Today, Cisco has completed the acquisition of Oort, expanding Cisco’s ability to secure the identity perimeter. Given that Duo is already a well-respected product within the identity space, Oort already works closely to combine best-in-class multi-factor authentication (MFA) with Oort’s protection against MFA bypass and identity attacks.
With this unique visibility, Oort continuously monitors MFA deployment gaps, MFA weaknesses, weak factor usage, and MFA flood attacks.
The Duo Difference
Duo has unique data on MFA factor enrollment and usage that surpasses other MFA and identity providers. Duo makes it easy for admins to set up granular access policies and to help understand and analyze data on MFA factor enrollment and usage across various groups, providing valuable insights into MFA adoption and usage trends. With Duo's extensive experience and large customer base, it has unique data and insights on using various MFA factors, including push notifications, hardware tokens, biometrics, SMS, and more.
By combining Duo and Oort, customers can combine best-in-class MFA with protection against MFA bypass and other identity attacks. With this unique visibility from Duo, Oort provides continuous monitoring for MFA weaknesses, weak factor usage, and MFA flood attacks.
Identify Accounts with No MFA
Oort uses data from Duo to identify users with no MFA enabled. Duo provides visibility into if MFA is not enabled for a particular user, device, or application. If Oort detects any such cases, it immediately notifies the user, manager, or another team so they can quickly take action.
Monitoring the absence of MFA is essential for preventing unauthorized access and protecting organizations' digital assets from cyber threats. Organizations can mitigate the risk of data breaches, financial losses, and reputational damage by ensuring that MFA is enforced across all systems and applications. Additionally, regulatory compliance standards such as the Payment Card Industry Data Security Standard (PCI DSS) and the Health Insurance Portability and Accountability Act (HIPAA) require MFA as a security control. Therefore, organizations that fail to enforce MFA may face legal and regulatory consequences. Oort's monitoring of the absence of MFA helps organizations comply with these standards and protect themselves from cyber threats.
Track Successful Logins Using Weak Factors
Weak factors in Multi-Factor Authentication (MFA) refer to using less secure methods for additional authentication beyond the primary password, such as SMS and voice calls. While these methods may provide an extra layer of security, they are vulnerable to attacks such as SIM swapping, allowing attackers to control a user's phone number and intercept SMS messages. Thus, weak factors can undermine the effectiveness of MFA, leaving systems vulnerable to unauthorized access.
Oort monitors for successful logins using weak factors by analyzing data from Duo. Oort examines Duo's logs to detect instances where weak authentication factors, such as SMS or voice calls, were used. If Oort identifies successful logins using these weak factors, it alerts the organization's IT team to take appropriate action, such as enforcing stronger MFA factors or investigating potential security breaches.
Detect MFA Flood Attempts
Oort uses Duo's data to detect MFA floods, which refer to an excessive number of authentication attempts using MFA factors within a short period. MFA floods can occur when an attacker uses automated tools to generate a high volume of authentication requests, often in the hope that the end user will give into MFA fatigue and accept one of the notifications.
To detect MFA floods, Oort uses Duo's data to monitor authentication logs and identify patterns of excessive authentication attempts within a specific time frame. Oort examines factors such as the number of authentication attempts, the sources of authentication requests, and the time interval between requests.
Lock Down MFA Resets
Oort enables organizations to secure the MFA reset process by providing a secure validation mechanism for MFA reset requests. If a user loses their MFA device or needs to reset their MFA factors, the help desk can use Oort to verify that the reset request comes from the genuine user and not an attacker. Oort enables organizations to create a secure identity verification process, including challenge-response questions to ensure the user is who they claim to be.
In addition to securing the MFA reset process, Oort also closely monitors the use of bypass codes and emergency access. Bypass codes are typically used as backup options for MFA when users cannot access their primary authentication device. Oort tracks the use of bypass codes and identifies any abnormal usage patterns that may indicate potential security risks, such as using the same bypass code multiple times or using bypass codes by unauthorized individuals. This close monitoring of bypass codes helps organizations maintain the security of their systems and prevent unauthorized access.
How Duo and Oort Combine
Oort seamlessly connects to your Duo instance to collect vast data on users, events, locations, MFA factors, and more. Oort provides a layer of analysis on top of this data, helping to identify weaknesses and threats. These findings are available in the Oort platform and Slack, Teams, Email, Ticketing, or SIEM.
Moreover, existing Duo customers can also use Duo’s SSO to seamlessly sign in to their Oort dashboard.
Duo Security, now part of Cisco, is the leading multi-factor authentication (MFA) and secure access provider. Duo comprises a key pillar of Cisco Secure’s Zero Trust offering, the most comprehensive approach to securing access for any user, from any device, to any IT application or environment. Duo is a trusted partner to more than 25,000 customers globally, including Bird, Facebook, Lyft, University of Michigan, Yelp, Zillow and more. Founded in Ann Arbor, Michigan, Duo also has offices in Austin, Texas; San Francisco, California; and London.