Coming October 25: PeerSpot Awards will be announced! Learn more

Duo Security OverviewUNIXBusinessApplication

Duo Security is #1 ranked solution in top Authentication Systems and #3 ranked solution in top ZTNA services. PeerSpot users give Duo Security an average rating of 8.8 out of 10. Duo Security is most commonly compared to Microsoft Authenticator: Duo Security vs Microsoft Authenticator. Duo Security is popular among the large enterprise segment, accounting for 54% of users researching this solution on PeerSpot. The top industry researching this solution are professionals from a computer software company, accounting for 18% of all views.
Duo Security Buyer's Guide

Download the Duo Security Buyer's Guide including reviews and more. Updated: October 2022

What is Duo Security?

Cloud-based user authentication vendor: authenticate with your phone, Duo mobile app, landline, or tokens with or without an internet connection. 

Duo Security Customers

Threadless, Yelp, Etsy, Eventbrite

Duo Security Video

Duo Security Pricing Advice

What users are saying about Duo Security pricing:
  • "It is affordable for what's coming to the table with it, but in this day and age, the cost is looked at under a microscope, and companies need to very finely define what is needed versus what is critical. In some cases, it might not be cost-effective for a company to have it. In a lot of other cases, it is the cost of doing business."
  • "From a business perspective, it is a little bit costly. The licensing is on a per-user basis."
  • "Our licensing fee is currently on an annual basis."
  • "With regard to pricing, for a small business buying a one off, it's pretty expensive. If it's an enterprise that has thousands of employees, however, it's really nothing to protect your data because if your network goes down or it's breached, you're losing millions of dollars every minute. When it comes to a large enterprise, it's priced where it should be because you're talking business to business. You're not talking business to consumer."
  • "I haven't seen any information on the pricing in four years, so I can't comment on that."
  • "It has a fair pricing model. I know they have different tiers, but it would be nice to have different types of licenses for certain groups of users in our organization. That way, we wouldn't have to lump everybody into one group. That would be also one complaint."
  • Duo Security Reviews

    Filter by:
    Filter Reviews
    Industry
    Loading...
    Filter Unavailable
    Company Size
    Loading...
    Filter Unavailable
    Job Level
    Loading...
    Filter Unavailable
    Rating
    Loading...
    Filter Unavailable
    Considered
    Loading...
    Filter Unavailable
    Order by:
    Loading...
    • Date
    • Highest Rating
    • Lowest Rating
    • Review Length
    Search:
    Showingreviews based on the current filters. Reset all filters
    Jeff Naperski - PeerSpot reviewer
    Senior Professional Services Engineer at a outsourcing company with 11-50 employees
    Reseller
    Top 20
    Integrates with tons of applications, works seamlessly, and comes with excellent documentation
    Pros and Cons
    • "Documentation is the most valuable feature, and if you ever have to reach out to them with a question, their support is also fantastic."
    • "More automation and device insights would be helpful in achieving a seamless single pane of glass. Having the additional capability to streamline processes would also make things better."

    What is our primary use case?

    We have implemented it in our organization, and we also implement it for our clients. Duo Security is used to push multi-factor authentication while signing onto computers. We have integrated it with on-premises Active Directory, Azure Active Directory, and Office 365. We have also integrated Duo Security with Mimecast and Mac devices. We have a couple of other use cases, but predominantly, it is for multi-factor authentication. It verifies the identity of a user through a token or a mobile phone app.

    How has it helped my organization?

    It is pretty seamless for establishing trust for every access request, no matter where it comes from. There is logging everywhere. So, if something did happen, you can see everything. In terms of getting conditional access in Azure AD, once you have it set up properly, it just works as expected. They have a huge application inventory that you can integrate with to get that established. They're one of the top vendors.

    It is seamless with an easy-to-use portal. It has a lot of automation in there to onboard users and get them to talk with the Duo system. Once they're in the Duo system, it really comes down to what applications they need to get access to, and they're off to the races. They do a great job on that.

    It helps support hybrid work. It is very important to have something like that in place because when you are in a hybrid environment, you lose some visibility and control. Having Duo Security in place, you can analyze all different authentication logs and anything else that applications might be interacting with. You can quickly pinpoint and troubleshoot something if an issue comes up.

    It is seamless in maintaining network connectivity. In terms of its uptime, in the last couple of years, I can't think of how many times it ever went down. It has to be a very high SLA. It is consistent in maintaining network connectivity across all workplaces, such as campus, branch, home, and micro-office environments.

    It helps to remediate threats more quickly. With application logs, it definitely starts to point you in the right direction to figure things out instead of hunting in a bunch of different directions. In a single pane of glass, you can very quickly see which IP address it was coming from and who was trying to initiate that and on which device. It definitely speeds up the process.

    What is most valuable?

    Documentation is the most valuable feature, and if you ever have to reach out to them with a question, their support is also fantastic.

    Its ease of use is also valuable. From start to finish, you can get the whole environment set up within a couple of hours. Everything is easy to follow. The UI is good, and the process is very straightforward.

    What needs improvement?

    More automation and device insights would be helpful in achieving a seamless single pane of glass. Having the additional capability to streamline processes would also make things better.

    Buyer's Guide
    Duo Security
    October 2022
    Learn what your peers think about Duo Security. Get advice and tips from experienced pros sharing their opinions. Updated: October 2022.
    634,775 professionals have used our research since 2012.

