Integrating Hysolate with Cisco Duo

Yariv Halpern
July 29, 2021
Hysolate Duo

IT and Security teams are wary of employees or contractors accessing sensitive corporate data outside of the company firewall, especially from untrusted endpoint devices. Secure Access solutions allow users to access the necessary sensitive data, without the risk of malware infiltrating the endpoint and compromising the data, or data leakage (either malicious or accidental).

For true secure access though, one solution often isn’t enough, and layers of authentication are needed. This is why Hysolate Workspace offers the option of adding layers of authentication to the isolated OS environment itself, for example access only with a pin code, or online authentication. The drawback of these methods is that you need to be online to complete the authentication, or the required pincode is static, which is less secure than a multi factor authentication pin code. Additionally, with online authentication, the browser can cache the credentials, opening up security gaps at the browser level.

What is Cisco Duo?

Cisco Duo is an identity and access management solution with several advantages. It is cloud based, very easy to deploy, and offers a free trial version. Cisco Duo offers organisations the ability to strengthen authentication processes, without the complexity of installing on-prem or complex integrations.

What value does Cisco Duo give?

One of the key challenges facing enterprises is how to protect a workspace while it is offline. Hysolate Workspace offers encryption and authentication integrations, but traditionally, strong authentication usually requires being online, for example connecting to the identity provider. What Duo brings to the table is the ability to add strong authentication, even when the device is offline.

With Cisco Due you can also remotely lock out a user, if security has been breached, even if your user’s device is offline. You can also control how many sessions a user can access, and you can revoke access from the Duo console, ideal for contractor access, or for employees who need limited access to sensitive data.

Enterprise authentication can include certificate management, which can be a headache when managing contractors. With Duo you don’t need certificate management (although you can choose to apply it, for additional security).

Integrating Cisco Duo with Hysolate Workspace

Hysolate Workspace provides an isolated OS for accessing risky or sensitive activities, which runs locally on a user’s endpoint, but is managed from the cloud. Hysolate is available offline, unlike Windows 365, (Microsoft WVD) which is only available online. Combining Hysolate Workspace with Cisco Duo creates a strong, multi-layered, secure access solution that continues to protect user endpoints, even when the endpoint device is offline. Integrating the two solutions also means that admins can also limit user access to certain times, or to a certain number of access sessions.

On the user side, the experience of integrating Duo with Hysolate Workspace is seamless. The user will be asked to provide a token from their mobile device, even if both their mobile device and Workspace are offline. This turns their Workspace into a “secure vault” – perfect for extra protection when working with contractors, or users accessing corporate data from untrusted devices.

How does it work?

  1. For users who have Workspace integrated with Duo, the admin creates a policy that replaces default Workspace login with Duo Windows login agent
  2. Notice the agent is installed inside Workspace, regardless of the authentication method used for the primary environment.
  3. The Duo Windows login agent is configured from the Duo management console, to allow offline login.


4. The entire process is automated, so the user gets a seamless experience

Ready to get started? Request a Hysolate demo, or try out Hysolate Free here.

Yariv Halpern

Yariv is a Security Solution Architect, with more than 15 years of experience in various engineering roles. He started as a VLSI designer, Moved to Systems Engineering at Cisco Systems then joined the Cyber Security community working for companies like Fortinet. Yariv Holds a B.Sc in Electrical Engineering from Tel-Aviv University. He is a certified Cisco Instructor, actively teaching official cyber security courses at college.