The easiest route - we'll conduct a 15 minute phone interview and write up the review for you.
Use our online form to submit your review. It's quick and you can post anonymously.
My main use case for Cisco Duo is providing MFA for all of our users and use cases.
The first focus with Cisco Duo is securing externally available applications, such as SaaS applications. Mostly, we ingest or enforce Cisco Duo via our SSO IDP point because then we do not have to worry about the native integration with whatever application we are trying to secure. If it is SSO capable, we inject Cisco Duo into that.
When it came about, I was a big fan of the risk-based authentication feature of Cisco Duo. That was a big win. Additionally, the Verified Push after the Cisco breach was important, as Cisco recognized that they had to do something about that and they came up with the Verified Push, which is also a very good idea. Nowadays, if I would have known a couple years back what I know today, I would not have worried about that too much because I would have just moved over to passwordless and phishing-resistant MFA means in the first place.
The major improvement I would suggest for Cisco Duo would have been to collaborate with Microsoft more closely and get positioned in a way as a recognized MFA authentication method on Entra. Since Microsoft forced all of their customers to enforce MFA when logging into anything in the Microsoft universe, Cisco Duo was not a recognized way of doing that. It was enforced as an external authentication method, as Microsoft calls it, and it was not a native Cisco Duo integration. Even the external one was not possible to select as a default, so we had to use something else along with it, which for us was Microsoft. That was very annoying.
Cisco Duo did not help reduce the cost of the overall authentication method that we have in our company; instead, it increased, obviously. Cisco Duo was the first technology that we introduced, which had to not just change or implement a certain technology. That was the easy part; the hard part was changing the habits and the culture, getting people to accept what MFA is and to go through the hassle of MFA every single time. The total cost of ownership increased, along with the implementation and the license cost, as well as the reluctance of users to handle IT systems. Security is always a fine balance, where we have to explain to the users what we are doing, why we are doing it, and not overdo it.
Where it lagged behind a lot is in the RDP integration, because we have users, especially in Germany or other jurisdictions, where we cannot force users to use their phone. Therefore, we had to give them some kind of Passkeys, and they are not supported in every use case, or if they are accepted, it is extremely tedious. With standards such as OAuth or FIDO2, that can vastly be improved. Apart from that, it is a very solid MFA solution.
I have been using Cisco Duo for seven or eight years.
Regarding the stability and reliability of Cisco Duo, it is very good. It always does exactly what it is supposed to do, with no downtime over the years that we have had it in use, despite the issues I mentioned with Microsoft, where we were not able to integrate Cisco Duo at all.
Prior to Cisco Duo, I did not use another MFA solution; that was the first one.
I would describe the experience of deploying Cisco Duo as super simple. It was straightforward, one of the easiest consoles I ever had to implement.
I can still say that I have seen a return on investment from Cisco Duo, as having MFA is a basic requirement nowadays. MFA is considered state-of-the-art if you look at things such as GDPR or any other information security framework, so not having MFA means you cannot put a price tag on that because you will be hit with ransomware immediately.
My experience with the pricing, setup costs, and licensing of Cisco Duo is that we have it as part of an Enterprise License Agreement, so that is probably not comparable.
Before adopting Cisco Duo, I evaluated a couple of other solutions, but at that time, Cisco Duo won out primarily because it was available as part of the Enterprise License Agreement, and we were a big Cisco shop already.
I am not using Cisco Identity Intelligence.
I have not noticed an increase in phishing attacks recently in my organization because we are pretty well set up in terms of email protection.
I just learned about the Proximity Verification capability with Cisco Duo. We do not have it because we are already using Passkeys, so we no longer need Proximity Verification.
I did not deploy Cisco Duo Directory to manage the user identity.
I would give this review an overall rating of 8.
In my current role, I have been Head of the Information Security section for two years. Before that, I was a network and security administrator for more than 13 years.
Regarding Cisco Duo Mobile, I am currently the admin for the portal, managing more than 500 users. It is a great system regarding multi-factor authentication, specifically after we did the integration with Active Directory, allowing us to manage the users who use the VPN, our main gateway for VPN Cisco ASA Secure, with full administration.
An important feature that saves time is the automatic unlock; when an employee forgets to approve or deny three times in a row, Cisco Duo Mobile portal locks their account. There is a feature to automatically unlock it within five or six minutes, allowing the time for this automatic unlock to be determined.
One important benefit of using Cisco Duo solution is to ensure that the person using the VPN has their username, password, and mobile; they must approve or decline if they do not have their mobile. Another important benefit is managing users who have access to the VPN because sometimes there are users designed to have access, but the system administrator forgets to remove them, which we can effectively manage from the portal itself.
I have not implemented Cisco Duo's end-to-end phishing resistance.
No additional features are needed at this time.
I rate it a nine because there is still a specific feature regarding Cisco Duo Desktop that must be enabled and optimized better than the current situation. It is not about mobile but about the desktop functionality.
I graduated with a Management Information System degree 15 years ago, and all of my experience is based in the financial sector.
I assess the stability and reliability of Cisco Duo solution as mainly stable, safe, and at 98%.
Cisco Duo scales well with the growing needs of our company; we partner with Cisco, and since all of our components are Cisco, we are always attending Cisco Live EMEAR every year, finding new solutions and technologies, importing new products to our data center regularly.
I have not expanded the usage of Cisco Duo since the first implementation.
Cisco customer support is great.
The reason for this is that all of the Cisco TAC engineers at support are fantastic. They are available 24/7, and they do not leave sessions unresolved; when an engineer's shift ends, they assign a colleague to continue solving the case.
Positive
Before adopting Cisco Duo, I did not use a different solution.
My experience deploying Cisco Duo is great and went smoothly.
What went well is that you primarily need a license to access the main admin portal and at least two servers with minimum specifications, making it easy to configure. It is straightforward, requiring just one certificate.
I encourage anyone considering implementing Cisco Duo to move to Cisco Duo Mobile.
I did not evaluate other solutions from other vendors before implementing Cisco Duo.
Recently I have seen an increase in phishing attacks in our organization. These attacks feel like they are getting more sophisticated.
I did the integration with Active Directory instead of deploying Cisco Duo Directory to manage user identities. In the financial sector, Cisco Duo is fine as it is.
Regarding the price, the pricing of Cisco Duo is okay.
The main reason to implement Cisco Duo is that all of our data center infrastructure is Cisco. If we connect everything, the visibility will be 100%, which is why we need to cover everything with Cisco.
I am currently using Cisco Identity Intelligence.
