We use Duo Security for multi-factor authentication.
A reliable and easy-to-use solution that is reasonably priced
Pros and Cons
- "The product is reliable and easy to use."
- "The technical engineers in the first line of support should improve their knowledge."
What is our primary use case?
How has it helped my organization?
The product makes our organization more secure.
What is most valuable?
Duo is reliable and easy to use. I’m pretty happy with all of the features. The user experience is pretty good. People without any technical background can run the applications without any issues.
What needs improvement?
The technical engineers in the first line of support should improve their knowledge. We often have to bounce all the cases to different levels.
Buyer's Guide
Cisco Duo
January 2025
Learn what your peers think about Cisco Duo. Get advice and tips from experienced pros sharing their opinions. Updated: January 2025.
831,265 professionals have used our research since 2012.
For how long have I used the solution?
I have been using Duo Security for more than ten years.
How are customer service and support?
Technical support is pretty responsive. When there was an issue, support was able to provide a solution.
How would you rate customer service and support?
Neutral
How was the initial setup?
From the security team’s perspective, the solution is pretty easy to deploy. From an end user’s perspective, it is very easy to download it and add the device to the profiles.
What about the implementation team?
We deploy the solution in-house.
What's my experience with pricing, setup cost, and licensing?
The pricing is reasonable.
What other advice do I have?
Since I'm not an admin, I don't know how the device gets set up. The product is pretty good at securing our infrastructure. It protects everything and hardly leaves anything open. The infrastructure is secured.
Duo Security cannot do it all when it comes to reducing the risk of breaches. It can probably provide up to 50%, and the rest depends on the user. Things like phishing emails depend on the user. There is nothing that Duo Security can't do. The product does a pretty good job of protecting the infrastructure.
Duo Security’s user authentication and device verification are very good and very reliable. When we get a message to upgrade, we upgrade the tool. I don't have to spend a lot of time to get the device up to date.
The solution is reliable for establishing trust for every access request. It definitely is able to establish trust for the identity to protect the infrastructure. Our organization doesn’t necessarily believe that all resources must be considered external. We try to strike a balance between convenience and security. We don't treat everything as external. We keep certain internal stuff that doesn't have to go through the authentication.
The product increases the awareness of the employees about cybersecurity. Every time I log in, a Duo box pops up saying that I am authenticated and not leaving everything wide open. Try it and get a trial base, and then you will see the difference the tool can make.
Duo is the first platform that we used. My organization did an analysis to see how many potential attacks we'll have and how much money will be lost if we do not deploy Duo. I am not sure about the metrics, though.
Overall, I rate the product a nine out of ten.
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Amazon Web Services (AWS)
Disclosure: I am a real user, and this review is based on my own experience and opinions.
IT Director at a comms service provider with 1,001-5,000 employees
Video Review
Considerably helps with identity in an environment without zero trust
Pros and Cons
- "I lead an IT organization that has a significant amount of technical debt, and we're not in a zero-trust architecture yet. I'm pushing in that direction. Duo helps me considerably with my identity in an environment where I don't have zero trust. It's helping me bridge the gap until I can build a zero trust architecture."
- "The only challenge is finding the right person sometimes. From what I've seen, being a named account is a big deal."
What is our primary use case?
My background is in electrical engineering. I have roughly almost thirty years in the industry, mostly in telecom, but the last ten years or so in enterprise. I'm currently in Anchorage, Alaska working for an organization that's Alaska-native company, which is more or less a conglomerate of different business lines. They work on everything from government contracts with NASA to construction to oil field operations, it's a lot of different businesses.
Our Duo Security implementation was done about a little over three and a half to four years ago. It was about six months before I joined the company. It was done in response to a breach in the company that involved compromised credentials.
I have personally been using Duo for as long as I've been in this company, so about three years.
How has it helped my organization?
