Cisco Duo Reviews

Our primary use case is multifactor authentication for our VPN users. We didn't have multifactor authentication before. After we integrated Duo Security with our systems, everyone has been using it, and it has given us peace of mind when dealing with VPNs.

The most valuable feature of Duo Security is the ability for the user to easily approve access. The application prompts the user, and they can see the location and the IP address. This makes it easy for the user to approve it and go through the process of logging in to the VPN.

Duo Security can be used for any type of authentication apart from that for VPNs. It saves time and prevents problems because it is user-friendly.

Integration between Duo Security and FTDs needs improvement. Integrating Next Generation Firewall safety with Duo Security currently requires a proxy agent between Active Directory and the appliance. It's an additional factor that we need to think about. It would be great to have direct integration with FTD so that we don't have to worry about middleware products. For the rest of the Cisco Secure solutions, the APIs need improvement.

Duo Security needs to improve the delivery of text messages to the users. This has been a big pain point for us over the years. Though we understand that the local telecoms are the ones responsible for the final delivery of the message, there should be a way to improve the process. Some users don't use the application and rely on SMS messages. It is a problem at times because the messages are not delivered.

We've been using Duo Security for almost six years.

We use Cisco Umbrella, ISE, FirePOWER Services, Next Generation Firewalls, FTD, ASA, and Duo Security.

The stability of Duo Security is great. We receive notices for any problems or issues in a very timely manner.

The solution is generally easy to scale. If you have the ability to deploy Duo Security yourself or can leverage third-party integrators, there should not be any issues with scalability.

Cisco support for Duo Security has been great. We haven't had many cases, and most of the ones we have had were related to SMS and text messaging delays.

On a scale from one to ten, I'd rate technical support at eight. They are quick to provide solutions but can improve on working with third-party service suppliers so that end-user experience is better.

Positive

Deploying Duo in our environment was very easy because of the pre-staged configuration. It was very quick, and in one to two days, we had a VPN concentrator using Duo Security.

Duo Security was initially deployed using a consultant, but afterward, we deployed multiple additional VPN concentrators ourselves.

The return on investment has been huge in terms of protection from cyber-attacks. We have been able to protect our employees by having multifactor authentication. This is invaluable for companies in the current threat landscape.

In terms of support, it's always great to have happy users who are able to easily log in to our environment through VPN without having to bother about non-working software agents or any other type of authentication platforms.

My advice to you if you are evaluating Duo Security would be to do your research and compare it to other competitors. If you are a Cisco-oriented company, you will see that there are several benefits to using Duo Security. You will also see that it has the edge over other solutions on the market.

On a scale from one to ten, I would rate Duo Security at eight. The stability and user experience are great, but there's room for improvement in terms of text message and SMS delivery.

We mostly use it for our AnyConnect VPNs and two-factor authentication.

We use Firepower Defense as a firewall, and we have implemented the IPS system on the firewall. Previously, we had ASA, and two-factor authentication was with the code, but now, it's with a push notification. It has somehow made it easier for non-IT employees to easily connect to the VPN, but it, as such, hasn't saved any time. It didn't reduce any tasks. 

It hasn't helped consolidate any tools or applications because we're not using any other security components that can be integrated with it.

The two-factor authentication is valuable because that is the use case for which we are using it.

We first deployed Duo Security for our company with the VPN, and afterward, about a year later, we implemented it for a customer of ours where we offered infrastructure as a service. When I tried to establish a VPN connection through Duo Security, it did not function well on that version, which was the latest one at the time. So, I had to make a copy of the machine and then implement Duo Security with the VPN because it did not function well with the newer version. I didn't know why, but it did not function. I haven't tried to update it since then, but that could be an area of improvement.

I've been using Duo Security for almost four years.

It's stable.

It has good scalability.

They were helpful and fast 90% of the time. They have knowledgeable tech engineers. We didn't have many problems, but any problem that required a case to be opened was resolved quickly. I'd rate their support a nine out of ten.

We didn't use a similar solution previously. We went for this solution because of the consistency of Cisco products and the best cases that it provides. It fulfills our needs as a company.

It was straightforward. I had some issues, but mostly, I followed the complete path from sandboxing to testing and then going live in production.

We have two people, me and my colleague, but it's mostly me.

I am not involved in its pricing, but we haven't yet seen an ROI.

I'd recommend using it. You can read about the product and implement your infrastructure.

I'd rate Duo Security a 10 out of 10.

Duo specifically offers good MFA functionality. We needed support for our VPN and used GlobalProtect as well as Duo for additional security.

Duo has allowed us to add an additional layer of security to our organization. It prevents people from gaining access unless they have your credentials as well as a device. It has allowed us to establish trust for every access request and secures our environment. We are confident and comfortable with the way the solution handles this. We have tried other solutions but they've not met our expectations.  

