Professional Documents
Culture Documents
Securing
Enterprise Device Controls
Remote Access
User Controls
Methodology
What does work look like today? In this report, our security research team, Duo Labs analyzed Duo’s data on over
10.7 million devices and nearly half a billion authentications per month, spanning Nearly
The way people interact with technology
has irrevocably changed our concept
This digital transformation has driven the
enablement of remote access to company
As a result, a new enterprise security
model must evolve to effectively and
North America and Western Europe to give you insight into:
0.5 billion
of and relationship with remote access data, applications and resources. strongly secure both users and devices Authentications per Month
to the enterprise, calling for a major – adding more controls than a traditional
digital transformation. That can put your users and devices at perimeter-based security model. User Behavior Device Health
risk – threats that exploit their identities
A digital transformation of the enterprise (like social engineering, phishing, stolen or This report takes a closer look at • Where are users authenticating from? • What types of devices are users
IT model means: weak passwords, etc.) and their devices user authentications and how users Which industries see different trends in authenticating into enterprise
User Behavior
running the latest Windows OS in 2018. 26 days prior).
BROWSERS: FLASH:
2017
2018 +10%
How are people using technology today – and how can supporting them working remotely networks that customers and enterprise
SOURCE: Duo Security
help increase their productivity? We looked at the networks from which people access organizations are authenticating from.
work applications, as well as how they perform in internal phishing simulations.
That means more work is being conducted from potentially unsecured Wi-Fi networks –
those might include homes, airports, coffee shops or other public spaces. These external,
untrusted networks may introduce potential risks to your corporate applications.
course of a week.
Device Health
OS ADOPTION O U T- O F - D AT E D E V I C E S
Android
Windows
2017 68% 90%
2018 65% ChromeOS
85%
macOS
2017 27% macOS
2018 30% 74%
iOS
iOS
2017 10% 56%
2018 12% SOURCE: Duo Security
At long last, our data shows more Windows endpoints running the latest OS version,
Windows 10 – a major increase from 27 percent in 2017 to 48 percent in 2018. There’s
also a decrease in devices running Windows 7, from 65 percent last year to 44 percent W I N D OWS 10 A D O P TI O N : TO P 3
in this year.
Insurance
48% 33%
44%
Transportation & Storage
31%
Healthcare
27% 29%
SOURCE: Duo Security
Updating operating systems across large But running an unpatched, older OS Knowing what devices are running
enterprises with complex IT models isn’t can potentially leave your enterprise what OS version requires insight into
always possible without rendering certain vulnerable to attack. In 2017, the both managed and unmanaged devices
devices inoperable – for example, some WannaCry ransomware that infected accessing your corporate applications and
internet-connected medical devices and more than 400,000 devices worldwide data. And through device-based policies,
2017 2018 2017 2018 software used in the healthcare industry exploited a vulnerability designed to work you can control what devices are allowed
aren’t always designed or updated by only against unpatched Windows 7 and access to certain applications.
Windows 7 Windows 10 vendors to run on the latest Windows OS. Windows Server 2008 systems, according
O U T‑ O F ‑ D AT E B R O W S E R S B R O W S E R S W I T H U N I N S TA L L E D F L A S H
Firefox Mobile
2017 24%
93%
Chrome
2018 69%
53% SOURCE: Duo Security
Firefox
49%
Safari
42%
Edge B R O W S E R S W I T H O U T- O F - D AT E F L A S H
33%
Chrome Mobile
31% 2018 52%
IE SOURCE: Duo Security
5%
SOURCE: Duo Security
Compared to 2017, Firefox mobile still For additional context, IE hasn't released a According to Google, the percentage
ranks as the most out‑of‑date browser, new version since 2013, while Chrome just of daily Chrome users loading at least Flash will cease to be
while IE is the most up to date. However, released one on March 6, 2018. So, while one page of Flash content per day has shipped with Chrome
Chrome now ranks second as the it appears as though Chrome browsers plummeted from 80 percent in 2014 to by 2020, and Adobe
most out‑of-date browser, taking rank are more out of date, the browser tends to 4 percent in early 2018. Flash will cease will end‑of‑life it
over Safari. get updated more frequently by its vendor, to be shipped with Chrome by 2020, and that same year.
Google, than other browsers. Adobe will end-of-life it in that same year.
*Note, “uninstalled” includes browsers with Click to Play or other form of Flash blocker implemented. This means browsers won’t run arbitrary Flash
applications without explicit user opt-in, which can help protect against attacks and cut down on annoying Flash ads.
• Nearly half of Windows endpoints are finally running assures no traffic within
Windows 10 (although there's another 44 percent
still running Windows 7). an enterprise's network
• The majority of browsers are finally uninstalling or is any more trustworthy
enabling Click to Play for Adobe Flash Player. Visibility
than traffic coming from & Policy
Shifting to a new enterprise security model means
refocusing controls based on risk factors related to outside the network.
users and their devices to protect against threats
Verified Authenticated
like phishing, stolen credentials and exploits that Devices Users
compromise out‑of‑date devices and gain access to
enterprise applications.
A zero-trust security model can help you secure against remote This security framework gives you visibility into and control over
access threats outlined in this report, such as phishing, stolen your authenticated users and their verified devices, granting them
credentials and out-of-date devices that may be vulnerable to secure access to your applications only after they meet your
known exploits and malware. specific security policy requirements.
1 2 3 4 5
Establish Trust in Gain Visibility Into Ensure Device Enforce Adaptive & Enable Secure
User Identities Devices & Activity Trustworthiness Risk-Based Policies Access to All Apps Zero Trust
Verify the identity of all users with Gain visibility into every device used Inspect all devices used to access Protect every application by defining Grant users secure access to all protected
Duo’s easy-to-use, strong two-factor to access corporate applications, corporate applications and resources policies that limit access only to users applications through a frictionless, secure
authentication before granting access to whether or not the device is corporate- at the time of access to determine their and devices that meet your organization’s single sign-on interface accessible from
corporate applications and resources. managed, without onerous device security posture and trustworthiness. risk tolerance levels. Define, with fine anywhere, without a VPN. Protect all
management agents. Devices that do not meet the minimum granularity, which users and which applications – legacy, on-premises, and
security and trust requirements set by devices can access what applications cloud-based.
your organization are denied access to under which circumstances.
protected applications.
4
Google Chrome: Flash Usage Declines from 80% in 2014 to Under 8% Today; BleepingComputer.com; Feb. 28, 2018
User Trust
Access Policies
Single Sign-On
Duo Beyond secures access to all applications, for any user, from Duo Beyond delivers a zero-trust security platform that enables
any device, and from anywhere. Cloud-first organizations and organizations to base application access decisions on the trust
those looking for a secure, rapid transition to the cloud use Duo established in user identities and the trustworthiness of their
Beyond to protect their on-premises and hosted applications, while devices, instead of the networks from where access originates.
securing their mobile workforce and their chosen devices. Duo delivers this capability from the cloud and without reliance on
outdated, cumbersome, and costly technologies.