The data is clear: identity is the new perimeter, and adversaries are exploiting it at an unprecedented rate. Red Canary’s 2025 Threat Detection Report found that identity-based threats quadrupled last year, with compromised credentials enabling three of the top five MITRE ATT&CK® techniques we observed.

This highlights a critical security gap. Even with foundational controls like multi-factor authentication (MFA) from a trusted provider like Cisco Duo, adversaries are relentlessly hunting for ways to bypass them. The security data these tools generate is key to spotting active threats, but few teams have the resources to analyze it around the clock.

We built our new integration with Cisco Duo to solve this exact problem. It connects Duo’s essential security data to our world-class MDR, giving your team the ability to shut down identity-based attacks in near real time, long before they escalate into a major incident.

How it works

From start-ups to large enterprises, companies of all sizes depend on Cisco Duo Security to verify user identity, establish device trust, and provide secure connections to company networks and applications. While Duo provides a powerful and trusted layer of defense, Red Canary enhances its capabilities with our unique combination of elite AI agents, automation, and human expertise.

This integration, built in partnership with customers and the Duo team, enables us to:

• Detect what others miss: We ingest and analyze a continuous stream of authentication telemetry from Duo, applying advanced analytics like user and entity behavior analytics (UEBA) to detect suspicious activity and other anomalies that signal a compromised identity.
• Investigate with AI, confirm with experts: The Red Canary Identity Investigation agent instantly triages alerts from the Cisco Duo Trust Monitor. This AI-driven analysis is then verified by our 24/7 experts to confirm threats with 99.6% accuracy, virtually eliminating false positives.
• Execute decisive response: When an identity threat is confirmed, immediate action can be taken to disable a user’s Duo account, containing the threat and preventing further unauthorized access.

What this integration means for you

By combining Cisco Duo with Red Canary MDR, you can maximize your investment in identity security and achieve a higher level of operational readiness. You will:

• Gain critical visibility into identity-based attacks by applying continuous, expert monitoring to your Duo authentication and access data
• Drastically reduce containment time—the ability to disable a user account directly from Red Canary neutralizes threats instantly
• Offload the resource-intensive work of 24×7 monitoring and alert triage to Red Canary, allowing your team to focus on strategic priorities

As the risk of identity compromise grows, the need for proactive security has never been greater. By bringing Red Canary and Cisco Duo together, you gain always-on monitoring, rapid incident response, and expert support that consistently puts you ahead of identity threats.