Duo.com

The 2016 Duo Trusted Access ReportThe Current State of Device Security

Duo.com

New Threats & Risks

In an increasingly cloud, mobile and BYOD-enabled world, new threats have evolved. To gain access to sensitive data, attackers now target:

1. Outdated devices with known vulnerabilities; and

2. Stolen credentials

To give you insight into what devices are at risk, and how to mitigate risks, Duo Security created The 2016 Duo Trusted Access Report.

Duo.com

What Is This Report?

An in-depth analysis of the security health of 2 million devices, performing over 2 million auths/day using Duo’s two-factor authentication solution.

2,000,000DEVICES

2,000,000DAILY AUTHENTICATIONS SMALL STARTUPS TO FORTUNE 500

ENTERPRISES

Duo.com

How Did We Collect This Data?

With our Duo Mobile app and our advanced endpoint feature, Device Insight.

We collect detailed data about devices - like OS, browser, Flash & Java versions - every time they log in, without using an agent.

Duo.com

What is Trusted Access?

It’s the act of verifying both the identity of the user and the security health of the device before granting access.

VERIFIED USERS SECURED DEVICES

Duo.com

Verifying User

Ensure they are who they say they are. Use two factors of verification, known as two-factor authentication:

• Something they know: Username and password

• Something they have: A smartphone to approve a push notification sent via an authentication mobile app

ENTER CREDENTIALS VERIFY IDENTITY ACCESS GRANTED

Duo.com

Verifying Device

Check your user’s device before allowing access to your company’s sensitive apps and data.

Using our Endpoint Remediation feature, create rules that block or warn users based on outdated versions of:

• Operating systems

• Browsers

• Java and Flash plugins

Duo.com

Why Does Trusted Access Work?

63%

63% of data breaches relied on stolen, weak or default credentials.*

Two-factor authentication can prevent an intrusion initiated by stolen credentials.

Old vulnerabilities still work, targeting outdated software versions still running on company devices.

Endpoint visibility and remediation can mitigate this risk.

*Verizon 2016 Data Breach Investigations Report

Duo.com

Out-of-Date Browsers

25% of Windows devices are running an outdated and unsupported version of Internet Explorer (IE).

IE 6 & 7

IE 8

IE 9

IE 10

IE 11

EDGE 12

EDGE 13

EDGE 14

0% 20%

68.1%

40% 60%

% OF USERS

0.202%

4.4%

13.8%

6.2%

1.5%

5.9%

0.02%

Duo.com

Out-of-Date Flash

60%

60% of Flash users are running an out-of-date version

• Exposing them to hundreds of vulnerabilities

• 8 out of 10 vulnerabilities employed by exploit kits targeted Flash

Duo.com

Get More Data…Much More

Get more stats like these, including which operating systems and browsers are out of date, by downloading the full report, The 2016 Duo Trusted Access Report: The Current State of Device Security.