Share your experience using Symantec VIP Access Manager

As an integrator, I work with Okta Platform.

Okta Platform can be used for IAM and IGA; it is a cloud-based solution for Identity and Access Management, as well as Identity Governance and Access.

As an integrator, I find Okta Platform user-friendly with a good number of connectors, making it easy to integrate with applications, and it is easy for SSO implementation and MFA implementation.

Lifecycle Management is configurable in Okta Platform; you can configure the joiners, movers, and leavers process with this product.

Okta Platform is a cloud-based platform, so you do not have to take care of installations as you would with on-premises solutions for SailPoint or Oracle Identity Management, which is a big difference.

Based on requirements, context-aware policies of Adaptive MFA are configurable, which is a plus point, as you can configure it based on certain requirements, such as adaptive authentication based on behavioral patterns and logging in from one place to another.

It is time-saving, which is definitely linked with money; a lesser number of users are required to do the manual work, so it has that impact on money as well.

I have not encountered any negative points for this product.

For log monitoring, after a certain period of time, logs are deleted, such as after three months, and you have to configure it using a separate or external SIEM connector, such as Splunk or Cortex XSOAR, because after 90 days, the logs will be deleted, so we have to take an export manually or add one external log monitoring solution.

If the organization is big, I can say Okta Platform is affordable; however, for small-scale industries, I would not recommend it, but for medium and enterprise organizations, it is good.

I have been using Okta Platform for approximately one to one and a half years.

Okta Platform is a stable product.

Okta Platform is a scalable product.

I can rate Okta Platform support at approximately eight or nine out of ten.

Positive

I have worked with Oracle Identity Management and SailPoint as other access management tools before.

I have not worked with Universal Directory in my case, and I have not worked on it recently.

Okta Platform is an IGA solution, so in terms of PAM capabilities, it is not working as PAM for storing passwords or secret vaults, such as Delinea or CyberArk; it is a completely different product.

I have primarily used Cisco Duo for Identity and Access Management, especially when clients have extensive identity footprints scattered across different business units or locations, with each location maintaining its own Identity and Access Management system. Centralizing all of that into one single pane of glass as a centralized IAM solution has been the primary motivation. During the COVID period in 2020 and 2021, remote access VPN usage increased significantly because everyone was working from home. The ability of remote access VPNs to integrate with identity was a major challenge we were struggling with at that time. Moving to a single centralized pane of glass to create entitlements, role-based access controls, and then hooking those into the VPN or VPN access solution was the primary motivator for most of my clients. For a couple of clients, I ran assessments to identify gaps, improvements, and the policies that needed to be configured and tightened.

I worked in the past with Cisco XDR, but not lately. We are primarily relying on Microsoft Defender for our EDR, and for a couple of other subsidiaries, we have Palo Alto XDR, not Cisco. I understand how that solution works, but we did not deploy it extensively because market adoption is lean. Cisco Secure Access is definitely something we use as SSC, Secure Service Edge, for internet bound connectivity, integrated with Cisco Umbrella.

Cisco Duo is not doing anything that competitors are not doing. I have worked on Okta as well, and Microsoft Entra ID has really improved. The primary benefit of Cisco Duo is if you already have an extensive footprint of Cisco products, such as Cisco Secure Access, Cisco Secure Firewalls or Firepowers, or Cisco Umbrella deployments, then it becomes very easy to integrate these products together so they work hand-in-hand with deep integration.

Cisco Duo offers phishing resistant IAM and multifactor authentication (MFA), which relies on Cisco Talos Threat Intelligence sharing to enrich Cisco Duo with all threat feeds. This provides pinpoint accuracy to determine what is malware or malicious and what is safe.

Identity intelligence is analogous to what Okta or Entra ID does with conditional access. It gives you a complete view of whether a particular user who seems legitimate is actually supposed to get access to applications or not. You can control access and curtail access depending upon the behavior of a user.

MFA is mandatory, and there are multiple ways you can implement it. Phishing resistance is critical because even if a user's account has been compromised, the tool regularly tracks how that particular user accesses applications and where they do it from, creating a baseline. If there is a deviation, which would definitely be the case if the user or user identity is compromised, it asks for step-up authentication or curtails access to the application. This end-to-end phishing resistance feature definitely has an impact on the company's security posture.

The primary issue is adoption. When I used to work for Deloitte, I did consulting and advisory for at least 95 of the 100 Fortune 100 companies. The number of enterprises using Cisco Duo was considerably lower and definitely not at the median. There are other tools that integrate better or whose integrations are not dependent upon SaaS vendors and SaaS applications. This could be related to how the product is positioned or how other companies are doing better with their sales. If a product is not being adopted by a very large footprint of enterprises, you need to start asking questions. Cisco Duo is definitely not doing things that others are not doing, so there is no unique selling proposition. It is definitely doing all the things that others are doing, but the adoption for other vendors is definitely better. I would compare Cisco Duo to Okta and to some extent Azure Entra ID, because Azure Entra ID has picked up very well with conditional access policies and Identity and Access Governance. Azure Entra ID also has integrations with SailPoint, which Cisco Duo does in full transparency. The issue is that Cisco Duo is not being adopted by a very large set of enterprises.