We had a compromise of credentials and it resulted in a breach in the company. Had we had multifactor authentication at that time, we probably would have prevented that breach. In this day and age, I think multifactor authentication is an absolute requirement for anything you're doing.
I lead an IT organization that has a significant amount of technical debt, and we're not in a zero-trust architecture yet. I'm pushing in that direction. Duo helps me considerably with my identity in an environment where I don't have zero trust. It's helping me bridge the gap until I can build a zero trust architecture.
It has improved our cybersecurity resilience. Having multifactor authentication is critical because credential-based authentication is weak and it's going to be compromised. Having that additional factor in your authentication process is absolutely necessary.
What is most valuable?
Right now, we're only using multifactor authentication. That's the most useful to us right now.
Reduction in risk is the whole point of multifactor. It's authenticating and augmenting the credentials and authenticating the individual that is trying to access your environment. It definitely reduces risk.
I would characterize Duo Security’s user authentication and device verification for helping to prevent identity-based attacks as good. It's intuitive for the users. It's easy to set up. The centralized management for our IT health service desk is good and doesn't take a lot of time. They're skilled with it. I really don't have any complaints.
The Duo Portal for our IT staff is efficient. It's utilized on a daily basis, and they're good with it. So I think it does allow staff to concentrate on other tasks.
I would say it's good at establishing trust for every access request, no matter where it comes from. Anything built by man can be broken by man. So there's always a challenge around that. They're trying to overcome those push bombing and challenges like that, and we're on that journey with them.
What needs improvement?
Password management is difficult for us, especially for users. We would like to go passwordless. If we can go passwordless then you don't have a password manager.
I am looking at other security features with Duo right now. We're currently looking at the passwordless options. We're looking at VPN displacement options. We're looking at those things right now. We haven't adopted yet.
What do I think about the stability of the solution?
My impression of the stability is good. I haven't seen issues in the app, the portal, or anything.
What do I think about the scalability of the solution?
Scalability is there. Our organization is somewhere around 5,000 employees, and that is not very many users for a platform like Duo, so I don't see any issues with scalability.
How are customer service and support?
I've been using Cisco support for the better part of 25 years. I've seen good, I've seen bad.
Cisco support has improved over the years, they tend to be better at getting back to you.
The only challenge is finding the right person sometimes. From what I've seen, being a named account is a big deal. When I came to this organization, they worked named accounts, and I worked really hard to become one because I knew the difference, and our support has greatly improved since becoming one. I have a person I can call and I know they can find the right person to help me get my problem solved.
There are going to be problems with any system that's as complex as the products that Cisco sells. That's to be expected. It's really about how you get them resolved and how your partnership is there to make sure you're back up and running. Cisco, I believe, is really committed to that.
I would rate them at an eight because there's no ten and because they have the in-house expertise to solve the problem once you can find them. They have the resources to bring to bear to solve just about any problem you can imagine. They are a committed partner.
How would you rate customer service and support?
Positive
Which solution did I use previously and why did I switch?
I have personally used other multi-factor authentication platforms. I currently do personally use others. Duo was selected by the company before I came there, and I've been very pleased with it.
What was our ROI?
I would say we have absolutely seen ROI. We have not had another breach that involved a loss of credentials since implementation.
What's my experience with pricing, setup cost, and licensing?
The cost is very comparable to other solutions that I've used. I would in no way see any weaknesses in Duo over the other products, I would say it's a premium product, and it commands a premium price.
What other advice do I have?
I would rate Cisco Duo Security an eight out of ten.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Buyer's Guide
Cisco Duo
January 2025
Learn what your peers think about Cisco Duo. Get advice and tips from experienced pros sharing their opinions. Updated: January 2025.
831,265 professionals have used our research since 2012.
Dynatrace Architect at a hospitality company with 10,001+ employees
A robust solution with impeccable stability and good functionality, it fits well in a layered defense strategy
Pros and Cons
- "The app has greater stability than rival solutions such as Google Authenticator, and Duo Push authentication is a valuable feature."
