Cisco Duo has announced a new Identity and Access Management (IAM) solution to protect organizations from identity-based attacks. Duo IAM builds on the existing Duo MFA platform.
Identity is a popular attack vector for malicious actors. According to Cisco Talos Incident Response, these attacks accounted for 60 percent of all incidents in 2024. The new Duo IAM aims to change this by taking a security-first approach.
The Cisco Talos team is not alone in this conclusion. Okta has also argued that identity is essentially security nowadays, particularly because identities are the way attackers gain access to an IT environment “through the front door”, so to speak.
Phishing resistance without hardware
The new solution introduces several innovations in the field of authentication. Complete Passwordless eliminates passwords from the login process. This is a logical step, as relying solely on this form of account protection leads directly to simple, crackable identities. Proximity Verification uses Bluetooth Low Energy to verify that a user’s mobile phone and access device are actually in close proximity to each other. Session Theft Protection makes Duo Passport less dependent on browser cookies, which provides protection against session theft.
These features are a response to the rise of AI-driven attacks. These include phishing, which is more convincing than ever, as well as social engineering. In addition, there are so-called “agentic attacks,” which make account takeovers easier than ever thanks to an increased level of automation on the part of attackers. Duo IAM aims to counter this without organizations having to purchase expensive hardware keys for every employee.
User Directory and Identity Routing
In addition to security enhancements, Cisco Duo is expanding its functionality with a User Directory for managing user identities. This includes user names, email addresses, and roles. Combined with existing MFA and Single Sign On capabilities, this creates a complete IAM solution.
The new Identity Routing Engine enables integration with external identity providers. This allows Duo to act as an identity broker or secondary identity provider. This flexibility is crucial for organizations that want to platformize identity without completely replacing existing systems.
Incidentally, Cisco does not intend to completely replace other identity options; it wants to integrate with them. We are not talking about parties that profile themselves as purely identity-based, but also general security options. Cisco’s desire to integrate rather than replace was also evident last year when the company introduced Identity Intelligence to detect IAM hacks. Information from systems such as SailPoint, CrowdStrike, Okta, and more should enable Identity Intelligence to detect active threats as quickly as possible.
Identity Intelligence integration
Duo IAM integrates with this Cisco Identity Intelligence offering to give organizations greater insight into identity risks. This connection to the broader Cisco Security Cloud platform provides AI-driven behavioral analysis and threat detection. This enables organizations to execute graduated responses, from quarantining an identity to terminating active sessions.
Jeetu Patel, President and Chief Product Officer at Cisco, concludes that attackers simply log in instead of hacking. This reality highlights why traditional IAM solutions often fall short. Duo IAM wants to put security back at the center instead of treating it as an optional add-on. That is the ultimate goal.
The new solution is part of Cisco’s broader platform strategy, which increasingly integrates networking, security, and collaboration. With the Cisco AI Assistant for Identity, organizations can more easily implement and manage the solution.