Duo Security does a good job of helping to support our organization across a distributed network. It does a fantastic job at securing access to applications and networks. It is streamlined and straightforward.

Duo Security provides single-pane-of-glass management.

This solution has been most valuable for locking up our VPN solution and providing secure web protection. 

We have a 24 hour timer for our Duo cookie and we would like to reduce this to a shorter time when using Duo. We use Duo together with GlobalProtect and I am not sure which solution would be responsible for this improvement. 

I have been using Duo Security for the entire time I've been employed at my company.

This is a stable solution. 

This is a scalable solution. We have 20,000 users covered by this solution. 

We have not needed much help from the Duo support team. Using this solution has been surprisingly easy for us. 

We were running a different solution on a test gateway we had and it didn't meet our expectations so we moved to Duo. We have previously tested XAML. 

You pay per user when using this solution and the pricing is fair.

We have never had an issue in maintaining network connectivity across all workplaces. Duo Security has helped remediate threats more quickly and offers security end to end. Cybersecurity resilience is probably one of the most significant elements of organization because we work in the healthcare industry.

I would rate this solution a ten out of ten. This is because we have not had any vulnerability that has been exposed to or any other issues that we've had to deal with.

We mostly use it for multi-factor authentication with email platforms like Office 365 as well as other apps.

We were looking to deal with email phishing attacks and brute force attacks, and the like, and Duo has helped a lot. We're more secure with multi-factor and have seen the number of phishing attacks and brute force attacks go down.

Logging in with Duo is baked into anything that we log into, including any applications, email, and web apps. We integrate it with a product called Jump Cloud, which is our cloud-based identity management system. We have also integrated it into WebEx and Box. Duo runs all of our security and MFA, and it's worked out well.

It's helped a lot of our customers with multi-factor in their identity management systems, on-prem and in the cloud. That way, when users log in, they get the MFAs to be able to log in to any resource on the network.

And because everybody is working remotely now, Duo checks all the boxes for hybrid work.

When it comes to remediating threats, it has helped us do so quickly. We don't even see a lot of the threats anymore because it's working behind the scenes. It has definitely decreased the number of threats in the last year compared to what we used to see.

The ease of use and the ease of management of all the users have been key for us. The setting up of devices in Duo has been really easy as well. It's better than all the other ones I've worked with.

Another important feature is that Duo considers all resources to be external because even the internal ones look like external ones, and people click on stuff and get caught. It's very important to be more cautious than ever.

Also, the single pane of glass management works very well. That feature is very important because we have a lot of admins who have to manage Duo, and it's much easier when it's a single pane of glass. That single pane is also great because it's easy to enroll new devices.

One area that might be improved is that setting up SMS texting is not as easy as using the app, even though it does support it.

Also, a faster management user interface would help. It tends to lag a little bit.

I've been using Duo Security for three or four years.

It has been stable. We haven't really had many issues with it. It maintains network connectivity across all workplaces and works great. I don't have any complaints.

It can scale to as many employees as you have. It can go from five employees to 1,000 employees. I don't see any issues with the scalability.

Their technical support is great.

Positive

We did not have a previous solution.

The initial deployment was pretty straightforward. We had a small number of challenges, but nothing we couldn't get by. It was pretty smooth, overall. Setting it up and enrolling new devices into the environment was a breeze. That was the easiest thing.

We do it ourselves.

We see ROI in that users feel more secure and their morale goes up. You get to keep those employees a lot longer if they feel better working for an organization that's investing in security. A big benefit is keeping your employees.

Everybody loves it. They feel a sense of security when they get that prompt to send them a text, or an email. It makes them feel like they're working for a company that is really taking the time to secure the environment. It gives them a good feeling when they get a second form of authorization.

The pricing is pretty competitive. It's pretty cheap. Anybody can adopt it. We don't have customers that haven't used it because of the price.

We evaluated Microsoft Authenticator and Google Authenticator. With those solutions, you don't have the granularity of management of the MFA environment that Duo offers.

Our Duo is all cloud-based, there's nothing on-prem. We typically integrate it with our cloud apps.

Resilience in cyber security is a game-changer. We have the same challenges that every organization goes through with security: phishing attacks, ransomware attacks, et cetera. I wouldn't say it has eliminated 100 percent of them, but it definitely cuts a lot of that stuff out. Every organization should have something like Duo, or MFA in general. But if they're going to do it, they should do it with Duo just because it's so easy to manage and it is resilient.

For management that wants to build more resilience within their organization, they have to implement multi-factor authentication across that organization for everything. It shouldn't just be for email but everything internally as well. 

A lot of our use cases were for customers to get their cyber insurance renewed. It was a requirement and they had to scramble to figure out a way to get multi-factor authentication in place.

