Cisco Duo Reviews

We use Duo Security for multi-factor authentication.

The product makes our organization more secure.

Duo is reliable and easy to use. I’m pretty happy with all of the features. The user experience is pretty good. People without any technical background can run the applications without any issues.

The technical engineers in the first line of support should improve their knowledge. We often have to bounce all the cases to different levels.

I have been using Duo Security for more than ten years.

Technical support is pretty responsive. When there was an issue, support was able to provide a solution.

Neutral

From the security team’s perspective, the solution is pretty easy to deploy. From an end user’s perspective, it is very easy to download it and add the device to the profiles.

We deploy the solution in-house.

The pricing is reasonable.

Since I'm not an admin, I don't know how the device gets set up. The product is pretty good at securing our infrastructure. It protects everything and hardly leaves anything open. The infrastructure is secured.

Duo Security cannot do it all when it comes to reducing the risk of breaches. It can probably provide up to 50%, and the rest depends on the user. Things like phishing emails depend on the user. There is nothing that Duo Security can't do. The product does a pretty good job of protecting the infrastructure.

Duo Security’s user authentication and device verification are very good and very reliable. When we get a message to upgrade, we upgrade the tool. I don't have to spend a lot of time to get the device up to date.

The solution is reliable for establishing trust for every access request. It definitely is able to establish trust for the identity to protect the infrastructure. Our organization doesn’t necessarily believe that all resources must be considered external. We try to strike a balance between convenience and security. We don't treat everything as external. We keep certain internal stuff that doesn't have to go through the authentication.

The product increases the awareness of the employees about cybersecurity. Every time I log in, a Duo box pops up saying that I am authenticated and not leaving everything wide open. Try it and get a trial base, and then you will see the difference the tool can make.

Duo is the first platform that we used. My organization did an analysis to see how many potential attacks we'll have and how much money will be lost if we do not deploy Duo. I am not sure about the metrics, though.

Overall, I rate the product a nine out of ten.

We use it for security in general. We were looking for something that would integrate with what we already had and that would give us an extra layer of security on top of what we were doing. Since a lot of people were starting to use a lot of handheld devices and equipment at home, we wanted another layer in there.

It hasn't done as much in terms of remediation as it has just flat-out in prevention. Duo has done a very good job in making sure that a problem doesn't become a bigger problem. It's done that very well.

We like the different ways that it allows you to push notifications to people. It can do text, a phone call, and email. We liked the versatility for all of our different end-users, regardless of their level of understanding of the technology.

It does a very good job of helping workers feel safe and secure and supported. Some people view it as just another layer of things that they have to go through, but the simplicity of use, such as being able to call in if they need to, or receive a text, takes into account all levels of end-users and what it takes to get that authentication from them.

It is also important that the solution considers all resources to be external. When you already have certain pieces of security in place, it's really difficult to just rip everything out and replace them. You need something that can start as a standalone solution and then slowly work its way into the rest of your corporate network. When we changed buildings, we had a lot of people working at home for the first time and suddenly using different devices to do their day-to-day jobs, so that aspect became very important.

When it comes to supporting an organization across a distributed network it becomes very important, again, because the traditional method of backhauling security solutions to a central point gets very dicey. It starts to generate a lot of traffic across a wide area. And what happens if some of that can't get back to you? Or what happens if you're dealing with low bandwidth or other scenarios? Plus, depending on where you're at, they may view that as some kind of encrypted back tunnel and not let that happen. Whereas Duo, because it's more distributed and it's trusted out there, allows you to drop something in on a footprint on a very large scale. Before, it would've been a nightmare to get all that configured properly and working.

In addition, the single pane of glass management is very important because security is an extremely complex issue. If you have all these different windows to look at, you're not sure if somebody was looking at this window at this particular time, or if they were over there at that window and missed something. The single pane of glass is very important because the biggest enemy of security is complexity. If you miss something because somebody is not watching the right dashboard, it can blow right by you.

The single pane of glass management does a pretty good job of helping to optimize the user experience, in my particular role. And from what I hear from my team, they're very happy with it. They feel it does a good job for the clients and they love the simplicity.

