Duo's Security Blog

NOVEMBER 10, 2020

The time has come where we analyze authentication data and produce our wildly popular Duo Trusted Access Report. The report examines 26 million devices used for work and 700 million user authentication events per month to more than 500,000 unique corporate applications, based on de-identified and aggregated data from Duo’s customer base.

Authentication 75

Authentication CISO VPN Technology 75

Duo's Security Blog

APRIL 5, 2021

In this talk, Brad will discuss how Cisco’s Zero Trust rollout was not only a logistical challenge with 100,000 global users and a complex mix of cloud and on-premises applications, but also a huge shift in how the company itself thought about networks, perimeters, and security (including reducing its own VPN usage).

CISO 97

CISO InfoSec Financial Services Marketing 97

CyberSecurity Insiders

APRIL 20, 2023

CISOs are faced with managing and securing new complex IT environments where business-critical applications and communications are spread throughout multiple clouds. As a result, IT professionals and CISOs are having difficulty managing the volume of security tools, not to mention how costly it is with regard to licensing and administration.

CISO 121

CISO Authentication VPN Cyber Attacks 121

Cisco Security

AUGUST 26, 2021

CyberArk reduces VPN risk with MFA enforcement on any VPN client that supports RADIUS; including Cisco Secure Firewall. Active Lock protects individual files by requiring step-up authentication until the threat is cleared. There are many options for step-up authentication, including Cisco Duo OTP and push notifications.

Technology 145

Technology Firewall VPN Authentication 145

SecureWorld News

JUNE 3, 2024

Brad Jones, CISO at Snowflake, issued a Joint Statement regarding Preliminary Findings in Snowflake Cybersecurity Investigation on its Snowflake Forums. The access was possible because the demo account was not behind Okta or Multi-Factor Authentication (MFA), unlike Snowflake's corporate and production systems.

Data breaches 107

Data breaches Authentication Accountability Passwords 107

Cisco Security

JUNE 30, 2021

Duo is the leading provider of multi-factor authentication (MFA) and zero trust for the workforce, combining security expertise with a user-centered philosophy to provide two-factor authentication, endpoint remediation and secure single sign-on tools for the modern era. Ash joined Cisco in 2018 via Cisco’s acquisition of Duo Security.

Authentication 130

Authentication Technology Risk Passwords 130

Thales Cloud Protection & Licensing

MARCH 31, 2021

There are two major considerations for us: enhanced authentication security, and user workflow efficiency. “In In the case of user efficiency, now with a full remote workflow for user authentication, all devices are authenticating over an enterprise VPN client. Justin Sherman, Tech Policy and Geopolitics Expert. “One

Digital transformation 78

Digital transformation VPN Technology Architecture 78

CyberSecurity Insiders

FEBRUARY 16, 2021

Enea: In a recent survey on CISO concerns and plans for Cloud/SaaS security , carried out by Cybersecurity Insiders, 94% of respondents said that their organization was concerned about cloud security with 22% extremely concerned.

Cybersecurity 143

Cybersecurity IoT Malware Risk 143

Thales Cloud Protection & Licensing

MARCH 30, 2022

The underlying rule should be to expand modern and multi-factor authentication to all users and applications in your organization, whether those apps reside on-prem or in the cloud. Not all Authentication Methods are Created Equal. Most organizations today rely on authenticator apps and Push OTP for MFA. VPN Protection.

Authentication 54

Authentication CISO VPN Threat Reports 54

Duo's Security Blog

MARCH 19, 2021

We covered differentiating user authentication methods , Duo enrollment and self-remediation and Duo Admin Dashboard and Device Insight so far. Install Duo Mobile on your Android or Apple smartphone and scan the barcode shown on-screen to activate Duo Push two-factor authentication for your Duo administrator account.If

Authentication 52

Authentication Backups Mobile Accountability 52

eSecurity Planet

MAY 28, 2021

The truth is that solutions like single sign-on (SSO) and multi-factor authentication (MFA) can spell disaster if initial access is all a malicious actor needs to traverse the network’s resources. Whether it’s a VPN , firewall , or remote access server, unauthorized entry via network gateways is a problem.

Software 119

Software DNS Firmware VPN 119

Cisco Security

OCTOBER 26, 2022

To help protect against this threat when an individual leaves an organization, steps like disabling accounts and ensuring that connections to the enterprise remotely through VPN has been removed can be very valuable. Implementing a mechanism to wipe systems, especially for remote employees, is important as well. .

Ransomware 120

Ransomware Malware Accountability Firewall 120

Duo's Security Blog

NOVEMBER 30, 2022

Adding to that complexity, we still have many organizations using the old method of a VPN to check a user’s identity before providing access to all applications regardless of who the user is, what device they are using and what permissions they SHOULD have based on their role. Go VPN-less!

VPN 59

VPN Passwords CISO Healthcare 59

Duo's Security Blog

AUGUST 24, 2022

However, adding two-factor or multi-factor authentication (MFA) cybersecurity may be a good place to start. All students, faculty, staff and parents should use secure authentication tools like MFA to verify their identity before accessing sensitive school data. What is the K-12 Cybersecurity Act? Want to learn more?