- "I would like to see some features simplified, such as securing, configuring, and implementing Microsoft Remote Desktop. Other than that, the solution was rock solid throughout my time administering it."
What is our primary use case?
Our primary use case is for two-factor authentication. We also use the solution to secure Microsoft Remote Desktop, VPN, and SSH connections.
We deployed the product primarily to address security concerns, for example, implementing a more secure security posture using Duo Security.
My initial deployment of the product at a previous employer was across multiple environments and business units. We were primarily an active directory shop using Windows servers and desktops and Wise desktops, all of which utilized Duo Security as their two-factor solution.
In my current environment, the tool is implemented in different forms, on-premise and in the cloud. We deploy it everywhere.
How has it helped my organization?
Duo Security has been utilized in multiple organizations I've worked for, and it simplifies connecting securely via VPN, Microsoft Remote Desktop, and SSH.
What is most valuable?
The app has greater stability than rival solutions such as Google Authenticator, and Duo Push authentication is a valuable feature.
The product worked to establish trust for as long as I've used it. It's a more functional solution than some competitors, which I discovered during the POC process. I think that Duo Security considering all resources to be external is one of the reasons why they are at the top of their field.
Duo Security simplified establishing trusted connections, making it easier to implement distributed network solutions. I've always found it to be a good part of a layered defense strategy.
Most of the end users when I was responsible for implementation, didn't quite understand the value of the solution until it was demonstrated.
The tool does provide single-pane-of-glass management in my experience. I haven't implemented the solution for years, but I'm a user in my personal and professional life. Therefore, I can say that feature is essential in making Duo Security one of the critical steps in a defense-in-depth strategy.
I never had any problems maintaining network connectivity, and it always performs well.
Based on the logging I have seen Duo Security use, I would say their solution does help with threat remediation. It is an integral part of the defense strategy.
A robust two-factor authentication solution is a massive part of a proper defense strategy, and having Duo makes it easier to implement and manage that two-factor solution.
What needs improvement?
I would like to see some features simplified, such as securing, configuring, and implementing Microsoft Remote Desktop. Other than that, the solution was rock solid throughout my time administering it.
For how long have I used the solution?
I have been using the solution for six years.
What do I think about the stability of the solution?
The solution is very stable, I've never seen it go down.
What do I think about the scalability of the solution?
The product is incredibly scalable.
How are customer service and support?
I had to contact technical support on a few occasions, and my problem was always resolved, but it took some time and work to reach a workable solution. My experience with them is primarily positive, but there is room for improvement.
How would you rate customer service and support?
Neutral
Which solution did I use previously and why did I switch?
At the job in which I carried out the POC for the solution, we used physical RSA tokens, and I have been at locations that use HID tokens. In my opinion, the soft token solution is far better; it's more user-friendly, and staff can utilize the strategy more efficiently, effectively, and, unfortunately for RSA, more securely than the physical tokens offer.
How was the initial setup?
The basic deployment is very straightforward, though some Microsoft Remote Desktop support elements were a little more complicated. Primarily in getting the correct values and additional resources required for the deployment.
I wasn't involved in the deployment at my current company. At my previous employer, I did the POC and the initial training for our help desk groups.
What about the implementation team?
I carried out the implementation myself; I was responsible for maintaining all of the integration points and training the help desk team members to support the product.
What was our ROI?
It's hard to precisely measure an ROI for security solutions, but I would say it provides a return.
What's my experience with pricing, setup cost, and licensing?
I haven't seen any information on the pricing in four years, so I can't comment on that.
Which other solutions did I evaluate?
We tested a SecureAuth solution that didn't meet our security standards. We wanted to try RSA Authentication Manager, but that was more complex for users, so we decided to go with Duo Security.
What other advice do I have?
I would rate this solution an eight out of ten.