There could be improvements made to the dashboards and more integration with the rest of the Cisco ecosystem. Duo was clearly purchased, and Cisco has a lot of other panels for their Firepower products, et cetera. They need to continue bringing it, Umbrella, and the endpoint pieces even more together and make the integration a little more seamless among all of them.

Our company has been using Duo Security for about two years.

It's very stable. I don't think we would have gotten it if it wasn't stable. It obviously had set quite a reputation before Cisco acquired it, and that has continued.

The scalability has worked great for us. We've not had any issues with it.

My team gives demonstrations of Duo regularly. The number-one piece of feedback that we get from people is that they like the simplicity. They like the windows, that it's easy to set up, and the features. There are different features and you don't have to turn them all on right away. You can turn on the basic features and get the authentication piece. They like the ability to then drill down and turn on some of those extra features because they don't have to ramp up straight away. They can turn on the basics and be in good shape. Then, if they want to keep tweaking it and turn on all the other pieces, it scales really nicely that way.

End user-wise, we're probably up to about 600 to 700. Our central office is out of Harrisburg, PA and we have a couple of warehouses across the U.S. where I believe they use it too. It's a bit of a distributed model, but it's not a massive distributed model.

I have not personally had to deal with tech support, but my engineers who have had to deal with them have said that they've been very on the ball with quick responses. There have been no major issues.

We did not use a solution for authentication.

It was a little interesting in the beginning when we first put Duo out there because everybody was concerned about text messages on their personal cell phones, and use of their cell phones, and who actually owns their cell phones. We dealt with a lot of what was more along the lines of company policy issues, back and forth.

But after we got past the initial rollout, everybody seemed to calm right down and we don't get any complaints or negativity about it now. It's just part of normal life. Before Duo was pushed out, there were a lot of other companies that were starting to do the same type of thing. That helped ease the release of the Duo product in our organization because people were already starting to get somewhat used to having that kind of stuff happening.

Licensing and pricing are a little bit out of the area that I play in, but I think the pricing is in pretty good shape. 

One of the issues that we used to have is that Umbrella, Duo, and Cisco Secure Endpoint all had different license quantities that you had to buy. That made it really difficult to buy a complete solution with all the other pieces. I had to buy 25 of this one at a time, and 10 of that at a time, and 15 of another one at a time. They seem to have fixed that and the number of seats that you buy now matches across all the different products.

We shopped around for other layers of security but I don't think we specifically shopped around for the authentication piece. When we looked at everything, and the dust settled, this was the easiest piece to put on top of what we had and to give us another layer of security.

Duo hasn't eliminated trust, but it has certainly been a piece of what has helped build our whole hierarchy. We're moving forward and starting to put other pieces in place too on top of that, things that sync a little better with it.

Duo is beneficial to the overall connectivity. It doesn't cause any issues. It doesn't cause an excessive amount of delay, from what we have seen. The nice thing about it is that it just sits on top of whatever else is already in place and it doesn't cause disruption to whatever else you're using.

I rate it highly because it's something that can grow with you, whether you have very little security or a lot of security, whether it's already Cisco or not, and whether you have a mixed mess that you're trying to put into some kind of order. It will go in any direction with you and grow. It will get better as you improve the stuff around it and it will start to integrate with Cisco solutions. It's one of the best products because you have the ability to go with or without Cisco, and it gets better as you add more.

We use it for multifactor authentication for getting in with cell phones and PCs.

Duo Security allows us to be remote, and it keeps us secure. It has been very good for securing our infrastructure from end to end. We haven't had any issues.

It has helped free up our IT staff, but I don't have the metrics on how much time it has actually saved. We don't worry about it. It just works.

It has been good for establishing trust for every access request, no matter where it comes from.

We're working remotely. It helps us keep people more safe. Its adoption has been fine. I like the fact that you can bypass it if you need to because there are situations where the internet doesn't work, etc.

Its ability to help reduce the risk of breaches is pretty good. I like its ability for user authentication and device verification.

We use Yubikey for pushing it to the phones. Yubikeys can get expensive because people tend to lose those for some reason. Fifty dollars a device is pretty high.

I've been using this solution for a couple of years.

I don't deal directly with their tech support myself. I've got some other folks that do that for me, but I don't hear any complaints, so I'd rate them really high.

