Duo's Security Blog

JULY 6, 2023

Today we will discuss the survey makeup, review key results and explain why Duo’s Passwordless technology is well positioned to meet enterprise authentication needs highlighted in the study. Workforce authentication failures are common and MFA is still not mandatory Duo has always focused on meeting customers where they are.

Authentication 100

Authentication Passwords Risk Technology 100

Security Boulevard

FEBRUARY 1, 2024

Passkeys and The Beginning of Stronger Authentication madhav Fri, 02/02/2024 - 05:23 How passkeys are rewriting the current threat landscape Lillian, an experienced CISO, surveyed the threat landscape. Lillian knew that a shift in authentication couldn't wait. FIDO is an overarching framework for secure and passwordless authentication.

Authentication 64

Authentication Passwords CISO Password Management 64

NetSpi Technical

NOVEMBER 2, 2023

To understand the vulnerability, there are a few things to understand about the Entra ID authentication flow. Within any Entra ID environment, there are numerous cloud applications that are leveraged when a user authenticates. This odd load-time behavior is what alerted me to the potential for an MFA bypass.

Authentication 143

Authentication Accountability Social Engineering Penetration Testing 143

Duo's Security Blog

FEBRUARY 13, 2023

And for more information on protecting against ransomware, be sure to check out our ebook: Protecting Against Ransomware: Zero Trust Security for a Modern Workforce. Mitigating ransomware attacks using MFA Multi-factor authentication (MFA) is very effective at protecting credentials and limiting attackers’ access to company resources.

Ransomware 116

Ransomware Insurance Passwords Authentication 116

Duo's Security Blog

NOVEMBER 15, 2024

Traditionally, organizations have relied on strong authentication requirements, such as multi-factor authentication (MFA), to address compromised access. Moving beyond authentication In conclusion, the rise of identity security necessitates a shift beyond relying solely on authentication to address compromised identities.

Threat Detection 111

Threat Detection Cybersecurity Digital transformation Authentication 111

Duo's Security Blog

APRIL 20, 2023

A major leading research and teaching institution, the University was looking for a multi-factor authentication (MFA) solution that could integrate with existing IT architecture and be rolled out easily across campus. Duo’s enrollment and authentication processes made it easy for even the most anti-tech users to get up and running with MFA.

Phishing 106

Phishing Social Engineering Authentication Engineering 106

Thales Cloud Protection & Licensing

SEPTEMBER 10, 2019

Additionally, 58% of the data security leaders surveyed indicated that multi-factor authentication was the most likely technology to protect cloud and web-based apps. In addition, for more information on how you can secure access to your cloud services and applications, please download our eBook, Four Steps to Cloud Access Management.

Consumer Services 115

Consumer Services Passwords Authentication Technology 115

Duo's Security Blog

MARCH 4, 2024

Recently, attackers have targeted multi-factor authentication (MFA). Even if an attacker has access to a username and password, they still need access to the second authentication factor to break into the organization. This becomes a constant cycle of organizations introducing new protections and attackers finding ways to exploit them.

Authentication 86

Authentication Social Engineering Passwords Risk 86

Security Affairs

MAY 6, 2023

Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.

Data breaches 98

Data breaches Malware Mobile Spyware 98

Duo's Security Blog

SEPTEMBER 5, 2024

ISPM involves continuously monitoring and analyzing identities, access rights and authentication processes across your entire ecosystem to inform the current identity security posture. This posture is affected by different levels of security hygiene and control in place both for individual users and for the organization more broadly.

Accountability 142

Accountability Risk Passwords Authentication 142

Duo's Security Blog

SEPTEMBER 19, 2024

In many enterprises, this includes administrators for tools like on-premises and cloud directories, single sign-on (SSO) solutions and multi-factor authentication (MFA) providers. Enforce strong multi-factor authentication (MFA) Require strong forms of MFA for admin access.

Accountability 119

Accountability Risk Authentication Social Engineering 119

Duo's Security Blog

JUNE 27, 2023

Multi-factor authentication (MFA) is a critical component of their security program, but the solution that was packaged with the existing enterprise suite did not meet the requirements of the IT security team. Cyber attackers are increasingly targeting gaps in weaker multi-factor authentication implementations.

Ransomware 111

Ransomware Healthcare Phishing Authentication 111

Thales Cloud Protection & Licensing

JANUARY 16, 2025

Multi-Factor Authentication: Asserting the identity of people or systems. I hope you will take the opportunity to review our new eBook to learn more about how Thales helps Financial Institutions operating in the United States to meet compliance requirements. Governance: Establishing accountability and enforcing policies.

