Cisco Virtual Update on DUO

4/3– 2020

Mikael Grotrian, CISSP, CISM, CCSK, GISF, ITIL, PRINCE2, TOGAF Certified

Technical Solutions Architect, Cyber Security, Denmark

© 2019 Cisco and/or its affiliates. All rights reserved. Cisco

How Cisco Duo delivers Zero Trust for your Workforce

Every Application

Trusted Devices

Trusted Users

Visibility & Policies

Cisco Duo protects organizations by verifying the identity of users and the health of their devices before connecting to the applications they need.

INFORMATION PROPERTY OF DUO SECURITY, INC.

User TrustEstablish user trustwith MFA.

INFORMATION PROPERTY OF DUO SECURITY, INC.

World’s Easiest and Most Secure MFA

Instantly integrates with all apps

Users self-enroll in minutes

Users authenticate in seconds; no codes to enter

INFORMATION PROPERTY OF DUO SECURITY, INC.

Push Soft Token SMS

Phone Call U2F Wearables

Biometrics

Broadest Range of Multi-Factor Authentication (MFA) Options

Hardware Tokens

● Configure authentication options for each application or group of users

● Enable multiple option for users for ease of use and flexibility

Temporary Offline Authentication for Windows

Supported Auth Methods for Windows Offline

● Grab a yubikey or other security key

● Just tap the key!

Users need to authenticate with MFA into their machines before they can access internet / secure portal.

WHY IT’S NEEDEDOFFLINE AUTH VIA OTP WITH DUO MOBILE

● Use the smartphone you own● Enter one-time passcode

OR AUTH WITH A SECURITY KEY

WHO IT’S FOR

Remote users who need to perform 2FA while they are temporarily disconnected from the internet.

INFORMATION PROPERTY OF DUO SECURITY, INC.

REST APIS

WEB SDK

RADIUS

SAML

OIDC

CustomVPN RA SSO

RRAS

Multicloud Email/MSFT On-Prem

Start Here Then Expand

Cisco Duo Supports Your Work Applications

Learn more about application integrations

INFORMATION PROPERTY OF DUO SECURITY, INC.

Enroll Users Easily at Scale

Automatic Enrollment

Admins can import users from existing Azure, LDAP and AD directories

Self Enrollment

Users can self-enroll into Cisco Duo in less than 1 minute

Import Users

Provision users using Cisco Duo’s REST API or add users manual one at a time or through CSV

Learn more about Enrollment Options

INFORMATION PROPERTY OF DUO SECURITY, INC.

Self-Enrollment: Easily enroll users in minutes

● Users easily self-enroll in minutes

● Users leverage their own device

● Enroll thousands of users in hours.

● Reduce TCO by enabling the user to easily enroll with no help needed

Learn more about self-enrollment

INFORMATION PROPERTY OF DUO SECURITY, INC.

User Self-Service

● Users can manage their own 2FA devices during login.

● Add, Remove and Configure Devices

● Reduce TCO by enabling the user to easily manage their own device.

Learn more about Device Management

Device TrustAssess the health and security posture of any device.

INFORMATION PROPERTY OF DUO SECURITY, INC.

Compromised Devices Can Access Your Data

Source: Gartner, Dale Gardner, 2018 Security Summit

of vulnerabilities exploited will be ones

known by security team for at least one year

(through 2021)

Source: Gartner, Dale Gardner, 2018 Security Summit

99%Attackers exploit known vulnerabilities

Patching devices (especially user-owned) is complex

End users continue to access data from potentially vulnerable devices

Accessing critical data from vulnerable devices can be risky

INFORMATION PROPERTY OF DUO SECURITY, INC.

Assess Security PostureEasily identify device security posture, and if they are managed or not based on enrollment in MDMs/EMMs.

Complete Visibility Gain complete visibility into all laptops and mobile devices using native device visibility.Improve

Device Trust with Cisco Duo

Continuous InspectionContinuously monitor if devices are infected with malware by using solutions such as AMP to prevent them from reaching sensitive apps.

INFORMATION PROPERTY OF DUO SECURITY, INC.

How Cisco Duo gathers visibility

Mobile DeviceMobile browsers and the Duo Mobile application

Laptops / DesktopsLaptop/desktop browsers and

Duo Device Health application (New!)

Deep visibility into laptops and desktops

● New functionality (GA Dec 2019)

● Laptop / desktop security health

● Check devices before they login

● Corporate managed and BYO devices

● Supports web-based applications

● Windows 10 and MacOS

INFORMATION PROPERTY OF DUO SECURITY, INC.

Assess Mobile Device Posture without MDM

● Check if mobile devices are up-to-date

● Verify encryption and passcode lock

● Check if devices are jailbroken or tampered

● Works for managed and unmanaged mobile devices

● Corp managed asset status● Biometrics (Touch/Face) status● Screen lock status● OS condition (tampered) status● Encryption status● Platform type● Device OS type● Device OS version● Device owner● Duo Mobile version

● Disk encryption● Firewall enabled● Device password● OS patch level (Win 10)● Third party agents

● Corp managed asset status*● OS type & versions● Browser type & versions● Flash & Java plugins versions● OS, browser and plugins status

Mobile Devices Laptops / Desktops

What information does Cisco Duo gather?

