Closing the Identity Security Gaps in Duo’s 2025 Security Report

Cisco Duo’s 2025 State of Identity Security report is a wake-up call. Identity security remains the most vulnerable layer of enterprise defense, yet many organizations still treat it as an afterthought. The findings show stark challenges around confidence in identity providers, late-stage security involvement, fragmented visibility, and rising third-party and insider threat risks. At Verosint, we believe these gaps point directly to the need for a better approach based on Identity Threat Detection and Response (ITDR), something the Duo report also covers.

Let’s summarize a few highlights:

Confidence in Identity Providers Is Dangerously Low

Only 33% of security leaders are confident their identity provider protects against identity-based attacks. That number should alarm every board and CISO. Identity providers (IdPs) are excellent at access enablement—but they are not designed to detect or stop abuse. That’s why Verosint layers ITDR on top of IdPs, delivering continuous monitoring, anomaly detection, and risk scoring to catch what IdPs were never built to see.

Identity Security Comes Too Late in the Process

The report highlights that 74% of IT leaders admit identity security is often an afterthought—inserted only after infrastructure decisions have been made. This creates systemic misalignment between architecture and risk. Verosint argues that identity security must be designed in, not bolted on. Our “Identity SIEM” capabilities turn identity from a late-stage add-on into a first-class signal stream—integrated early, continuously, and without the cost sprawl that plagues traditional SIEMs.

Fragmented Visibility Creates Blind Spots

A staggering 69% of organizations lack full visibility into identity vulnerabilities. Blind spots—like orphaned accounts, risky behavioral anomalies, fake accounts, unexplained VPN usage—are exactly where attackers thrive. Verosint addresses this with unified visibility by consolidating fragmented identity signals to uncover patterns invisible to IAM platforms and siloed tools.

Insider and Third-Party Threats Are Surging

With 86% of leaders worried about inadequate security controls and 57% reporting unauthorized employee or contractor access, the perimeter is no longer just about external attackers. Contractors, vendors, and insider employees are increasingly becoming identity risks. Verosint’s ITDR capabilities detect subtle indicators of misuse across internal workforce and external customer/contractor accounts—all in one platform—so organizations can enforce the same vigilance for internal and contractor identities as they do for external users.

Verosint’s Perspective: Moving Beyond the IdP

Duo’s data underscores what we see daily: identity providers enable access, but they do not provide sufficient identity security required for modern threats. Organizations that treat IdPs as the final word in identity defense are left exposed to fake accounts, insider abuse, and sophisticated identity-driven attacks. Verosint ITDR closes those gaps by elevating identity signals to the forefront of detection and response, provides cost-effective capabilities to avoid the exponential pricing of traditional SIEMs, and delivers visibility and control across employees, contractors, and third-party accounts.

The Duo Security report shines a light on how far the industry still has to go in identity protection. Verosint is providing the missing layer: real-time, identity-first detection and response. Learn more about Verosint ITDR.

‍