Financial Services 62

Financial Services Encryption Insurance Government 62

Duo's Security Blog

AUGUST 16, 2021

“There are primarily three ways you can authenticate someone: with their username and password, with two-factor authentication, and with a company-supplied device that you can trace. For most stuff, you should have two of those things. For critical things, you should have all three.”.

Authentication 98

Authentication Data breaches Encryption Phishing 98

Duo's Security Blog

OCTOBER 8, 2024

As organizations continue to rely on digital identities for access control and authentication, the risk of identity compromise grows. If you’d like to learn more about building a playbook for breach response, check out our eBook: Building an Identity Security Program.

Passwords 111

Passwords Accountability Education Social Engineering 111

Duo's Security Blog

APRIL 29, 2021

Compliance with corporate device health policy can be enforced each time the user attempts to authenticate. When deployed in this mode, the Device Health app will simply collect health data and report it back at each authentication when the application is installed on the access device.

Authentication 85

Authentication Encryption Firewall Risk 85

Duo's Security Blog

FEBRUARY 4, 2025

Authentication is key and a core requirement Considered by insurers as one of the most important security controls, multi-factor authentication (MFA) protects against stolen credentials by using two or more factors to identify the user (beyond the traditional username and password). What can Duo do?

Cyber Insurance 64

Cyber Insurance Insurance Authentication Risk 64

Cisco Security

JANUARY 10, 2023

For more on where to start check out our eBook which explores the five phases to achieving zero trust, and if you have already embarked on the journey, read our recently published Guide to Zero Trust Maturity to help you find quick wins along the way. Don’t sleep on the impact of MFA Fatigue. Third party dependency.

CISO 142

CISO Insurance Cyber Insurance Phishing 142

CyberSecurity Insiders

JUNE 24, 2021

Today, biometric authentication is a constant feature in our lives, with many smartphones utilising facial or fingerprint recognition as a security measure. To find out more, read Thales’ recent eBook on digital identity. Six years later, the world’s largest biometric digital ID system, called the Aadhaar system, launched in India.

Computers and Electronics 115

Computers and Electronics Passwords Technology Government 115

Cisco Security

OCTOBER 6, 2021

A trusting culture starts with authenticity from the most influential person in the group – the “leader.” For even more expert tips, stories, and insights, download Cisco’s new eBook, “ Creating Safe Spaces: Leaders and Practitioners on Mental Health and Avoiding Burnout.”. Helen Patton | Advisory CISO at Cisco.

Cybersecurity 143

Cybersecurity CISO InfoSec Media 143

Security Boulevard

JUNE 21, 2022

Selecting a cloud vendor to help host your identity-related functions — such as user authentication, authorization, single sign-on, federation, and identity management — can be a business booster and a way to streamline efficiencies. Threatpost Cloud Security, The Forecast for 2022, eBook, page 26. Watch the full video here.

Backups 109

Backups eCommerce Passwords Authentication 109

Security Boulevard

MAY 9, 2022

Use multifactor authentication where possible. eBook: The Definitive Guide to AI and Automation Powered Detection and Response. Implement a recovery plan to maintain and retain multiple copies of sensitive or proprietary data and servers in a physically separate, segmented, secure location (e.g., hard drive, storage device, the cloud).

Ransomware 98

Ransomware Antivirus Passwords Backups 98

Duo's Security Blog

DECEMBER 7, 2022

MFA is a necessity, not a luxury There is a good reason that nearly every cyber liability insurance carrier requires multi-factor authentication (MFA) and why, according to wholesale specialty insurance distributors CRC Group , clients without MFA risk non-renewal or a retention hike of 100% or more. What are you doing about backups?

Insurance 98

Insurance Cyber Insurance Ransomware Risk 98

Security Boulevard

JUNE 16, 2022

Also, like humans, machines must be authenticated to be trusted. Once authenticated using their identity, the machine can then be authorized to access data or resources. TLS Machine Identity Management for Dummies - the FREE eBook! Machines are like humans in that each one must have a unique identity. UTM Medium. UTM Source.

Digital transformation 52

Digital transformation Authentication Banking Software 52

Thales Cloud Protection & Licensing

MAY 6, 2021

As such, this year’s World Password Day is in fact a timely reminder for businesses to drop passwords forever, and instead rollout access management solutions such as passwordless authentication. Micro-segmentation needs to be the default network set up and multi-factor authentication needs to become as common as a strong passphrase.

