Each year, hundreds of state and local governments become victims of ransomware attacks that extort millions of dollars, disrupt public services and compromise sensitive data. In almost every case, malicious actors gained access to their victims’ networks by illicitly obtaining a user’s credentials and compromising their passwords.
To counter these attacks, federal cybersecurity agencies in January issued a joint advisory urging government entities to adopt a “heightened state of awareness” and to take action to improve password hygiene and access management. Among other measures, the advisory from the Cybersecurity and Infrastructure Security Agency, the Federal Bureau of Investigation and the National Security Agency asks all agencies to require multifactor authentication (MFA) for all users “without exception.”
MFA solutions are increasingly important for reducing reliance on passwords alone for controlling network access. MFA requires a combination of verification factors, such as a password or PIN along with a security token, mobile app or a biometric identifier.
Cisco can help agencies meet the new recommendations. The company has developed government-tailored versions of its Duo Security MFA solution that are designed to comply with multiple government cybersecurity standards. Agencies using Duo Security MFA are assured of compliance with the Federal Risk and Authorization Management Program (FedRAMP), the Federal Information Processing Standards (FIPS) and the National Institute of Standards and Technology (NIST) authentication guidelines.
Until recently, government agencies were required to use personal identity verification (PIV) or common access cards (CAC) for authorization and authentication. However, these smart-card technologies require card readers, making them inefficient for verifying users with mobile devices. They’re expensive as well. It has been estimated that the federal government spends more than $1 billion annually on PIV/CAC and corresponding public key infrastructure.
Cisco Duo helps agencies transition to more modern authentication practices. While it still supports PIV/CAC cards as well as hardware tokens, it also works as a mobile application that lets users register and authenticate with mobile devices. Government users can have a confirmation code sent via text message to their mobile phone for a secondary authentication technique. Security is improved because passwords or PINs are encrypted and randomly generated rather than stored on the device or in a vendor’s database.
In addition to user verification, Duo also provides detailed information about all devices on the network. That’s an increasingly important capability with more users working remotely and requiring network access from a variety of different devices. Duo’s Device Insight feature provides detailed information about all devices on the network, whether they are agency- or user-owned. Duo collects information about all devices as they authenticate and automatically flags any devices that don’t comply with company security policies. It also tracks operating system, browser and plugin versions.
A single sign-on feature creates an easy and consistent login experience. One MFA-protected dashboard gives authenticated users access to all of their applications, whether on-premises or in the cloud. Administrators can also use the centralized dashboard to set up and manage detailed access policies in minutes. You can customize policies for different users, devices, locations and many other contextual factors.
With user and device verification, increased network visibility and streamlined administration, Duo can be used to establish a zero-trust access model that limits data and application access to only those users who require it. A zero-trust model essentially assumes that everyone and everything accessing network resources is a threat until their identity has been verified and validated.
Limited resources and outdated security systems can make state and local agencies inviting targets for cybercriminals. Give us a call to learn more about using Cisco’s Duo MFA to implement highly efficient and cost-effective authentication measures that meet new federal security guidance.
Implement Multifactor Authentication