Enhancing Security Through Automated Code Checking: A Case Study on Cisco Duo Security
- Application Infrastructure & Middleware - Middleware, SDKs & Libraries
- Cybersecurity & Privacy - Application Security
- National Security & Defense
- Telecommunications
- Logistics & Transportation
- Product Research & Development
- Tamper Detection
- Time Sensitive Networking
Duo Security, a part of Cisco, is a leading provider of unified access security and multi-factor authentication delivered through the cloud. Despite being a successful security company, Duo was interested in innovative security solutions that could provide an additional layer of protection to their code. They were particularly intrigued by a technology that could automatically double-check their code and common code libraries quickly and seamlessly. While they had never had a major problem, this “sanity check” sounded like a great idea. However, they insisted on a solution that was well-designed, technically advanced, lightweight, efficient, and did not consume a lot of resources or slow them down. Before Data Theorem, Duo used key materials, checked how things were communicating over the network, and ensured users followed best security practices. They confirmed their code through automated tests, manual checks, etc. but were intrigued by the idea of a third-party 'sanity check', providing an extra layer of protection to ensure nothing is ever missed.
Duo Security, now a part of Cisco, is a leading provider of unified access security and multi-factor authentication delivered through the cloud. Duo is fanatical about practical, down-to-earth security. They address real-world problems that mobile users encounter, such as preventing phishing, simple security authentication and security hygiene problems. Their app also enables administrator controls and sets minimum access requirements for each device. Duo provides security services to companies such as Facebook, Paramount Pictures, Random House, Toyota, Twitter, Zillow and many more. With easy-to-use technology, both small and very large companies can quickly deploy Duo’s products to protect users, data and applications from a host of threats such as breaches, credential theft and account takeover.
Data Theorem provided the solution Duo was looking for. It scans Duo's mobile app both in pre- and post-production, identifying any code issues and integrating with Google and Apple's beta testing structure to ensure apps meet all security and platform criteria to avoid being rejected by either store. Results are displayed on an easy-to-use dashboard that alerts them to P1 issues, as well as notifies Duo when common app libraries have vulnerabilities. These alerts save triage time and enable Duo to get a jump on managing the issue. Data Theorem’s notifications detail the problem, provide developers with clear examples of what to fix, and offer relevant documentation and APIs to significantly reduce the forensic research work. This enables Duo to stay ahead of the curve and fix any vulnerabilities before they become big issues. Duo’s developers were excited that Data Theorem also provides regular tips and updates on current state-of-the-art features, it helps keep them up-to-date on new features, development cycles and enhancements.