When I carried out the POC for Duo Security at my former employer, I pitched it to them because it simplifies the login process and has excellent notifications. Physical tokens can be hard to read, especially for admins and staff trying to remediate problems late at night. We wanted a solution that was easy to set up and configure, and that is what we got; being a cloud-based solution, Duo Security is much easier to manage. We don't need to worry about managing, upgrading, and configuring much on our side; that's all handled in the cloud.
The first company I mentioned working for was based in Ann Arbor, and Duo Security is or was based there too. I had personal relationships with several team members and recognized their product's value.
The solution improved trust models within our organization, significantly changing how people view connecting to the network. I don't think that it has had an impact on employee morale.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Network Administrator Team Lead at a construction company with 5,001-10,000 employees
Establishes trust for every access request, no matter where it comes from
Pros and Cons
- "It's easy to deploy. It's easy to manage. It's easy to integrate with other applications."
- "The new smart license model doesn't always work. It's very complicated."
What is our primary use case?
We use it for multi-factor authentication. That's the only use case we have now. We're not using it to its maximum capabilities but we'll use it for more functions moving forward.
How has it helped my organization?
Duo Security has improved our cybersecurity resilience. Multi-factor authentication gives us another layer of protection. Having another layer of security is very important for us.
Duo Security establishes trust for every access request, no matter where it comes from. This is something that's absolutely needed.
What is most valuable?
It's easy to deploy. It's easy to manage. It's easy to integrate with other applications.
We also use it for single sign-on with Meraki and VPN access for non-Cisco firewalls, but we're now migrating to Cisco firewalls. It's easy to deploy, and it works.
What needs improvement?
I'm not using it as much as I could. So far, it has everything I need. I don't have any requirements or improvements. Everything is working smoothly, and we're happy with it.
For how long have I used the solution?
We have been using Duo Security for about two years.
What do I think about the stability of the solution?
Its stability is great.
What do I think about the scalability of the solution?
We have 1,500 users that use Duo Security. We're planning to use Duo Security for more applications, but the number of users won't increase anymore, so in terms of scalability, I don't think we'll have any issues.
How are customer service and support?
We have opened some cases with Cisco for questions and things at all, and they were very helpful. They're very good. They answer questions quickly, and the people who work there are knowledgeable, so I can't complain. I'd rate them a ten out of ten because I got prompt responses and knowledgeable people.
How would you rate customer service and support?
Positive
Which solution did I use previously and why did I switch?
We were using Microsoft Authenticator before, but we had a lot of problems with that, so we had to move away from that. Initially, we didn't have any multi-factor authentication, so having a multi-factor authentication for multiple applications and services that we provide helps us in making our network more secure.
How was the initial setup?
You synchronize your AD with Duo Security and create all the groups for access. You send the emails to do the deployment, and you load the cell phone numbers. That's for the end-user side, and for the firewall, we have the proxies. We're using a proxy for one of the products. Our firewall sends RADIUS requests to the proxy, and the proxy communicates to Duo Cloud. The virtual machine deployment for the process was very easy. The configuration takes a few steps, but it's easy.
We've both on-premise and cloud deployments. We're using the tool on the cloud, but we don't have any infrastructure on the cloud.
What about the implementation team?
We did the deployment ourselves.
What was our ROI?
We have seen an ROI. The cost of not having it means you're vulnerable to hacking and other things. Nowadays, multi-factor authentication is required for insurance. It's a must now.
What's my experience with pricing, setup cost, and licensing?
It's very simple. Its price is fair. We use the hardware tokens as well. You get what you pay for.
In terms of licensing, Cisco has very complicated products, but Duo Security was surprisingly easy. The licensing model is easy. The license is based on the intent. You can see how many licenses you have. It's one of the easiest solutions I have deployed, so I'm very happy about it. Every other Cisco product—such as switches, APs, wireless, and controllers—has a very complicated license model. The new smart license model doesn't always work. It's very complicated. The vendors will put your license somewhere else. You need to talk to vendors. It's complicated, but Duo Security licensing is simple.