It's made things easier for our customers with all the different ways to sign in. It's pretty painless once they get used to it. Once customers understand it, it checks all the boxes for them. It's easy for them to use. It also works with a lot of Cisco's other products.

• The easiest feature is the token or the app on your phone that gives you the code to log in.
• It provides a single pane of glass for management and that helps optimize the user experience.
  
• We get fewer threats to remediate due to the two-factor authentication, which does not allow as many threats through.
• It does a good job of establishing trust for every access request. It checks all the boxes I need and, as a reseller, it makes it easy for me to sell. I'm happy with it.

Sometimes, it's a little harder for customers to adopt.

Also, when it comes to the single pane of glass for management, there are some mixed reviews and opinions that say there could be some other options. But those are very unique cases.

The majority of my customers are really good with just the two-factor authentication and don't really take advantage of a lot of the extra bells and whistles that it has. Getting them to adopt more of those features, versus asking for anything new, would probably be where my first step would be.

I have been using Duo Security for about a year and a half.

The stability is good. I've never had an issue with it crashing or having bugs.

I've never had anything outgrow it. That's for sure. You just add licenses.

Tech support has been great. I've only had to open two cases and they've been very helpful and made it straightforward.

Positive

I've been involved in the deployment of Duo Security a few times and the documentation makes it straightforward.

Overall, the pricing is fair. Customers can wrap it into their Enterprise Agreement, making it easier for them to solve their issues.

We're a Cisco partner, so once the two-factor requirement kicked in and became mandatory for our customers' cyber insurance, we just gravitated right to the Cisco solution.

The proofs of value that we've done are really what sells it. You put it in, get them using it, and then you just buy the license and you don't have to go back.

Employees start off saying, "This is another thing we have to do," but once they get it set up the way they like it, it's very easy. And if anybody gets locked out, we get an email and it's easy to unlock. If the unions were able to adopt it, anybody can.

Overall, it meets all my needs, including price point, and I've been very happy with it.

We use Cisco Firewalls, Cisco Umbrella, and we played a bit with Cisco Duo. The integration between has gotten better recently.

We use them for a security solution, multifactor authentication, and DNS protection.

It helps increase the security posture of the organization.

Cisco saves us time. We automate as many tasks as possible.

The integration is the most valuable feature. The products talk to each other. 

The products help us to detect and remediate threats.

The integration has improved recently but it can still be better. 

We were considering purchasing other products, like AMP for Endpoints, and it was not properly integrated with the firewall function. It might be better now with SecureX.

My company has been using it since before the company was founded more than ten years ago.

Their support can use improvement when it comes to responsiveness. It can take a few business days to convince an engineer that a device is faulty. 

Neutral

We also use other products from other companies for web applications and firewalling, besides Firepower. There are pluses and minuses for the other companies. 

From Gartner's perspective, Cisco products are not market leaders in some areas. 

With good specialists and support, it's easy to implement multiple Cisco products. 

We should be protecting our network and the cost of security and the OpEx is important, but it is more important to have a protected network.

I would rate their security products an eight out of ten.

We use Duo Security for two different parts. One is for access to one of the servers, and the other one is for accessing the VPN connection.

It helped free up the time of IT staff. It helped them to manage the control within the users. They can control who gets access to which part of the system. For example, if there is a group of people who need a certain type of permissions, they can set them up easily. They can gather them in groups and give specific permissions. They can also give specific permissions to only one person.

It has been very useful in detecting or fixing threats that come into the organization.

It's a good thing for the authentication of your credentials. It's easy to use for the security part, and it helps to improve our security posture.

They can make authentication easier. It should be done in a shorter time. Sometimes, it can take a bit more time to get the answer on your phone. You have to wait a bit longer to get the SMS code and other things. There can be some internet or connection issues. They should make it faster because sometimes, it's urgent, and you need to access something as soon as possible.

I have been using this solution for about two years.

In general, all Cisco products, not just the Duo product, have a lot of stability.

Their tech support is pretty good, but there are some disadvantages. Sometimes, they take a long time to answer. I understand that some of the issues are not very easy, and it takes time to research them. I'd rate them an eight out of ten.

Positive

We didn't use any non-Cisco products. We were only using Cisco products. The IT part of our organization is using the Duo authentication system, and we are using another part of the server for authentication.

It's not very hard. It doesn't take long. The IT gives us an access code for it. 

I just downloaded the app, and after that, just got the security code from that department. I entered that, and it was done. That's it. If you are changing your device and they're just resetting your data, it can take two or three minutes maximum for a new device.

I'd rate Duo Security an eight out of ten.

When our users are connecting to our Cisco VPN, Duo effectively ensures that they are who they say they are by taking a second factor into account, such as the cell phone that was used to create their profile. To do this, it sends them a second mode of authentication, such as a PIN or push confirmation. It also geo-locks who is allowed to actually log into our systems. We have it locked to the continental United States and Puerto Rico, and one outsourcing firm that we work with.

