A modern, zero-trust security architecture ensures that only authorized users using safe devices gain access to corporate applications. However, establishing trust over time, and consistently and continuously monitoring access granted to users, is a challenge for organizations that have had to quickly evolve their access strategy in light of remote work.
That’s why I’m proud to announce the general availability of Duo Trust Monitor, Duo’s machine learning-driven risk detection, starting Thursday, November 19. The feature will be available in Duo Access and Beyond editions.
Duo Trust Monitor analyzes real-time authentication data to create a baseline of normal user behavior at the point of login. Once Duo Trust Monitor observes these access patterns, it surfaces risky logins to help the security team identify suspicious activity and aid in the investigation of compromised accounts.
While many tools on the market rely on simple or static rules, Duo Trust Monitor looks at access patterns more holistically — taking into account extended access history and context between multiple variables, such as device and location.
The visibility Duo Trust Monitor provides, combined with Duo’s expressive policy engine, lies at the center of Cisco’s zero-trust for the workforce strategy – linking risk detection directly to access control.
When Duo Trust Monitor highlights anomalous activity, this informs better, more tailored policy. For example, if Duo Trust Monitor identifies a suspicious login from a risky location, a Duo administrator can set a geolocation restriction in response. By improving policy in light of anomalous access, Duo Trust Monitor’s events become stronger in signal and enable IT admins to further narrow suspicious access.
While we’re excited to offer this capability via Duo’s administrative console, we’re also proud to provide an open API to integrate with existing processes and workflows, whether our own SecureX platform, or even custom security operations tooling.
For security to scale, it’s important to achieve a balance between control and automation. Purpose-built user behavior analytics will become more common as a cornerstone of a zero-trust security architecture, vs. the generalized approach of simply correlating security events that inundate teams today.
As the industry continues to apply artificial intelligence and machine learning to security, it’s imperative that we reduce work for teams to do through careful design of analytics and automation. Duo Trust Monitor is designed to empower small teams to have a large impact by focusing on the access risks that are specific to their business and enable work from anywhere.
For more information, check out our documentation or reach out to Duo to learn more.
Original article can be found HERE
by Dug Song