Cybersecurity 52

Cybersecurity Education Insurance Authentication 52

SC Magazine

MAY 18, 2021

Such efforts involved encryption, two-factor authentication, secure network access and cloud-based networking. For many companies, “if security was done during the pandemic, it was probably too late,” explained McCarthy’s colleague Sajed Naseem, CISO of New Jersey Courts.

VPN 52

VPN Encryption Authentication CISO 52

BH Consulting

DECEMBER 14, 2021

IOCTA also warned of evolving mobile malware that’s allowing criminals to try to get around additional security measures such as two-factor authentication. In last month’s newsletter, we looked at why using a VPN doesn’t always protect the user. MORE Advice and lessons learned from a young, female CISO.

Cybercrime 59

Cybercrime Mobile DDOS CISO 59

Security Boulevard

MARCH 24, 2021

In a survey of UK&I CISOs, 55% said that human error posed a risk no matter what protections are in place. Always use a virtual private network (VPN). Video conferencing tools with multi-factor authentication and encryption potential. Build an authorization system that is secure and traceable.

Education 59

Education Risk VPN Social Engineering 59

Duo's Security Blog

NOVEMBER 17, 2020

In the future — which is now, actually — ‘remote access’ will just become ‘access.'" — Wendy Nather, head of advisory CISOs at Cisco's Duo Security The Remote Access Guide Version 3.0 VPN, RDP, third-party vendor, and cloud and web app access are also targets of malicious hackers. In our new 3.0 In our new 3.0

Risk 51

Risk Passwords CISO VPN 51

eSecurity Planet

MAY 2, 2024

Multi-factor authentication : Protects stolen credentials against use by requiring more than a simple username and password combination for access to resources. Passwordless authentication : Eliminates passwords in favor of other types of authentication such as passkeys, SSO, biometrics, or email access.

Cybersecurity 121

Cybersecurity DDOS Penetration Testing Passwords 121

CyberSecurity Insiders

SEPTEMBER 3, 2021

Colonial Pipeline hackers gained entry to the company’s computer network through a VPN that wasn’t using multifactor authentication, using a leaked password found on the dark web. Those are astounding numbers, considering a cyberattack can often result from something as simple as a single compromised password or software vulnerability.

Cybersecurity 40

Cybersecurity Data breaches Technology Threat Detection 40

eSecurity Planet

APRIL 26, 2022

Company Sector Year Status Perimeter81 VPN and zero trust 2020 Private Wiz Cloud security 2020 Private OneTrust Privacy management 2019 Private Darktrace AI network security 2017 Private Recorded Future Threat intelligence 2017 Acquired: Insight Thycotic Access management 2015 Private Checkmarx Application security 2015 Acquired: P.E.

Cybersecurity 128

Cybersecurity Technology Marketing Healthcare 128

SecureWorld News

FEBRUARY 9, 2024

Gartner has projected that by 2025, more than 60% of organizations will move away from VPN and rely on ZTNA. RELATED: Death of the VPN: A Security Eulogy ] VPNs have notably higher operating costs and lower scalability when using device-based architecture. In this case, CISOs must manage the risks due to the technology debt.

IoT 109

IoT VPN Architecture Risk 109

SecureWorld News

OCTOBER 15, 2020

And they traced the cybersecurity failures to a lack of leadership and a vacant Chief Information Security Officer role: "The problems started at the top: Twitter had not had a chief information security officer (“CISO”) since December 2019, seven months before the Twitter Hack. This is something end users at many organizations experienced.

Social Engineering 104

Social Engineering Media Scams Financial Services 104

CyberSecurity Insiders

JULY 21, 2021

By: Matt Lindley, COO and CISO at NINJIO. But a survey conducted by Google and Harris found that many people still refuse to adopt even the most essential credential security measures: just 37 percent use two-factor authentication, around a third change their passwords regularly, and a mere 15 percent use a password manager.

Social Engineering 145

Social Engineering Password Management Passwords Accountability 145

Duo's Security Blog

JANUARY 28, 2022

Imagine a shift away from logging into a “network” to having security seamlessly built into the network, and multi-factor authentication and authorization continuously performed at the application level on the fly — without users typing passwords. The vision being set forth by OMB is ambitious — but vital.

Authentication 52

Authentication Government DNS Encryption 52

ForAllSecure

DECEMBER 2, 2021

Vamosi: So you’re CISO at a major corporation and all of sudden there’s been a ransomware attack in your network, and it’s spreading throughout your infrastructure. Also multi factor authentication, that is a must. Maybe your first concern is to make sure the company is functional.

Penetration Testing 52

Penetration Testing Encryption Ransomware Passwords 52

Cisco Security

JUNE 25, 2021

This month, we interviewed Esmond Kane, CISO of Steward Health Care. Across Healthcare, infosec had to help IT rapidly improve endpoint hygiene, VPN posture assessment, handle all the COVID-related Phishing, increase and mitigate cloud exposure, and more. Esmond Kane is Cisco’s CISO of the month. Some might call it smart.

CISO 105

CISO Healthcare InfoSec Computers and Electronics 105