We did use another solution. I can't remember the name of it, but it had a lot of flaws and a lot of issues. It did not connect to the equipment that we had to use. It would break down, so we had to find something else.

We didn't consider another solution. While researching, Duo Security came out to be the best. The last one was terrible, and this one ranked a lot higher.

We have a hybrid deployment. It was very easy to implement it. 

It integrates well with other systems. We have Cisco Umbrella and Cisco routing and switching. We had Cisco firewalls, but I wouldn't recommend them. 

We've seen an ROI in using this product. There is stability and ease of use. It isn't a problem to handle. It's simple to deal with.

It falls in line with everything else.

To someone researching this solution who wants to improve cybersecurity in their organization, I'd say that it has been very beneficial.

Overall, I'd rate Duo Security a ten out of ten.

We began using Duo Security just after the pandemic began. We set up the VPN for our users so that they could connect from home and use the business applications. It is a security feature that is used on your mobile device, rather than something that is fixed in the office. You can use it at any given moment, as long as you have your mobile device with you.

Prior to implementing it, they were using just a username and password. That was not secure enough, so there had to be the second level of authentication. As it is now, it is integrated with the firewall. You put in your password and it is followed by a six-digit code that needs to be entered.

We operate in the financial sector so this product is crucial for our business.

The security codes are not generated locally, or on-premises. Rather, they are generated and sent from the cloud.

It is integrated with our Check Point firewall, which is used across different departments. People can connect from anywhere, including from home, and then utilize the business applications in different departments. All of them authenticate using the same firewall.

Importantly, it's not limited to one vendor or one firewall. You can use it to connect through a primary DC and a secondary DC, even if they are different vendors.

Using this product has improved our organization, primarily with respect to security. Even the system administrator, in charge of setting up the users, would not be able to use another person's ID to connect. This is because they would then need to use Duo Security, which resides on the user's device. This is something that other people cannot do because they can't generate the six-digit codes.

In terms of securing access to the applications on our network, this solution is very reliable.

With respect to our users feeling safe, secure, supported, and included, Duo Security is among the best solutions that we have ever used. We have not fully utilized all of the features. However, we're looking at using Duo to authenticate internet banking solutions. Providing a second level of authentication in these situations, perhaps in mobile banking, would be valuable.

Our regulatory requirements necessitate creating a very secure connection for financial services, which is what we get from this product.

Having a single solution for multifactor authentication makes it comfortable for the users. They only need to train on one product.

Maintaining network connectivity is not difficult. We are integrated with Fortinet and Check Point solutions. The Check Point solution is in a different data center than Fortinet, and Duo Security integrates with both of them, despite being from different vendors.

Overall, this product has helped us to remediate threats more quickly. There is no way that others can generate the security code, such as by using another server. They will not be able to connect or authenticate themselves another way.

The resilience that Duo Security provides is valuable in terms of meeting our audit requirements. This is important to us because it helps us to meet our regulatory requirements, which are set by the central bank and enforced by our cybersecurity team.

The most valuable feature is the ability for users to connect securely to the office using the VPN. There's no way to breach security using Duo. No user can connect from a different device, which guarantees access on a per-user basis. The only way somebody else can connect is if the user shares their VPN password, as well as the six-digit code. This is a well-accepted, business solution.

It is very easy to set up, configure, and integrate this product. It is also easy, from the user's side of things.

The interface is such that all of the management can be done from a single pane of glass. You can integrate as many applications as you want, and it's up to the enterprise that dictates that. Overall, it's easy to manage and administer. There are not too many moving pieces, which would make things more difficult to administer and troubleshoot when there are problems.

From our employees' perspective, they are confident that they are the only people that can connect to their accounts. Access to their own accounts remains under their control, and they are the only ones that can connect. 

The reporting feature is somewhat limited. All that you get is the list of times that the user connected. Given that it's only a secondary authentication, it may not be possible to enhance the reporting.

We have had instances where Duo Security stops working on a user's device, which we have fixed by uninstalling and then reinstalling it.

I am in my third year of using Duo Security.

Due Security is a very stable product. We have never had issues in that regard.

This is a very scalable solution. It's not limited to specific applications and we can use it across multiple ones.