Once you have it set up, all you really have to do is add people to a group in the active directory and send them the instructions on how to do it. If you have a lower technical user base, you may have to walk them through it. But once it's set up, it really is automatic.

Not a single person from our IT staff really needed anything other than the instructions. Of the 15 people in our test group, nobody actually needed instructions on how to use it either — beyond what I just wrote up and sent them.

As we get to the older population in our company, the less technical population, we're probably going to have to walk them through it or hold their hands a little bit.

Within our organization, there are currently 15 employees using this solution. Eventually, we will have all 221 office staff users with it set up. Still, we'll probably top out at about 80 users a day.

We will increase the overall usage as our users increase. So, if we hire another 10 people, then we'll buy another license.

The multi-factor authentication process and the geo-locking features are great. It provides us with statistics about the devices that are used to perform the second authentication factor.

Upon successful connection, it tells us where and what device is being used to perform the second authentication factor. For example, when I log in with it, we'll see that I have my iPhone 11 and that it is located in the area via its IP address.

We had some trouble with the password reset function. When a user's password is expired, you can prompt them using Cisco AnyConnect — a password management feature — to change their password in the same channel during the login process. We had a lot of trouble configuring that. As a result, we now have a second channel that bypasses Duo to allow them to reset their password.

For this, we needed Cisco support, Duo support, and our network administrator all lined up. It should have just been something that they could have just configured, but they weren't able to do it in the same channel. We had to actually create a second channel. When you do this, people will try to log on and it'll tell them that their password is incorrect. They'll realize that their password is expired because it's been 90 days. Afterward, they'll have to then go back to AnyConnect, change the channel that they're logging into, attempt to log in, get the password prompt, disconnect from the AnyConnect, and then reconnect using the Cisco Duo multifactor authentication — this is extremely complicated.

Still, it's really only a problem for a small subset of users. The ones who ignore the notifications 10 days before saying, "Hey, change your password."  So, it's not as big of a deal as it sounds. Just by having a functional way to do it, it makes it so that if nobody's on staff, the user can reset their own password without having to call us in the middle of the night on a Saturday, because that's the best time for those passwords to expire. 

Also, it would be nice if it was easier to modify the splash screen that comes up when entering your username and password.

We actually just configured Duo Security — we're in the process of pushing it out. Currently, we've been using it for the past three to four months.

Scalability is definitely up there. It could easily handle many, many, many more authentications than we are currently or ever would use. It could definitely go far beyond what we are currently using.

The technical support agents are definitely knowledgeable; they give us plenty of recommendations on how to do things. They are very quick to send us white papers describing how to fix things ourselves. 

Although they try to push us toward a self-help model, they do eventually get online with us via a WebEx chat with the Cisco reps and help us out. We've never really had any problems finding somebody from chat support that wouldn't jump on to the WebEx meetings with Cisco premium support.

We didn't have anything covering multifactor authentication. We were using Cisco AnyConnect with the tie-in to the active directory, but we just had the single factor — the username and password. Duo allowed us to greatly enhance our security. Now, not only do users have to know their username and password, but they also have to be able to receive the second-factor authentication in order to get in. The same goes for anyone trying to break in.

The initial setup was complex, but due to the support that we received during the onboarding, it was very simple with the exception of the password reset channel that I mentioned earlier that we tried to use but didn't end up doing. The way we have it set up now is actually how it was configured during the onboarding process. It just would've been nice to have had it functionally work — to have that all in one channel.

Regarding deployment, we have an in-house person, but we still had Cisco Duo onboarding support to assist us with the setup. If you have a CCNA, you'll probably be able to do it yourself, but it's just much easier to do it with onboarding support.

The functional part of the onboarding process only took roughly an hour. Including troubleshooting our channel issue, we spent roughly 16 hours before we just decided to go back to the original build.

Our licensing fee is currently on an annual basis.

There are two levels of support with Duo that we were considering. The first level of support is just the two-factor authentication — it doesn't do anything else. But the second level of support provides us with network access control. This basically allows us to say, "Hey, your iPhone hasn't been updated in 10 years, update your iPhone to continue using this service." Or, "Your Windows device does not have updates." It also provided us with the geolocation feature. We were experiencing a lot of break-in attempts from Moldavia. So, thanks to this feature, we just locked out Moldavia. If nobody in Moldavia can connect to our system, then nobody in Moldova can hack us. 

If you're interested in using this solution, be sure to get the onboarding team to set everything up during the onboarding phase. Set up a proxy server if you can and get them to do everything during the onboarding phase — then you won't have any problems.

Compared to the after-purchase support, the onboarding people are a lot more willing to just take over your computer and set things up for you.

Overall, on a scale from one to ten, I would give this solution a rating of ten — it's the best.