Friday, February 14, 2020

Double authentication is another necessary step to data security

Cyber ​​security specialists should be aware of the potential risks associated with weaknesses resulting from insufficient authentication mechanisms of network users. Cyber ​​criminals are able to successfully steal login credentials using a number of techniques, including phishing. On the one hand, the method of defense, although requiring time, is accurate knowledge about threats and their evolution, as well as tactics of phishing scams used by cybercriminals. On the other hand, security measures in the cloud come to the rescue.

Cisco Firewall Experts point out the two most important challenges related to data security and the mechanisms that help protect:

1. Lack of Proper Supervision


Modern company networks consist of local infrastructure on the client side and applications operating in the cloud model. It is worth remembering that to access company resources, many users use their own devices (BYOD). This causes a situation in which many devices connect to the company network without proper supervision of IT departments. At the same time, in addition to employees, access to the network may be needed by external suppliers and business partners, who usually require more limited access and should be separated from the employee base. Unfortunately, not all organizations apply greater restrictions to this group in terms of access and security policies.

The Cisco Duo Security security mechanism is not only two-factor authentication, but also an insight into the terminal devices, providing secure access to both cloud applications and those operating locally on the client side - regardless of whether it is a corporate device or private.

By integrating with any cloud-based software, authentication enables secure access to popular Office 365 family applications, CRM systems (e.g. Salesforce), and cloud drives. At the same time, thanks to the fact that it is based on the cloud itself, the Cisco Duo Security solution can be scaled as the company's needs evolve. It is also possible to set stricter rules for access to the company network, e.g. for the third parties mentioned above (e.g. by blocking access from the proxy, Tor network or specific geographical areas).

2. Stealing Login Details


According to the Verizon Data Breach Report, as many as 81% of user account hacking cases were associated with the fact that passwords were too weak or were stolen. Thanks to the access to the corporate network obtained in this way, cybercriminals can try to obtain greater rights and penetrate other systems, servers or company applications. At the same time, going further, the attackers are trying to install malware programming on internal systems to get permanent and, worse, invisible access to the network.

Multi-factor authentication is an effective tool against user identity theft. The attacker would need not only to get his login details, but also to physically access his device to launch the attack. For proof of identity, Cisco Duo Security offers users various methods of multi-factor authentication, thus providing easy access to internal applications. Together with the AnyConnect VPN application, the solution provides: Duo Push, one-time passwords (OTP), verification via a telephone connection and token (both SMS and physical). IT administrators have the option of running one or more authentication options based on the current needs of users or the environment in which they operate.

Responding to the rapid evolution of IT environments, Cisco Duo Security provides an adequate level of protection for all users of the company's network, connecting to any application, using any device and from anywhere, "says Mateusz Pastewski, Cyber ​​Security Solutions Sales Manager at Cisco Polska. "This is especially important in the dynamically developing multi cloud environment, also hybrid, when IT teams are responsible for protecting hundreds or even thousands of different network access points.

How can Field Engineer Help

Are you looking for cybersecurity engineers in your area? Field Engineer, a global freelance field engineer marketplace, is here to help. It contains an extensive pool of 50000+ talented freelancers. Sign up today so that you can find the right candidate as soon as possible.

Also Read: Cyber Security Tech

No comments:

Post a Comment