecture and cloud-first strategies.

The identity crisis: Breaches leveraging employee identity

According to Cisco Talos, 80% of security breaches today leverage compromised employee identities. The trend continued in their most recent quarterly threat trends report which highlighted identity and improper use of MFA as key vectors for attack. These findings are not surprising, given that identity technology, which originated in IT, has become increasingly complex over the past decade. Identity sprawl, where organizations have a diverse array of users, including employees, contractors and partners accessing corporate resources, is a common issue. Managing these diverse sets of users with multiple accounts can be challenging, especially if multiple identity stores and identity providers are involved.

Attackers are exploiting this complexity to gain unauthorized access to company environments, bypassing commonplace security measures.

Traditionally, organizations have relied on strong authentication requirements, such as multi-factor authentication (MFA), to address compromised access. However, attackers have become adept at finding the gaps where MFA is not required or subverting MFA altogether through technical mechanisms like adversary-in-the-middle or even just particularly nuanced social engineering.

The need for a holistic identity security program

To effectively combat identity-based threats, organizations must implement a comprehensive identity security program. The first step in this program is gaining visibility across the entire identity ecosystem. This is a larger ask than may seem apparent — identity infrastructure has many components and the relationships between accounts and access is often hard to parse. But the benefits of investing in cross-platform visibility are tangible and measurable.

To start, this visibility enables proactive measures known as Identity Security Posture Management (ISPM). ISPM initiatives include efforts like ensuring widespread adoption and usage of MFA and cleaning up dormant or inactive digital identities to prevent their exploitation by attackers. According to Cisco Identity Intelligence, 24% of user accounts are inactive or dormant, and 40% of accounts lack strong MFA. Addressing these posture gaps is crucial for strengthening defenses and reducing the risk of breaches.

Identity Threat Detection & Response: Limiting the blast radius

A robust identity security program also includes dedicated Identity Threat Detection & Response (ITDR). The problem with traditional Threat Detection & Response solutions is their generality and primary focus on non-identity infrastructure components. Typically, security operations tools focus on the endpoint or network without the context they need to effectively detect identity threats. Moreover, the detection logic leveraged within these tools often assumes endpoint or network compromise and can miss the patterns associated with identity-based threats.

By implementing threat detection and response that is dedicated to identity as a vector, organizations will limit the blast radius and accelerate remediation actions. ITDR ensures that organizations can quickly detect and respond to identity-based threats, minimizing the impact on their operations.

Moving beyond authentication

In conclusion, the rise of identity security necessitates a shift beyond relying solely on authentication to address compromised identities. Organizations must implement robust and holistic identity security programs that encompass visibility, posture management, and threat detection and response. By doing so, they can effectively protect their digital frontiers and ensure the security of their operations in an increasingly complex and interconnected world.

As identity continues to be the most important perimeter, it is imperative for organizations to stay ahead of attackers by adopting comprehensive identity security strategies. This approach not only enhances security but also improves user experience and delivers significant financial benefits. The time to act is now, and the path forward is clear: Embrace identity security as a cornerstone of your organization's defense strategy.

To learn more about building a comprehensive identity security program, learn more in our ebook Building an Identity Security Program.