Upload
duo-security
View
697
Download
1
Embed Size (px)
Citation preview
Duo.com
New Threats & Risks
In an increasingly cloud, mobile and BYOD-enabled world, new threats have evolved. To gain access to sensitive data, attackers now target:
1. Outdated devices with known vulnerabilities; and
2. Stolen credentials
To give you insight into what devices are at risk, and how to mitigate risks, Duo Security created The 2016 Duo Trusted Access Report.
Duo.com
What Is This Report?
An in-depth analysis of the security health of 2 million devices, performing over 2 million auths/day using Duo’s two-factor authentication solution.
2,000,000DEVICES
2,000,000DAILY AUTHENTICATIONS SMALL STARTUPS TO FORTUNE 500
ENTERPRISES
Duo.com
How Did We Collect This Data?
With our Duo Mobile app and our advanced endpoint feature, Device Insight.
We collect detailed data about devices - like OS, browser, Flash & Java versions - every time they log in, without using an agent.
Duo.com
What is Trusted Access?
It’s the act of verifying both the identity of the user and the security health of the device before granting access.
VERIFIED USERS SECURED DEVICES
Duo.com
Verifying User
Ensure they are who they say they are. Use two factors of verification, known as two-factor authentication:
• Something they know: Username and password
• Something they have: A smartphone to approve a push notification sent via an authentication mobile app
ENTER CREDENTIALS VERIFY IDENTITY ACCESS GRANTED
Duo.com
Verifying Device
Check your user’s device before allowing access to your company’s sensitive apps and data.
Using our Endpoint Remediation feature, create rules that block or warn users based on outdated versions of:
• Operating systems
• Browsers
• Java and Flash plugins
Duo.com
Why Does Trusted Access Work?
63%
63% of data breaches relied on stolen, weak or default credentials.*
Two-factor authentication can prevent an intrusion initiated by stolen credentials.
Old vulnerabilities still work, targeting outdated software versions still running on company devices.
Endpoint visibility and remediation can mitigate this risk.
*Verizon 2016 Data Breach Investigations Report
Duo.com
Out-of-Date Browsers
25% of Windows devices are running an outdated and unsupported version of Internet Explorer (IE).
IE 6 & 7
IE 8
IE 9
IE 10
IE 11
EDGE 12
EDGE 13
EDGE 14
0% 20%
68.1%
40% 60%
% OF USERS
0.202%
4.4%
13.8%
6.2%
1.5%
5.9%
0.02%
Duo.com
Out-of-Date Flash
60%
60% of Flash users are running an out-of-date version
• Exposing them to hundreds of vulnerabilities
• 8 out of 10 vulnerabilities employed by exploit kits targeted Flash
Duo.com
Get More Data…Much More
Get more stats like these, including which operating systems and browsers are out of date, by downloading the full report, The 2016 Duo Trusted Access Report: The Current State of Device Security.