Which other solutions did I evaluate?
We evaluated RSA, Microsoft, and Duo Security. We evaluated these three, and we realized that Duo Security had better reviews, and it was easier to deploy and cost-effective, so it made sense to use it.
What other advice do I have?
Overall, I'd rate Duo Security a ten out of ten.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Assistant IT Director at a government with 501-1,000 employees
Provides two-factor authentication, which adds an additional layer of security and easy user adaptation
Pros and Cons
- "Duo Security gives us an additional layer of security that would give us added confidence that our network will be less likely to get hacked, compromised, or otherwise."
- "There is a little bit of apprehension for some users thinking, well, "How do I know this app is not collecting personal information from my personal device?""
What is our primary use case?
We use it citywide. I work for a city, local government, and we implemented it during the pandemic.
We support it for remote access to our network. Every city employee is required to use it, including the police and fire departments. However, it's hard to concretely say if the solution has helped reduce the risk of breaches in one way or another.
Apart from that, we focus on user education in cybersecurity and provide training to our end-user population to heighten awareness. This is in addition to the two-factor authentication, so we don't solely rely on that.
How has it helped my organization?
Duo Security has improved our organization from a security standpoint. The two-factor authentication has become a requirement in most cases. It is specifically required by cybersecurity insurance.
Not only are we doing it for requirement purposes, but it also gives us an additional layer of confidence. Duo Security's additional layer of security gives us added confidence that our network will be less likely to get hacked, compromised, or otherwise.
Moreover, we're very satisfied with the solution for helping secure our infrastructure from end to end. It definitely gives us an added layer of our confidence knowing that two-factor authentication is implemented. In our organization, network-wise, the confidence level is fairly high, and we're happy with it.
The way we involve the end users is with their mobile devices and mobile phone numbers. Once they do get involved, we are pretty confident that they are being reached out to through the number that we have in the system for them, and there's really no reason on our end to doubt the validity of those authentication requests when they come through. We trust Duo Security for every access request, no matter where it comes from.
Duo Security has become essential to our environment, considering today's time when our workforce is becoming more and more mobile.
Duo Security helped our organization improve its cybersecurity resilience. It has given that added layer of security and keeps the awareness on the user's end as well.
What is most valuable?
It's easy to use, frankly. All it takes really is for the end user to download the app. For me, I have an Apple Watch; I don't even have to wait for my phone. I can accept the prompt right there and just be on my way.
Moreover, we are comfortable and have high confidence in the solution's user authentication; device verification can prevent identity-based attacks.
What needs improvement?
One of the challenges was for the police force. A lot of them, at first, weren't keen on using their personal cell phone for, quote-unquote, city business. As a city, we require them to download an app for two-factor authentication. There is a little bit of apprehension for some users thinking, well, "How do I know this app is not collecting personal information from my personal device?" was the only obstacle we ran into. Overall, satisfaction is good.
To mitigate this problem, there was an option where the city would choose to just go with utilizing the app. There's another option where you can get a text message as opposed to having to download the app and accept what the app has on it.
For how long have I used the solution?
I have been using Duo Security for three years.
What do I think about the stability of the solution?
Duo Security is a stable solution.
What do I think about the scalability of the solution?
We never encountered any issues in terms of scalability.
How are customer service and support?
The customer service and support have been very good. We haven't had to call them many times. They've been able to assist every time there was an issue.
The responses have always been timely, and I haven't gotten any complaints from our security manager.
Which solution did I use previously and why did I switch?
We used a different solution but had it in limited use only for our public safety team. That was a requirement at the time because of the type of information that they had access to. We were looking for something versatile.
With Duo Security, the easier user access and user adaption were a little easier. We felt the solution was a little clunky at times, and we are already in the Cisco ecosystem, and that's one of their products. So we decided that was the best solution at the time. That's why we switched to Duo Security.
How was the initial setup?