We have 175 end-users.

If we need to reach out to them, they would quickly assist us. At any given time, you can get support from Duo Security. This is not a free product and the technical support team is very reliable.

I would rate the technical support a nine out of ten.

Positive

Prior to implementing Duo Security, our users were not using multifactor authentication. They were simply authenticating with a username and password. That was not secure enough, which is why we implemented the second level of authentication.

The initial setup is easy and straightforward. It is very quick to integrate and manage. As it is very easy to integrate, it works well to secure our infrastructure from end to end, helping us to detect and remediate threats.

You just download the application and within a minute or so, you have an admin panel. After that, it is integrated with the firewall and the users can then quickly connect.

The integration is easy because Duo gives you a list of steps that vary based on the application and vendor that you want to integrate with. For example, if you want to integrate with a Check Point product then you have one set of instructions, whereas if you want to integrate with a Fortinet product, there is an alternate set for that.

In total, the deployment took less than two hours to complete.

Our ROI is mainly from the security side. Because of the regulator's requirement, it's worth the procurement. That said, on our end, we're not fully utilizing the product because you can integrate it with different applications. At this point, we are just using the basic feature, which is to connect to the VPN.

The administration is comfortable knowing that no user can connect to the system without using Duo authentication.

From a business perspective, it is a little bit costly. The licensing is on a per-user basis. However, it's worth the cost.

We began with a free trial of the product that lasted for one month. After that, we paid for the license to use it.

We had an option to use Google Authenticator. It is also a secure solution but we chose Duo Security because it was recommended to us, and it has been acquired by Cisco.

We do not utilize all of the features that are offered by Duo Security.

I would rate this solution a nine out of ten.

My background is in electrical engineering. I have roughly almost thirty years in the industry, mostly in telecom, but the last ten years or so in enterprise. I'm currently in Anchorage, Alaska working for an organization that's Alaska-native company, which is more or less a conglomerate of different business lines. They work on everything from government contracts with NASA to construction to oil field operations, it's a lot of different businesses. 

Our Duo Security implementation was done about a little over three and a half to four years ago. It was about six months before I joined the company. It was done in response to a breach in the company that involved compromised credentials. 

I have personally been using Duo for as long as I've been in this company, so about three years.

We had a compromise of credentials and it resulted in a breach in the company. Had we had multifactor authentication at that time, we probably would have prevented that breach. In this day and age, I think multifactor authentication is an absolute requirement for anything you're doing. 

I lead an IT organization that has a significant amount of technical debt, and we're not in a zero-trust architecture yet. I'm pushing in that direction. Duo helps me considerably with my identity in an environment where I don't have zero trust. It's helping me bridge the gap until I can build a zero trust architecture. 

It has improved our cybersecurity resilience. Having multifactor authentication is critical because credential-based authentication is weak and it's going to be compromised. Having that additional factor in your authentication process is absolutely necessary. 

Right now, we're only using multifactor authentication. That's the most useful to us right now.

Reduction in risk is the whole point of multifactor. It's authenticating and augmenting the credentials and authenticating the individual that is trying to access your environment. It definitely reduces risk.

I would characterize Duo Security’s user authentication and device verification for helping to prevent identity-based attacks as good. It's intuitive for the users. It's easy to set up. The centralized management for our IT health service desk is good and doesn't take a lot of time. They're skilled with it. I really don't have any complaints.

The Duo Portal for our IT staff is efficient. It's utilized on a daily basis, and they're good with it. So I think it does allow staff to concentrate on other tasks.

I would say it's good at establishing trust for every access request, no matter where it comes from. Anything built by man can be broken by man. So there's always a challenge around that. They're trying to overcome those push bombing and challenges like that, and we're on that journey with them. 

Password management is difficult for us, especially for users. We would like to go passwordless. If we can go passwordless then you don't have a password manager. 

I am looking at other security features with Duo right now. We're currently looking at the passwordless options. We're looking at VPN displacement options. We're looking at those things right now. We haven't adopted yet. 

My impression of the stability is good. I haven't seen issues in the app, the portal, or anything.

Scalability is there. Our organization is somewhere around 5,000 employees, and that is not very many users for a platform like Duo, so I don't see any issues with scalability.

