Multi-factor authentication (MFA) for secure access to applications. Enables authentication with push notifications, biometrics, or codes. It increases the security for users, devices, and corporate data without the need for a VPN.
In a digital era where cyber threats are constantly evolving, securing access to sensitive data and applications is crucial. Cisco DUO is a comprehensive security platform combining multi-factor authentication (MFA) with device security health checks. This solution is designed to provide robust protection against unauthorized access and it ensures that authenticated identities are associated with trusted devices. With its cloud-based architecture and easy integration with existing systems, DUO is an ideal foundation for a Zero Trust strategy, which secures access to applications regardless of where they are hosted or how users access them.
Key features and functions
Push notifications and a wide range of authentication methods: Users can easily confirm their identity through the Duo Mobile app, security keys, one-time codes, biometrics, or phone authentication. Verified Duo Push provides an additional level of protection against phishing attacks.
Single Sign-On (SSO) and passwordless authentication: Cloud SSO allows users to access SAML 2.0 applications with a single sign-on. Duo Central provides a unified interface for accessing all applications and supports keyless login for enhanced user experience and security.
Comprehensive device visibility and monitoring: DUO provides a dashboard of all devices accessing applications, allows for the identification of at-risk devices, and offers insight into the security status of laptops, desktops, and mobile devices. It can distinguish between company and private devices and detect the presence of security agents.
Adaptive policies and User & Entity Behavior Analytics: The system allows setting and enforcing security policies globally or for specific applications. Policies can be based on authorized networks, user location, user groups, and other factors. The anomaly detection feature helps identify suspicious access patterns and high-risk activities.
Duo Network Gateway (DNG): Allows secure access to internal web applications, SSH servers, and Windows servers via RDP without the need for a VPN. It also supports access to applications hosted in AWS, Azure, and GCP.
Trusted Endpoint and Risk-Based Authentication: Verifies device integrity and can enforce security policies based on device state. Risk-Based Authentication dynamically adjusts authentication requirements according to the level of access risk.
Intuitive management and reporting: Administrators can use an intuitive interface for the centralized management of user rights, security policy setting, and detailed monitoring of access events.
How Cisco Duo works
During an attempted login to a protected application, the system first verifies the user identity by means of a primary factor (such as a password). A request for further authentication is then sent to the user’s mobile device or by another selected method. At the same time, the DUO checks the device status to ensure that it meets the set safety requirements. Using adaptive policies, DUO can adjust the authentication requirements based on the access risk level, for example, based on the location, device, or user behavior. For accessing internal applications, the Duo Network Gateway provides secure access without a traditional VPN connection.
Customer Benefits Implementing Cisco DUO brings a number of key benefits
Increased security
Multi-factor authentication and device monitoring significantly reduce credential breach risk and support Zero Trust principles.
Compliance a audit
DUO facilitates compliance with high security standards as well as internal and external audits, which is particularly important in regulated industries.
Simplified administration
Centralized administration and an intuitive user interface allow for the quick deployment of security policies and efficient access monitoring.
Secure remote access
DUO Network Gateway enables secure access to internal applications without the need to deploy a traditional VPN infrastructure.
User-friendly
Simple and fast verification processes with minimal impact on the user environment support a high adoption rate.
Technical aspects and implementation details
Cisco DUO is built on a cloud infrastructure, ensuring high availability and deployment flexibility.
The key technical aspects include:
Broad integration: Support for more than 2,000 applications via industry-standard protocols such as SAML, OAuth, OpenID Connect, RADIUS, LDAP, and more.
Multifactor authentication: Support for multiple authentication methods, including FIDO2/WebAuthn security keys and biometrics for maximum flexibility and security.
Trusted Endpoint: Device integrity verification ensures that access is only granted to trustworthy devices.
Adaptive policies: The ability to set dynamic security policies based on user, group, application, location, and other factors.
Cloud SSO: Single sign-on to cloud and on-premises applications with support for passwordless authentication.
API integration: Robust API allows for integration with other security tools and process automation.
Cisco DUO
This is a modern and efficient solution combining ease of use with high security. As a cornerstone of the Zero Trust architecture, DUO helps protect access to applications, data, and systems, and it significantly reduces the risk of security breaches. With a wide range of authentication methods, SSO support, device health checks, and adaptive policies, DUO provides a comprehensive solution for secure access in a modern, distributed IT environment. Investing in Cisco DUO improves protection against attacks, and it boosts productivity and credibility with internal and external users.