Implementation was fairly easy. Moreover, once you have it implemented, it's very minimal.
Duo Security doesn't require a lot of maintenance. From that standpoint, the solution has freed up time. However, it's not something that we had beforehand. In other words, it's not necessarily alleviating work. However, it is easy to manage.
What's my experience with pricing, setup cost, and licensing?
The pricing was a lot more than what we were paying for our previous solution. However, our previous solution only covered two out of the sixteen departments within the city.
It’s a bit of a pie chart in that sense but we understood that with Duo Security, we were deploying it on a broader scale.
Overall, the pricing was higher than our expectations, but considering the circumstances during the pandemic and the increased demand, we understood the importance of making the right decision and moving forward with the best product.
I would say we are happy with it. However, I haven't conducted any recent market surveys to compare pricing, so it's difficult to make a definitive statement. Ultimately, what matters most is the satisfaction of our end users, and in that regard, it is currently very high.
Which other solutions did I evaluate?
We did look at some other products. We had a security manager who was responsible for conducting the necessary research and legwork. However, he did present us with a few different solutions, and our network manager was also involved in exploring options. Ultimately, Duo Security was selected as the preferred solution.
And also, what happened right before then, we had attended Cisco Live, had been exposed to Cisco Duo, and really liked what we saw. So we went into it with a bit of bias, to be honest, because we already saw it.
What other advice do I have?
Duo Security is a great solution. The adoption and learning curve for the end user is low, in our opinion.
Overall, I would rate Duo Security an eight out of ten.
Which deployment model are you using for this solution?
Public Cloud
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Microsoft Azure
Disclosure: I am a real user, and this review is based on my own experience and opinions.
IT Director at a non-profit with 201-500 employees
Keeps us secure, allows us to be remote, and is simple to deal with
Pros and Cons
- "We're working remotely. It helps us keep people more safe. Its adoption has been fine. I like the fact that you can bypass it if you need to because there are situations where the internet doesn't work, etc."
- "We use Yubikey for pushing it to the phones. Yubikeys can get expensive because people tend to lose those for some reason. Fifty dollars a device is pretty high."
What is our primary use case?
We use it for multifactor authentication for getting in with cell phones and PCs.
How has it helped my organization?
Duo Security allows us to be remote, and it keeps us secure. It has been very good for securing our infrastructure from end to end. We haven't had any issues.
It has helped free up our IT staff, but I don't have the metrics on how much time it has actually saved. We don't worry about it. It just works.
It has been good for establishing trust for every access request, no matter where it comes from.
What is most valuable?
We're working remotely. It helps us keep people more safe. Its adoption has been fine. I like the fact that you can bypass it if you need to because there are situations where the internet doesn't work, etc.
Its ability to help reduce the risk of breaches is pretty good. I like its ability for user authentication and device verification.
What needs improvement?
We use Yubikey for pushing it to the phones. Yubikeys can get expensive because people tend to lose those for some reason. Fifty dollars a device is pretty high.
For how long have I used the solution?
I've been using this solution for a couple of years.
How are customer service and support?
I don't deal directly with their tech support myself. I've got some other folks that do that for me, but I don't hear any complaints, so I'd rate them really high.
Which solution did I use previously and why did I switch?
We did use another solution. I can't remember the name of it, but it had a lot of flaws and a lot of issues. It did not connect to the equipment that we had to use. It would break down, so we had to find something else.
We didn't consider another solution. While researching, Duo Security came out to be the best. The last one was terrible, and this one ranked a lot higher.
How was the initial setup?
We have a hybrid deployment. It was very easy to implement it.
It integrates well with other systems. We have Cisco Umbrella and Cisco routing and switching. We had Cisco firewalls, but I wouldn't recommend them.
What was our ROI?
We've seen an ROI in using this product. There is stability and ease of use. It isn't a problem to handle. It's simple to deal with.
What's my experience with pricing, setup cost, and licensing?
It falls in line with everything else.