I've been using Cisco support for the better part of 25 years. I've seen good, I've seen bad. 

Cisco support has improved over the years, they tend to be better at getting back to you.

The only challenge is finding the right person sometimes. From what I've seen, being a named account is a big deal. When I came to this organization, they worked named accounts, and I worked really hard to become one because I knew the difference, and our support has greatly improved since becoming one. I have a person I can call and I know they can find the right person to help me get my problem solved. 

There are going to be problems with any system that's as complex as the products that Cisco sells. That's to be expected. It's really about how you get them resolved and how your partnership is there to make sure you're back up and running. Cisco, I believe, is really committed to that. 

I would rate them at an eight because there's no ten and because they have the in-house expertise to solve the problem once you can find them. They have the resources to bring to bear to solve just about any problem you can imagine. They are a committed partner. 

Positive

I have personally used other multi-factor authentication platforms. I currently do personally use others. Duo was selected by the company before I came there, and I've been very pleased with it.

I would say we have absolutely seen ROI. We have not had another breach that involved a loss of credentials since implementation.

The cost is very comparable to other solutions that I've used. I would in no way see any weaknesses in Duo over the other products, I would say it's a premium product, and it commands a premium price.

I would rate Cisco Duo Security an eight out of ten.

We use it for two-factor authentication so that we're not just relying on the username and password but also on two-factor authentication, whether it's through SMS or through the application.

People use very weak passwords, so it's very easy for attackers to get in and compromise accounts. This is why we need two-factor authentication and why we are with Duo Security. It helps us to not only rely on the username and password but also implement another layer of protection. Attackers are not going to be able to compromise accounts because of the two-factor authentication.

It has definitely reduced embedding. We found a lot of problems with attackers being able to compromise accounts. Now, when they try to access accounts, they are not able to do so because there is an added layer of protection. Once we know that a username and password are compromised, we just reset the password to protect the company.

I like the two-factor authentication, which gives another layer of protection.

It's very important for our organization that this solution considers all resources to be external. Our company has thousands of people who access from outside, and it's hard for us to know which one is legitimate and which one is illegitimate. Having two-factor authentication with Duo helps us to implement a second layer of authentication so that we know for certain that the people who are accessing accounts are legitimate.

It's a great solution for securing access to the applications and network because we can integrate the solution with all types of applications. The system has the ability to integrate customized applications built in-house and those that were brought in from outside. It integrates with network access as well, such as when you want to access a different node. It has multiple ways to authenticate applications, network access, etc., which helps us a lot to spread the solution across all our assets.

That the solution helps support hybrid work is very important to our organization because people access accounts from everywhere. Duo Security gives us the second layer of protection.

The solution provides a single pane of glass management to help us monitor all of the access.

Duo Security helped us remediate threats more quickly.

It is not easy to maintain network connectivity.

Duo Security should have more customized use cases. For example, if a client needs to have more customization, it would be better to connect directly with Duo's R&D to try to discuss the issues together in order to add customizations.

I've been using this solution for the last two years.

The stability is definitely good.

The scalability is great. The solution is deployed in multiple locations, and we have around 30,000 people.

The technical support is good. They are helping us, and I would give them an eight out of ten.

Positive

We switched to Duo Security because it's easier to implement and can be spread across all the applications.

We have definitely seen an ROI from a protection perspective. It helped us a lot to protect against compromised accounts.

Price-wise, it's not cheap, but it's not expensive at all either. It's in the middle.

I would rate Duo Security at nine on a scale from one to ten.

We use Cisco Duo for Cisco Webex smart remote client.

Cisco Duo improved our security posture. It improved our security.

The most valuable feature of Cisco Duo for us is the multi-factor authentication.

The price of Cisco Duo could be better.

I have been using Cisco Duo for about three months.

The stability of Cisco Duo is very high. I would rate it highly.

The solution scales well on a scale of one to ten, I would rate it an eight.

We don't use Cisco Duo's support directly, only through our supplier.

Positive

We used Microsoft Authenticator before switching to Cisco Duo because it was connected to other Cisco technologies.

The initial setup of Cisco Duo was quite easy.

