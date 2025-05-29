Cisco unveiled Duo Identity and Access Management (IAM), a new security solution that transforms how organizations combat persistent identity-based attacks that are accelerating in the AI era.

Identity is a prime target for bad actors, accounting for 60% of Cisco Talos Incident Response cases in 2024, because current solutions have critical weaknesses that attackers exploit. Duo IAM offers an innovative and security-first approach, with added protection built on its globally trusted multifactor authentication (MFA). Duo IAM is the latest advancement in Cisco’s long-standing commitment to user-friendly Zero Trust security.

“The security industry is facing an ‘identity crisis’ as persistent identity-based attacks are among the most dangerous and costly challenges for security teams. Attackers don’t need to hack in, when they can simply log in,” said Jeetu Patel, President and CPO, Cisco. “While identity is the foundation of strong security, traditional IAM solutions have failed to prioritize security despite increasingly sophisticated threats. With this massive innovation, Duo is moving beyond MFA and restoring trust in identity security with a fundamentally different approach that attackers hate and users love.”

Security-first identity and access management

According to Cisco’s 2025 Cybersecurity Readiness Index, nearly a third of companies worldwide rank identity as their top cybersecurity challenge, but traditional IAM solutions often treat security as optional rather than foundational. Purpose-built to protect against modern identity threats, Duo IAM enables organizations to securely manage their entire identity infrastructure.

Duo includes a new User Directory to simplify storing user identities – including usernames, emails, and roles – and managing their access to resources. Paired with its existing capabilities including MFA and Single Sign On (SSO) to provide users with simple, easy and secure access to hundreds of applications from one login page, Duo now offers customers a comprehensive IAM solution.

Open and flexible, Duo IAM also integrates effortlessly with existing third-party identity systems. The new Identity Routing Engine allows Duo to integrate with many identity providers either as an identity broker or as a secondary identity provider. Incorporating security by default, Duo IAM frustrates attackers, while improving user experience and management costs. The Cisco AI Assistant is embedded in Duo to help organizations easily deploy and manage the new solution out-of-the-box.

End-to-end phishing-resistance

AI has accelerated the scale and complexity of account takeover through automated agentic social engineering. In response to rising threats, globally trusted Duo MFA now delivers the strongest form of authentication, without sacrificing convenience or purchasing expensive hardware keys. Recent innovations strengthening end-to-end phishing resistance include:

Complete passwordless: New option ensures a secure authentication experience without users ever having to use or remember a password.

New option ensures a secure authentication experience without users ever having to use or remember a password. Proximity verification: This capability uses Bluetooth Low Energy (BLE) to ensure a user’s mobile and access devices are near each other when authenticating.

This capability uses Bluetooth Low Energy (BLE) to ensure a user’s mobile and access devices are near each other when authenticating. Session theft protection: New enhancements to Duo Passport remove the reliance on browser cookies from authentication, protecting against session theft and hijacking.

Unified identity intelligence

Identity infrastructure is complex and often disconnected, creating blind spots where attacks and vulnerabilities go unnoticed. To help organizations continuously monitor and respond to changes in identity risk, Duo IAM integrates with Cisco Identity Intelligence, connecting identity and access data across the Cisco Security Cloud platform.

With AI-driven behavioral analytics and Cisco’s unmatched reach into the network, organizations gain comprehensive visibility, threat detection, and the ability to take graduated responses like quarantining an identity, killing active sessions or isolating the network.

“Cisco Duo has been a trusted security partner when it comes to MFA, and in today’s environment we’re eager to use these new capabilities to fight growing identity-based attacks,” said Todd Perrault, SVP of Client Advisory, Optiv. “Duo’s expanding suite of identity and access management solutions will deliver even stronger results for our customers with a security-first approach to identity while providing reduced friction for end users.”

“Identity breaches are no longer the exception—they’re the rule. Seeing a trusted security brand like Duo broaden from access management to include identity management and provide a security-first approach in the market is both timely and refreshing,” said Todd Thiemann, Principal Analyst, Enterprise Strategy Group. “Duo’s commitment to maximizing security while minimizing user and admin friction is exactly what the industry needs. In particular, their approach to end-to-end phishing resistance marks a major leap forward, not just in security, but also in ease of deployment, to combat the latest identity threats.”