The partnership between Duo and Exabeam allows Duo’s zero-trust authentication technology to be used as a trigger by the Exabeam SIEM throughout the user session, and not just when the user logs in.

Unified Access vendor Duo Security, which was recently acquired by Cisco for $2.35 billion, has announced a partnership with next-gen SIEM vendor Exabeam. The integration extends the zero-trust capabilities of Duo’s zero-trust authentication and device logs to Exabeam’s Security Management Platform, improving its automated monitoring and incident response by reducing credential-based threats, by blocking or denying suspicious user accounts and invoking two-factor authentication to verify users’ identities.

These strategic relationships are fundamental to Duo Security’s go-to-market strategy.

“One of our competitive strengths is our ability to integrate across the stack.”  said Ruoting Sun, Manager of Technology Partnerships, Duo Security. “We have two tiers of integration partners  — Select and Ready. We have about 300 vendor partners overall. Most are Ready partners, and are around application access for multi-factor authentication. Beyond that, we have a smaller number of very strategic partnerships with remote access, endpoint detection and response, endpoint management and identity identity management vendors, and these make up the Select partnerships. We have between 15 and 20 of those, including Exabeam, and we explore go-to-market relationships with those as well.”

This integration of Duo’s zero-trust platform with Exabeam’s Smart Timelines lets organizations track user behavior and initiate automated responses to reduce credential-based threats, which remains the top case of security breaches,

“Time to value is critical and the ability of a a security team to respond quickly to a suspected breach is critical,” Sun said.  “This integration provides the Exabeam SIEM which Duo authentication and endpoint dat. It also removes the need for manual remediation by automating the ability of security teams to respond in real-time. It also provides the zero-trust capabilities of our dual factor authentication protection beyond the original point of access when you log in, to enforce these policies throughout the user session.”

Through the integration, the Exabeam SIEM uses its analytics and machine learning capabilities on the authentication and device data about the Duo session that Duo provides, to identify anomalies that may be risky behaviors or threats.  Exabeam then prompts Duo’s adaptive multi-factor authentication during the session itself to verify the user, which is what extends this capability beyond original access. If the user doesn’t approve, or doesn’t respond, Exabeam takes containment actions and/or notifies the SOC.

“We have many strategic partnerships, since we need to be able to satisfy all needs,” said Chris Stewart, Sr. Director, Business & Corporate Development at Exabeam. “However, the Duo relationship is special because we share similar foundational elements. We both emphasize taking the burden off of overstaffed people, as well as emphasizing user experience.”

Duo has a hybrid channel model, which has been mainly direct in the past, although the percentage of channel business has been increasing. Exabeam, however, is 100 per cent channel, and Stewart said that this partnership will be an important add for partners.

“Speed to value is something that everyone has long wanted, but that you seldom actually get, but which this partnership provides,” he said. “It’s important for partners because being able to show a quick path to value and to solve customer problems are indispensable for them.”