I worked on Cisco Duo from 2019 through 2020 and on and off until around three and a half to four years total.

Cisco Duo is fairly stable. They send out scheduled downtime windows for backend maintenance, but it is very well planned. The UI will not be available during this time, so any configuration or operational work needs to be scheduled around these windows. This approach is in line with what other vendors are doing. No significant issues exist. There used to be bugs in the initial days, but they have been taken care of. Every single product has some instability in the initial days, but towards the end of last year, it was not a big deal.

It is Cisco's responsibility to take care of scalability. We have an account manager whom we have always used, and we would inform them that we were going to add 50,000 identities and ask them to ensure that their backend was capable of handling it. We would also inform them about a few hundred thousand login requests over a certain duration, and they would take care of it. We have never faced any challenges where resources were not available.

I would rate Cisco Duo's customer service around seven. Level one support appears to be outsourced. There are different Cisco badges, and they outsource level one support to other people before taking it over from level two. For one of our bank clients with a very premium contract and smart licensing, they provided better support. The level of support you receive depends on whether you are okay with partner-enabled support or if you want premium customer support. It is fair because it is very rare that your service will not be available. I rate them as seven because sometimes level one engagements take time to get those people to the right part of the issue, as they ask basic questions like tenant ID and continue with W-H questions, which takes longer.

Positive

The setup is very straightforward. You get assigned a tenant and log into it, then integrate it with your existing Identity and Access Management solutions. For a brownfield deployment, this adds complexity, whereas for a greenfield deployment, the process is simpler. For a greenfield setup, you just start creating identities and send out auto-enrollment emails to the users who need to be onboarded. You need to do some domain verification in the beginning. It is up and running in a matter of two to three hours. The way you integrate and migrate it definitely depends upon the complexity of the environment and enterprise. If you have 100 different identity stores in different regulatory regions and countries with different regulatory requirements, this definitely adds complexity. However, this is not unique to Cisco Duo but applies to any vendor. For my deployment, we were able to get it up and running in a matter of a few hours on day zero and then keep expanding it over the following days.

For one of my clients, the ROI was somewhere between 25 to 27 percent in year one. We had a lot of things planned for the next year, but that was taken over by D2 operations teams. Year one definitely yielded around 26 to 27 percent in savings. The cost of benefits from a better risk posture or no compromises is definitely very difficult to estimate because that is more about understanding probability, so I would not say those theoretical numbers are close to reality.

For a couple of clients, they were able to get good deals because they were already a Cisco shop in the past. Cisco Duo came in more as an additional feature, which was counted as a new feature purchase, and this brought down the cost that the client had to invest. Cisco is smart with bundling, as you get multiple tools from Cisco that come in as add-ons and you get very good pricing. For clients using on-premises Active Directory as a source of truth, we were able to move all of those to Cisco Duo, which is SaaS and cloud managed. You do not need to maintain virtual machines, expensive servers, or redundancies, which definitely brings cost savings. You are able to remove all of that additional expense, and you also do not need to manage those anymore, so all of that goes away. Ease of management and lowering cost with regards to maintaining infrastructure are definite wins, though these are not unique to Cisco Duo but typical of SaaS-based Identity and Access Management solutions. All of these factors weigh in to give you a decent ROI. With regards to security, you are getting better security than traditional solutions, which is a win-win.

My overall experience with Cisco Duo comes from working on the product from 2019 through 2020 and on and off for around three and a half to four years total. I am a service provider for Cisco as an MSP. My role was a partner as part of a couple of our SGOs in Deloitte. We had an alliance partnership where we offered services, advised, implemented, and operated for clients. We also worked with Cisco to package different solutions and position them to clients after running assessments to improve their security posture.

Cisco Duo can be used for centralizing identity and access management across different business units and locations, integrating remote access VPN with identity systems, creating role-based access controls, implementing MFA and phishing resistant authentication, and conducting security assessments to identify gaps and improve security posture.

Some positive features about Cisco Duo include deep integration with other Cisco products, phishing resistant MFA with Talos Threat Intelligence enrichment, identity intelligence for behavioral analysis and access control, cloud-based SaaS delivery eliminating on-premises infrastructure costs, and stable performance with well-planned maintenance windows.

Cisco Duo has not been adopted by a very large set of enterprises compared to competitors like Okta and Azure Entra ID, which represents a significant area for improvement. The overall review rating I would give for Cisco Duo is seven.