New Duo Platform ID's Vulnerabilities From Old Tech

ANN ARBOR — A new platform from the Ann Arbor IT access control provider Duo Security enables organizations to prevent data breaches by identifying and mitigating out-of-date and unsecured employee devices that access their networks.

The new capabilities added on Duo’s two-factor authentication product, the Trusted Access program identifies risks on PCs, Macs, tablets and smartphones.

These devices, which often run outdated browsers, plugins, and operating systems, pose a significant security threat for organizations. In fact, according to a recent survey with TechValidate, 57 percent of IT administrators say that they have zero visibility into what devices are accessing their networks. In other words, more than half of organizations are flying blind when it comes to access security.

Duo Labs, the research team at Duo Security, discovered that:
* 80 percent of personal devices use Flash, which bring more than 300 vulnerabilities with it
* 32 percent of employees are using outdated versions of Internet Explorer, which have more than 160 new vulnerabilities discovered in just the last 3 years
* 22 percent of personal devices have outdated versions of Java, which has more than 250 known vulnerabilities

Each vulnerability has the power to open organizations to attacks that can lead to breaches. These result in confidential data leaks, damage to brand reputation, financial losses, and a decay in customer trust.

Traditional solutions to the problem, such as endpoint vulnerability management and mobile device management products, required agents installed on every employee device. Many employees simply did not allow their employers to install agents on their personal devices, causing IT teams to have zero visibility into the security hygiene of these devices.

Duo also announced new reporting and policy capabilities. Not only can security and IT professionals identify personal devices accessing their networks, but, they can also see which operating systems, browsers, Flash and Java editions are most at risk of causing a data breach. With this information in hand, Duo now allows administrators to set policies on any applications that devices can access — all this without installing any agents.

“Agents are a pain for administrators to manage,” said Ash Devata, vice president of product at Duo. “We offer enterprises the visibility they need, without the need to install an agent on any device.”

Duo Platform Edition users now automatically have access to all new features. Pricing for Duo Platform remains at $6 per user per month. Visit for more information and to start a free trial.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.