What other advice do I have?
To someone researching this solution who wants to improve cybersecurity in their organization, I'd say that it has been very beneficial.
Overall, I'd rate Duo Security a ten out of ten.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Senior Director of Engineering Services at TD SYNNEX
An easy-to-install multi-factor authentication platform that offers speed and dependability at the same time
Pros and Cons
- "Regarding the valuable features, I would say that Duo Security is easy to use, has speed, and is dependable."
- "I wish that the support would be a little bit more prompt and a little bit more flexible because there are certain things that they will do and certain things they won't do."
What is our primary use case?
You don't need any other Cisco security products in order to use it. That's what makes it easy.
Normally, people use it for multi-factor authentication. It's an easy-to-install multi-factor authentication platform.
What is most valuable?
Regarding the valuable features, I would say that Duo Security is easy to use, has speed, and is dependable.
What needs improvement?
It would be nice if there was a biometric option rather where you could accept with a fingerprint. Like, in an iPhone, they have fingerprint authentication and face ID. It would be nice if there was a biometric acceptance as opposed to just clicking and accepting.
For how long have I used the solution?
I have been using Duo Security for thirteen years. I am a distributor of the solution.
What do I think about the stability of the solution?
Regarding stability, I don't know if that comes into question. With my clients, I haven't seen them facing stability issues.
What do I think about the scalability of the solution?
I have seen it deployed in an organization with 50 people and another with 5,000 people.
How are customer service and support?
I love the solution's technical support. Regarding the adjectives I would use to describe the support, I would say that the support was professional and accommodating. I wish that the support would be a little bit more prompt and a little bit more flexible because there are certain things that they will do and certain things they won't do. Then they push what they won't do back down to the distributor.
I also wish that they consider us as distributors because we're not the traditional partner. It's almost like we are Cisco. I wish that we could share more resources behind Cisco Firewall and behind Cisco's resources. I rate the support an eight out of ten.
How would you rate customer service and support?
Positive
Which other solutions did I evaluate?
The reason we chose Duo Security over its competitors is because it's a freebie that you can try and see how it goes. There is also the ease of integration with Duo Security. I don't really know of any other MFA that is as simple. With Duo Security, it's like, here's your authorization, and you need to click on the yes or no options.
What other advice do I have?
I would say that the solution does increase security because it does require MFA, and as long as the company enforces it installed on a specific device, it works.
It does not secure my infrastructure from end to end and detect or remediate threats. It's not the function of the product.
Regarding my assessment of Duo Security for establishing trust for every access request, no matter where it comes from, I would say that it is absolutely dependent on how the company deploys it. If the company says just deploy Duo Security on an old device, then it's kind of a hope.
The whole point of having Duo Security is that it considers all resources to be external.
Multi-factor authentication in general helped my organization improve its cybersecurity resilience. Any MFA will do that.
I would tell those considering having Duo Security in their organization that it's easy. You don't need to have every other Cisco product out there since I know that, for a fact, you can do it with Sophos and Fortinet. You can do it with other products, not just Cisco.
I rate the overall product an eight out of ten.
Disclosure: My company has a business relationship with this vendor other than being a customer: Distributor
IT Manager at a manufacturing company with 51-200 employees
It helped us prevent unauthorized access after a phishing attack
Pros and Cons
- "Cisco is the perfect product for our current size, and I don't think we'll have problems with scalability as we grow."
- "Most of my colleagues from other companies use the Microsoft MFA solution because it's included in Office 365. Few people are considering Cisco Duo. That's the primary problem in our area. It's a solution mostly adopted by Cisco users."
What is our primary use case?
Duo is part of a complete security package that Cisco provides. Initially, we only used Duo to secure Microsoft 365, but we now use it for other applications like VPN, terminal server access, etc.
How has it helped my organization?
A couple of months ago, our colleagues got phishing emails from real accounts because other companies got hacked. The scammers write emails from a hacked account because they see an employee on the contact list. They seem real because the images are authentic. That leads to a portal where you have to insert your credentials.
