惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

C
Check Point Blog
GbyAI
GbyAI
奇客Solidot–传递最新科技情报
奇客Solidot–传递最新科技情报
U
Unit 42
美团技术团队
NISL@THU
NISL@THU
C
Cisco Blogs
SecWiki News
SecWiki News
N
Netflix TechBlog - Medium
Forbes - Security
Forbes - Security
Cloudbric
Cloudbric
雷峰网
雷峰网
T
Tailwind CSS Blog
博客园 - 司徒正美
The Register - Security
The Register - Security
L
LangChain Blog
S
Security Affairs
Hacker News - Newest:
Hacker News - Newest: "LLM"
B
Blog
OSCHINA 社区最新新闻
OSCHINA 社区最新新闻
T
Threat Research - Cisco Blogs
I
InfoQ
S
Schneier on Security
L
Lohrmann on Cybersecurity
量子位
cs.CL updates on arXiv.org
cs.CL updates on arXiv.org
Martin Fowler
Martin Fowler
Schneier on Security
Schneier on Security
F
Fortinet All Blogs
TaoSecurity Blog
TaoSecurity Blog
K
Kaspersky official blog
Google DeepMind News
Google DeepMind News
Cisco Talos Blog
Cisco Talos Blog
PCI Perspectives
PCI Perspectives
Attack and Defense Labs
Attack and Defense Labs
WordPress大学
WordPress大学
Microsoft Azure Blog
Microsoft Azure Blog
H
Help Net Security
Project Zero
Project Zero
The GitHub Blog
The GitHub Blog
D
Docker
N
News | PayPal Newsroom
K
KPMG report finds enterprise disconnect between AI and its ROI | CIO
H
Hacker News: Front Page
云风的 BLOG
云风的 BLOG
Microsoft Security Blog
Microsoft Security Blog
freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More
博客园 - 聂微东
Webroot Blog
Webroot Blog
MongoDB | Blog
MongoDB | Blog

The Duo Blog

Active Directory security: how to stop modern threats | Cisco Duo Duo + PlainID: Dynamic Authorization Meets Enterprise Identity | Cisco Duo Continuous identity security explained | Cisco Duo Salesforce The modern MFA toolkit: push, biometrics, and security keys | Cisco Duo Cisco Duo Identity Summit Preview | Cisco Duo Duo Brings Identity and Authorization Across AI Agent Gateways | Cisco Duo Passwordless for Microsoft 365 starts with federation Custom Admin Roles: Granular control for every Duo admin Token theft, vendor abuse, and the new identity threat surface How Duo Directory automates user lifecycle management Cisco Systems Named a Customers’ Choice in Gartner Peer Insights™ 2026 Voice of the Customer for Access Management Identity provider resilience: backup and split IdP approaches | Cisco Duo Agentic AI Security: Three Threats Your Team Should Know | Cisco Duo IdP Concentration Risk: Why Single-IdP Dependency Puts You at Risk | Cisco Duo Endpoint Management as an Attack Vector: Lessons from Stryker | Cisco Duo Passwordless authentication without cookies: Duo Push updates Introducing Duo Agentic Identity Solving the double prompt: Better UX with AMR in Duo SSO Simplify compliance with MFA, device trust, and policies Cisco Systems Named a Customers’ Choice in Gartner® Peer Insights™ 2026 Voice of the Customer for User Authentication Why identity-led security matters for MSPs right now The Hitchhiker’s Guide to Shibboleth Launching Active Directory Defense: Strengthen On-Prem AD Security | Duo Security Industry specific IAM for MSPs Duo delivers: 99.99% uptime SLA for every customer Cisco Secures 125K user identities with Duo while advancing passwordless journey NIST AAL2/3 compliance with Duo Mobile Proximity Verification From protocol to practice: Secure the AI agent ecosystem with Duo How to secure the holidays & prep your 2026 IAM strategy Simplify MSP technician authentication with Duo Delegated Access Standing out in a crowded MSP market Securing for third-party risk with Duo for identity management Thwarting adversary-in-the-middle attacks with Proximity Verification OAuth 2.0's next chapter: Enabling the AI security revolution The dawn of a simpler, helpful policy experience
Secure client access at scale with Duo and Meraki | Cisco Duo
Janet Ho · 2026-04-21 · via The Duo Blog

Industry News

Headshot of Janet Ho, Duo Product Team

4 minute read

Many MSPs are helping clients build a stronger security foundation. But getting there isn't always straightforward. It takes time, resources, and alignment across teams. Yours and theirs.

