Product Releases
Stay up to date with the latest features, improvements, and security enhancements in BitLyft AIR®.
BitLyft AIR® v1.22
Expands Identity Protection with Native Duo Security Integration
MFA Is Critical - And Frequently Targeted
Multi-factor authentication remains one of the most critical controls in modern security programs and one of the most frequently targeted. With BitLyft AIR® version 1.22, we are expanding identity protection capabilities through a native Duo Security integration, enabling detection, investigation, and automated response to MFA abuse, identity compromise, and administrative risk.
This release introduces new Duo detection policies, powerful remediation actions, and out-of-the-box automation mappings, along with continued platform improvements.
New Duo Detection Policies
BitLyft AIR® now integrates directly with Duo Security, allowing teams to monitor and respond to suspicious MFA and administrative activity from within a single platform.
Identity & Account Compromise:
- Duo Activity by Disabled User - Authentication activity tied to disabled accounts
- Duo Abnormal Failed Authentication Attempts - Brute-force or password-spraying behavior
- Duo Push Flood / MFA Fatigue Detected - Push bombing attacks to coerce approvals
Privilege & Access Control Changes:
- Duo Admin Potential Impersonation - Anomalous admin actions
- Duo Admin Role Granted to User - Elevated privilege assignments
- Duo Admin Role Removed from User - Potential malicious cleanup activity
Cloud App & Identity Configuration Changes:
- Duo Abnormal Number of Users Disabled or Deleted - Mass deactivation events
- Duo MFA Policy Modified - Changes to MFA enforcement rules
- Duo Trusted Endpoint Policy Modified - Changes to trusted device requirements
- Duo Application Policy Modified - Policy changes affecting protected applications
New Duo Remediation Actions
Version 1.22 introduces a comprehensive set of Duo remediation actions to support automated response, investigations, and identity lifecycle management.
Key capabilities:
- User lifecycle management - Create, enroll, enable, disable, delete users
- Device and MFA hygiene controls - Retrieve phones, remove devices, delete compromised devices
- Authentication and admin visibility - Authentication logs, admin logs
- Access validation and audits - Groups, hardware tokens, WebAuthn credentials
These actions enable automated onboarding, offboarding, incident response, and compliance workflows without requiring manual interaction with the Duo console.
New Out-of-the-Box Automation Mappings
This release includes two new Duo out-of-the-box automation mappings, providing prebuilt detection-to-remediation workflows that accelerate response to common MFA and identity security events.
These mappings:
- Pre-wire Duo detections to remediation actions
- Enable faster containment of MFA and identity threats
- Support a consistent response for common MFA attack scenarios
No custom scripting required.
Summary
BitLyft AIR® v1.22 strengthens MFA and identity protection by extending automated detection and response into Duo Security, helping teams reduce response time, improve consistency, and manage identity risk without added operational overhead.
See BitLyft AIR® v1.22 in Action
Want to see how Duo Security detections turn into automated response in real time?
Schedule a 15-Minute DemoPrevious Releases
BitLyft AIR® v1.21
Expanded OneLogin Detections & Automated Identity Response
Expanded identity threat detection for OneLogin with new security policies, a Compromised User Account playbook, and out-of-the-box automation mappings.
BitLyft AIR® v1.20
Okta Identity Security & Automated Response
Expanded Okta detections with 13 new security policies and introduced Compromised Okta Account Automations for automated identity threat response.