Like any MFA, Cisco Duo sends a message when someone tries to access your account. That's the part that helped us because a person always falls for it. Unauthorized access is a serious problem, even if it doesn't affect your files. It's a potential risk to our reputation because it doesn't look good if a hacker is using your company email address to send spam.
I'm not sure if Duo saved us time. Any security measure inevitably makes things more complicated. If you eliminate security solutions, it's easier on your users, but you have no security. It's like wearing a helmet on a motorcycle. You don't need it until you fall.
Our security posture is getting better, but we still have room for improvement. We're implementing several security packages currently and hope to be where we want to be by the end of this year.
What needs improvement?
Most of my colleagues from other companies use the Microsoft MFA solution because it's included in Office 365. Few people are considering Cisco Duo. That's the primary problem in our area. It's a solution mostly adopted by Cisco users.
For how long have I used the solution?
We are new users and only started transitioning to Cisco last year.
What do I think about the stability of the solution?
We haven't experienced any issues so far, and I hope it stays that way. Nothing is 100 percent, but it's close to that.
What do I think about the scalability of the solution?
Our company isn't too big. Cisco is the perfect product for our current size, and I don't think we'll have problems with scalability as we grow.
How are customer service and support?
We rely on our partner for technical support, so we've never contacted Cisco for that.
Which solution did I use previously and why did I switch?
We used HP networking and security products but transitioned to Cisco last year. In the food manufacturing industry, Cisco has some advantages over others. For example, Cisco switches are made for heavy industry and are designed for devices in the mills. Cisco is certified to integrate with Siemens microprocessors.
What is critical for me isn't the product itself, it's your partner. If you have a great partner, you can also work with HP or other competitors. Having a partner to implement everything and suggest best practices is essential. Our partner NTS works exclusively with Cisco, so we switched from the competitor to Cisco when we switched partners.
How was the initial setup?
The deployment was straightforward with the help of our partner. I can't do it all alone, but our partner has 450 Cisco-certified technicians.
What's my experience with pricing, setup cost, and licensing?
Cisco has the most expensive products because market leaders tend to charge a lot.
What other advice do I have?
I rate Cisco Duo Security a nine out of ten. I would give the solution a perfect score if it were a little cheaper. Cisco is expensive.
Which deployment model are you using for this solution?
Public Cloud
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Buyer's Guide
Download our free Cisco Duo Report and get advice and tips from experienced pros
sharing their opinions.
Updated: January 2025
Product Categories
Authentication Systems Single Sign-On (SSO) ZTNA as a Service Cisco Security Portfolio Multi-Factor Authentication (MFA)Popular Comparisons
Microsoft Entra ID
Okta Workforce Identity
Fortinet FortiAuthenticator
Ping Identity Platform
Yubico YubiKey
Fortinet FortiToken
RSA SecurID
CyberArk Identity
Symantec VIP Access Manager
Silverfort
Thales Authenticators
UserLock
Entrust Identity Enterprise
RSA Authentication Manager
ESET EDR/XDR
Buyer's Guide
Download our free Cisco Duo Report and get advice and tips from experienced pros
sharing their opinions.
Quick Links
Learn More: Questions:
- How does Duo Security compare with Microsoft Authenticator?
- How would you compare Cisco Duo Security with other Authentication Systems products?
- Which solution do you prefer: Duo Security or RSA SecurID Access?
- When evaluating Authentication Systems, what aspect do you think is the most important to look for?
- Why is Authentication Systems important for companies?
- Which front-end product for authorization and authentication into an Apache Web Server application, PIXIA, would you recommend?
- What is the difference between SPML and SAML?
- How would you compare Cisco Duo Security with other Authentication Systems products?
- What is CAPTCHA and how does it work? How can you use it for Artificial Intelligence (AI)?
- What are some alternatives for UserLock?