Learn more about Unified Device Visibility

NEW!Duo Device Health App

Native: Microsoft AD, Ivanti (Landesk), AMP

Script based: Symantec Altiris, Chef, Microsoft SCCM, AirWatch, etc.

Alternative: Cisco Duo has a generic cert deployment

Mobile Windows MacOS

Duo: Duo Mobile app can be used to trust mobile devices. (Great for customers w/o MDM)

Native: AirWatch, MobileIron, Google G Suite, Sophos

Alternative: Cisco Duo has a generic cert deployment

Native: Jamf, AMP

Script based: Symantec Altiris, Chef, Microsoft SCCM, AirWatch, etc.

Alternative: Cisco Duo has a generic cert deployment

Learn more about Trusted Endpoints

Identify managed vs BYO devices

Learn more about Trusted Endpoints

NEW

Users use their devices to access application.

Cisco AMP running on the device detected malware.

AMP notifies Cisco Duo about the infected device.

Cisco Duo blocks that device from accessing apps.

Continuous InspectionCisco Duo and AMP work together to provide stronger access security.

AMPAMP

INFORMATION PROPERTY OF DUO SECURITY, INC.

1. Gather AMP credentials from your AMP admin panel

2. Enter AMP credentials in Cisco Duo admin panel

3. Set policies in Cisco Duo to protect against risky devices

Cisco Duo and AMP can be integrated in minutes

INFORMATION PROPERTY OF DUO SECURITY, INC.

Configure AMP policy in Cisco Duo to instantly block risky devices

https://duo.com/demos/amp-for-endpoints

Demo: AMP4E+DUO

INFORMATION PROPERTY OF DUO SECURITY, INC.

Protect Every Application

Manage and control who is allowed to access applications.

INFORMATION PROPERTY OF DUO SECURITY, INC.

Example:

User-Based Policies

Learn more about Policy and Control

• Allowed authentication methods

• User enrollment status

• Geolocation

• IP Network Address / Range

• Block Anonymous networks/Tor

INFORMATION PROPERTY OF DUO SECURITY, INC.

Example:

Device-Based Policies• Corporate-owned/BYO (Trusted endpoint)

• OS, browsers, Flash/Java

o Software Type

o Out of Date / Up to Date

• Mobile security status

o Screen lock, biometrics, encryption, jailbroken/tampered

• Remembered / previously known device

Learn more about Policy and Control

INFORMATION PROPERTY OF DUO SECURITY, INC.

Use Cases

All integrations and network diagrams are available at: duo.com/docs

Cisco Duo supports hundreds of apps out of the box.

Secure Any Corporate Application

Integration documents are available at duo.com/docs

INFORMATION PROPERTY OF DUO SECURITY, INC.

USE CASE

Cisco Duo for VPNFor remote access use caseswith any VPN

INFORMATION PROPERTY OF DUO SECURITY, INC.

USE CASE

Cisco Duo & AnyConnect Secure Remote Access• Secure AnyConnect in < 30 minutes

• Users authentication in seconds

• Block unmanaged devices

• Several integration options

• *AVAILABLE ON* ASA and FTD

INFORMATION PROPERTY OF DUO SECURITY, INC.

Cisco Duo for Cloud Applications

Improve End User Productivity SSO

● Easily access all cloud applications from a single dashboard

● Enable consistent security controls across cloud applications

● Secure every cloud application

Duo SSO for Cloud apps

INFORMATION PROPERTY OF DUO SECURITY, INC.

Cisco Duo for MicrosoftO365, RDP/Windows Logon, and Azure AD use cases

https://demo.duo.com/ssh-remote-access

Demo: SSH Access with Duo Beyond

INFORMATION PROPERTY OF DUO SECURITY, INC.

Feature Highlights

Cisco Duo MFA

Cisco Duo Access

Cisco Duo Beyond

● Multi-Factor Authentication● Single Sign-On (SSO)● Protect Any Application● Protect Federated

Cloud Apps

● Adaptive Groups Based Policy Controls

● Unified Device Visibility● User Based Policy● Device Based Policy● Phishing Assessment

● Trusted Endpoints● Secure Remote Access● Duo Mobile as Trusted

Full Capabilities: https://duo.com/pricing

Følg med§ Talos blog

§ Cisco security blog

§ Afholdte seminarer

§ Security Chalk Talks

§ DUO dokumentation

§ DUO demoer

§ DUO PoV / Trial

§ DUO på Youtube

§ DUO sessioner på Cisco Live 2020 Barcelona

§ AMP4E + DUO Integration

§ DUO Zerotrust

§ DUO Zerotrust på Cisco Live 2020 Barcelona

§ DUO Behavioral Security Analytics

§ Join Cisco Security på Blackhat, Defcon etc. ogpå Talos Threat Research Summit @ Cisco Live

Tag fat i jeres Account Manager eller Jesper Rathsach, Tue Frei Noergaard, Kristian Von Staffeldt, Kim Andersen, Kenneth Schwartz eller Mikael Grotrian for en dybere gennemgang, Proof of Value eller en Dcloud demo adgang.