Social Engineering 96

Social Engineering Authentication Passwords Technology 96

Thales Cloud Protection & Licensing

MARCH 5, 2025

Our solutions limit the access of internal and external users based on their roles and context with granular access policies and multi-factor authentication, helping ensure that the right user is granted access to the right resource at the right time.

Firewall 62

Firewall Digital transformation Encryption Risk 62

Security Boulevard

APRIL 7, 2022

However, there is a drawback with TLS: TLS guarantees authenticity but by default this only happens in one direction: the client authenticates the server, but the server doesn’t authenticate the client. This is where mTLS comes useful—mTLS makes the authenticity symmetric. What is mutual TLS authentication?

Authentication 52

Authentication Encryption Digital transformation 52

Thales Cloud Protection & Licensing

FEBRUARY 1, 2023

Access Management and Authentication solutions protect sensitive data by enforcing the appropriate access controls when users log into applications that store sensitive data. Access to protected data can be granted or revoked at any time based on well-defined policies, and all activity is logged for auditing and reporting.

Encryption 71

Encryption Data breaches Authentication Risk 71

Duo's Security Blog

MAY 10, 2023

Effectively protecting complex networks against sophisticated phishing attacks involves a comprehensive security stack including multi-factor authentication (MFA) , single sign-on (SSO) , and domain name system (DNS) security. Then, check out our ebook Duo for Essential Eight to see how Duo fits into an Essential Eight security strategy.

Phishing 59

Phishing DNS Authentication Risk 59

Security Boulevard

JULY 19, 2022

Authenticate your K8s clusters with machine identities. The primary access point for a Kubernetes cluster is the Kubernetes API, therefore we need to authenticate and authorize both developers and services accessing the API. API authentication. API authentication covers both humans and clients accessing the API.

Authentication 52

Authentication Digital transformation Risk Engineering 52

Security Boulevard

MAY 12, 2022

SPIFFE solves the problem of workload authentication in diverse environments. Access control, secrets management, and identity are all dependent on each other,” states the SPIFFE eBook. Adopting SPIFFE allows you to mutually authenticate systems wherever they are running. That is where SPIFFE comes in. Principles of SPIFEE.

Architecture 52

Architecture Authentication Data breaches Software 52

Malwarebytes

AUGUST 31, 2022

After creating your child’s Apple ID, enable two-factor authentication (2FA) for that added layer of security, ensuring that your child’s account won’t get popped easily even if someone got hold of their password. Set up your child’s own Apple ID. Disable or hide features you deem off-limits or unnecessary.

Accountability 98

Accountability Scams Risk Passwords 98

Security Boulevard

DECEMBER 6, 2021

Give customers the choice of authenticating via social identity providers, such as Facebook or Google, with one click. Reduce security risks by integrating context-driven authentication and authorization across mobile customer journeys to strengthen brand loyalty. . Strengthen Security to Build Loyalty .

Retail 52

Retail Mobile Authentication Risk 52

Thales Cloud Protection & Licensing

MARCH 31, 2021

There are two major considerations for us: enhanced authentication security, and user workflow efficiency. “In In the case of user efficiency, now with a full remote workflow for user authentication, all devices are authenticating over an enterprise VPN client. Justin Sherman, Tech Policy and Geopolitics Expert.

Digital transformation 77

Digital transformation VPN Technology Architecture 77

Cisco Security

FEBRUARY 14, 2022

Fourth, they should ensure access is authorized, authenticated, and encrypted. Also, for more on the steps to securing the workforce I touched on earlier, there is a great ebook here. Secondly, you should protect every application in the same manner regardless of where it’s hosted or how it’s accessed.

Passwords 128

Passwords Technology Government CISO 128

Security Boulevard

OCTOBER 2, 2023

Download: How to Stop Phishing Attacks with Protective DNS An Evolving Threat Requires Adaptive Defenses While phishing methods are constantly evolving, common attack vectors include: Spear phishing - Highly targeted emails personalized with researched details to appear authentic. Often used to compromise executive and privileged accounts.

DNS 64

DNS Phishing Social Engineering Engineering 64

Thales Cloud Protection & Licensing

APRIL 29, 2024

PSD3 sets out more extensive Strong Customer Authentication (SCA) regulations and stricter rules on access to payment systems and account information and introduces additional safeguards against fraud. Download our handy eBook, How Thales Helps Meet Compliance Requirements in Europe , or contact us to schedule a consultation.

Risk 71

Risk Manufacturing Digital transformation Cyber threats 71