Meanwhile, threats aren't waiting.

Attackers aren't breaking in anymore. They're logging in.

Many of your clients still rely on passwords and legacy access controls that weren't designed for today's attacks that target logins, not systems. Some have MFA in place, but the challenge is coverage and effectiveness. Ensuring it's enforced at the right access points and resistant to modern phishing attacks.

According to Cisco Talos' 2025 Year in Review, VPNs are one of the top identity control points attackers target because VPNs authenticate users with credentials, and credentials get stolen. Without phishing-resistant MFA on the VPN, a stolen password is all an attacker needs to create a fully trusted session and move freely as a valid user. No forced entry. No alerts.

And they're not stopping at the VPN. Talos found that MFA itself is under direct attack: device compromise attacks where attackers fraudulently register their own device as a trusted MFA factor surged 178% in 2025.

That's not a technology failure. That's your clients' exposure.

According to Microsoft's 2025 Digital Defense Report, phishing-resistant MFA blocks over 99% of identity-based attacks, making it one of the most effective controls you can deploy across your client base.

At the same time, expectations are rising.

Your clients are being pushed to adopt stronger access controls as users, devices, and applications connect from everywhere. But in practice, rolling out these frameworks introduces friction. New policies to configure, identity and device signals to align, and controls to integrate across existing systems.

For MSPs, this gets harder at scale.

Managing multiple tenants, stitching together tools from different vendors, and maintaining consistent security policies across client environments increases operational overhead, drives up costs, and pulls focus away from what actually matters: reducing client risk.

This is the gap most MSPs are feeling: high client expectations. Limited capacity.

Ready to take the first step? The Service Creation Guide walks through how to package identity-led access security into a scalable, revenue-generating managed service. If you have clients to bring along, the at-a-glance gives them a quick summary they can act on today.

Cyber insurers are also raising the bar. They're no longer satisfied with checkbox compliance. They expect continuous validation that controls like MFA are actively enforced. Your clients need to demonstrate measurable identity security to maintain coverage and manage premiums. As their trusted security partner, MSPs are on the hook to help them prove it.

So where do you start?

You don't need to overhaul everything. You need to focus on where attackers actually get in. Small steps starting with securing access can reduce client risk today while moving them toward a security model where only the right people get in, without introducing extra work for your team.

If you're looking for immediate traction across your client base, start with the access points attackers rely on most—VPN, Wi-Fi, and administrative systems. Critical access points like Remote Desktop Protocol (RDP) and server logins are often overlooked or inconsistently protected across client environments, especially in hybrid setups. Extending phishing-resistant MFA to these remote desktop and server logins closes another common gap and gives you another high-value control point to offer clients.

Cisco Duo verifies identity using phishing-resistant MFA and adaptive access policies. Meraki enforces access at the network layer.

Together, they secure VPN, Wi-Fi, and administrative access across your clients without adding complexity or slowing your team down.

Here’s what Cisco Duo and Meraki deliver:

Without Duo + Meraki

With Duo + Meraki

Shared credentials across client sites

Duo verifies identity and device trust before granting access

Siloed identity and network data

Correlated audit trails in one place

Complex multi-vendor rollouts

Fast deployment, up and running quickly

Reactive compliance evidence gathering

Exportable logs ready at renewal time

Duo and Meraki give your team clear audit trails, exportable compliance logs, and fast deployment across every client. And with Duo Essentials, you also get passwordless authentication and single sign-on (SSO) — so users get a smoother login experience while your team avoids managing multiple credentials across every client.

This doesn't have to be an all-or-nothing transformation. For your clients, meaningful progress starts with securing how they get in. Lock down access first. Everything else follows.

Frequently asked questions

  • What is phishing-resistant MFA and why do MSPs need it?

    Phishing-resistant MFA uses advanced methods like cryptographic, passwordless authentication (e.g., FIDO2/WebAuthn) or proximity-based verification to block identity-based attacks. These approaches ensure that even if credentials are stolen, attackers cannot bypass authentication. By using extra layers of security, like secure codes or checking if a user is nearby, it ensures only the right people can access sensitive systems, making it essential for MSPs.

  • How do Cisco Duo and Meraki work together to secure client access?

  • Why are cyber insurers requiring phishing-resistant MFA?