Cisco Duo was implemented by our supplier, who set it up for us.

I would rate the pricing of Cisco Duo as a seven on a scale of one to ten, which means it is quite expensive.

We evaluated Microsoft Authenticator before choosing Cisco Duo.

I would recommend Cisco Duo for its reliability, stability, and ease of implementation.

I'd rate the solution eight out of ten.

Our primary use case is for two-factor authentication. We also use the solution to secure Microsoft Remote Desktop, VPN, and SSH connections.

We deployed the product primarily to address security concerns, for example, implementing a more secure security posture using Duo Security.

My initial deployment of the product at a previous employer was across multiple environments and business units. We were primarily an active directory shop using Windows servers and desktops and Wise desktops, all of which utilized Duo Security as their two-factor solution.

In my current environment, the tool is implemented in different forms, on-premise and in the cloud. We deploy it everywhere.

Duo Security has been utilized in multiple organizations I've worked for, and it simplifies connecting securely via VPN, Microsoft Remote Desktop, and SSH.

The app has greater stability than rival solutions such as Google Authenticator, and Duo Push authentication is a valuable feature. 

The product worked to establish trust for as long as I've used it. It's a more functional solution than some competitors, which I discovered during the POC process. I think that Duo Security considering all resources to be external is one of the reasons why they are at the top of their field. 

Duo Security simplified establishing trusted connections, making it easier to implement distributed network solutions. I've always found it to be a good part of a layered defense strategy. 

Most of the end users when I was responsible for implementation, didn't quite understand the value of the solution until it was demonstrated. 

The tool does provide single-pane-of-glass management in my experience. I haven't implemented the solution for years, but I'm a user in my personal and professional life. Therefore, I can say that feature is essential in making Duo Security one of the critical steps in a defense-in-depth strategy. 

I never had any problems maintaining network connectivity, and it always performs well.  

Based on the logging I have seen Duo Security use, I would say their solution does help with threat remediation. It is an integral part of the defense strategy. 

A robust two-factor authentication solution is a massive part of a proper defense strategy, and having Duo makes it easier to implement and manage that two-factor solution. 

I would like to see some features simplified, such as securing, configuring, and implementing Microsoft Remote Desktop. Other than that, the solution was rock solid throughout my time administering it. 

I have been using the solution for six years.

The solution is very stable, I've never seen it go down.

The product is incredibly scalable.

I had to contact technical support on a few occasions, and my problem was always resolved, but it took some time and work to reach a workable solution. My experience with them is primarily positive, but there is room for improvement.

Neutral

At the job in which I carried out the POC for the solution, we used physical RSA tokens, and I have been at locations that use HID tokens. In my opinion, the soft token solution is far better; it's more user-friendly, and staff can utilize the strategy more efficiently, effectively, and, unfortunately for RSA, more securely than the physical tokens offer.

The basic deployment is very straightforward, though some Microsoft Remote Desktop support elements were a little more complicated. Primarily in getting the correct values and additional resources required for the deployment.

I wasn't involved in the deployment at my current company. At my previous employer, I did the POC and the initial training for our help desk groups.

I carried out the implementation myself; I was responsible for maintaining all of the integration points and training the help desk team members to support the product.

It's hard to precisely measure an ROI for security solutions, but I would say it provides a return.

I haven't seen any information on the pricing in four years, so I can't comment on that. 

We tested a SecureAuth solution that didn't meet our security standards. We wanted to try RSA Authentication Manager, but that was more complex for users, so we decided to go with Duo Security.

I would rate this solution an eight out of ten.

When I carried out the POC for Duo Security at my former employer, I pitched it to them because it simplifies the login process and has excellent notifications. Physical tokens can be hard to read, especially for admins and staff trying to remediate problems late at night. We wanted a solution that was easy to set up and configure, and that is what we got; being a cloud-based solution, Duo Security is much easier to manage. We don't need to worry about managing, upgrading, and configuring much on our side; that's all handled in the cloud.   

The first company I mentioned working for was based in Ann Arbor, and Duo Security is or was based there too. I had personal relationships with several team members and recognized their product's value.

The solution improved trust models within our organization, significantly changing how people view connecting to the network. I don't think that it has had an impact on employee morale.