Duo Security, a cloud-based Trusted Access provider protecting the world’s largest and fastest-growing companies, today announced new research results examining the security health of Android and Microsoft devices in the enterprise.
These new findings were released in conjunction with the announcement of a new version of Duo Security’s Trusted Access Platform. The new platform introduces features to help protect against these vulnerabilities, blocking access to devices with out-of-date browsers and operating systems.
The findings highlight that a significant proportion of devices are running out-of-date browsers, leaving enterprises susceptible to security vulnerabilities.
- Across one million Android devices analyzed, 59% are running out-of-date Chrome browsers, 30% are not passcode protected, and more than 20,000 had been tampered with.
- Across three million devices analyzed, the dominant browser platform is Chrome (36%) followed by Internet Explorer (29%), Firefox (12%), Safari Mobile (8%), Safari (7%), Chrome Mobile (3%), Microsoft Edge (3%), AppleMail (1%), and Chrome Mobile iOS (1%).
- Browsers running old and vulnerable versions of Flash are Internet Explorer (62%), Safari (32%), Firefox (32%), and Chrome (only 11%). Security flaws in old versions of Flash can result in data leaks and remote code execution, allowing an attacker to take control of an affected system.
New Version of Duo’s Trusted Access Platform Now Available
On the heels of the introduction Duo’s Single Sign-On, the company announced a new version of its Trusted Access platform. For this new version, Duo:
- Introduced new access control features that allow administrators to limit application access to specific platforms and requires that users have the latest versions of software to access critical applications. For example, administrators can set a policy that requires users that access corporate financial applications to be on the most up-to-date operating systems and browsers.
- Added integrations with Oracle Access Manager, CA Siteminder, and Workday to its more than 200 out-of-box integrations with cloud and web applications as well as VPNs.
- Became the very first vendor ever to integrate with the Google’s SafetyNet APIs. The partnership between Duo and Google makes Bring Your Own Devices (BYOD) significantly safer in corporate environments.
According to Michael Hanley, Duo’s Director of Security, “Using the SafetyNet API, we are able to deliver a leap-ahead advancement in assessing the trustworthiness of an Android device in an easy way.”
Through its integration with the Google’s SafetyNet APIs, Duo’s tamper detection can now identify tampered Android devices, in addition to rooted/jailbroken status. With the inclusion of SafetyNet attestation in Duo’s Trusted Access platform, administrators can now set policies to allow only trusted devices to access their company’s sensitive data, blocking any tampered Android devices.