    For how long have I used the solution?

    We have been implementing Duo Security for about four years. 

    What do I think about the stability of the solution?

    It is very stable, and they constantly update the documentation to make it easy to integrate with. The SLAs have been very good when working with them where it is not going down or there are constant problems or anything like that. Overall, it is a very good experience for anybody who is using it.

    What do I think about the scalability of the solution?

    Its scalability is great. There are tons and tons of applications that you can integrate it with. It could become a key piece for the organization for authentication.

    There are probably more than 20 customers who are using this solution.

    How are customer service and support?

    We seldom had to use their support. Most of the time, we go to their FAQs or review their documentation, and we are able to find the answers that we are looking for.

    We had an agent that wasn't installed properly on a Mac device, and they could quickly identify the issue and give us recommendations about what we needed to do to fix it. Once or twice, they've taken a little bit longer to get back to me. They've helped me in solving the issue, but it wasn't a seamless experience. I would rate them an eight out of ten.

    How would you rate customer service and support?

    Positive

    Which solution did I use previously and why did I switch?

    I haven't yet used another solution, but that doesn't mean that I won't. Microsoft is another multi-factor authentication provider. Duo Security is a much more streamlined implementation. If you want easier management, Duo wouldn't meet that need. It is an additional layer of cost that has to get factored in versus a Microsoft solution that may already come included with your license.

    How was the initial setup?

    It is very simple to integrate. You do need to have an understanding of how it integrates with all potential applications, and Duo documentation is fantastic and helpful in getting it implemented.

    Its implementation takes as little as a few hours. Your bigger challenge usually is onboarding end-users into the Duo environment, which comes down to:

    • How many users are part of the project?
    • How easy is it to get in touch with them?
    • How well can they follow the directions to get it fully set up?

    What about the implementation team?

    We implement it for our clients. We are like an integrator. Our clients may purchase the licensing through Duo, and then they sign a statement of work with us to install and get it provisioned for them. Inexperience and not having the time to do it are the two primary reasons why clients ask us to implement it. Sometimes, they can set up the basic pieces of Duo, but they need help with integrating it with Office 365. That's because there are things that need to be set up on that side, and they may not know how to do that.

    Most of the integrations are cloud-based. There are a few clients who want to have a user sign on to a remote desktop, which needs integration with on-premises Active Directory, but most integrations are with Mimecast, Office 365, and Azure AD, and all these are cloud-based.

    What's my experience with pricing, setup cost, and licensing?

    It is affordable for what's coming to the table with it, but in this day and age, the cost is looked at under a microscope, and companies need to very finely define what is needed versus what is critical. In some cases, it might not be cost-effective for a company to have it. In a lot of other cases, it is the cost of doing business.

    What other advice do I have?

    It is somewhat of an uphill battle to get users to buy into it, but after it gets implemented and they see how easy it is, it is a pretty seamless experience.

    A big challenge with end-users is that they see it as another layer that they have to remember and worry about. It is very easy to set up the application to get authenticated. Once you break that curve, it gives end users a sense of security where they know that if they're trying to sign on to Office 365 or some other application, they need to authenticate with Duo to make sure that they have the multi-factor authentication. If they saw a request come in and it wasn't them, they can deny it.

    Duo Security has had minimal impact on our organization, but we do have an increased feeling of security. Knowing that you have to have a certain device to authenticate into whatever you need to authenticate into gives peace of mind.

    It hasn't eliminated trust from our organization's network architecture, but it has added efficiencies to it. There are other things that we might put in place to make sure that we get towards a zero-trust model, but it obviously aids in achieving that end goal.

    It doesn't really provide single-pane-of-glass management. In terms of the security posture of an organization, Duo Security is not a one-stop solution for everything. You still need a combination of a lot of different security measures to develop the full posture, but as far as authentication is concerned, in that one layer, you get the authentication logs and easy integration with all different applications, and you also get some device insights and things like that. All of those together definitely give it points towards being a single pane of glass, but you need other security applications to make that holistic environment very security agnostic.

    It is one of the many key pieces that all organizations need, especially if they want to integrate with many applications. There are other solutions out there, such as from Microsoft, for multi-factor authentication.

    I would rate it a nine out of ten. There is always room for improvement, but for end-to-end authentication, it definitely provides a great mechanism for organizations in getting that single pane of glass.

    Disclosure: My company has a business relationship with this vendor other than being a customer:
    Flag as inappropriate
    PeerSpot user
    Sales engineer manager at a wholesaler/distributor with 1,001-5,000 employees
    Real User
    Works well for all levels of our end-users, giving them options they're comfortable with for authentication
    Pros and Cons
    • "We like the different ways that it allows you to push notifications to people. It can do text, a phone call, and email. We liked the versatility for all of our different end-users, regardless of their level of understanding of the technology."
    • "Duo was clearly purchased, and Cisco has a lot of other panels for their Firepower products, et cetera. They need to continue bringing it, Umbrella, and the endpoint pieces even more together and make the integration a little more seamless among all of them."

    What is our primary use case?

    We use it for security in general. We were looking for something that would integrate with what we already had and that would give us an extra layer of security on top of what we were doing. Since a lot of people were starting to use a lot of handheld devices and equipment at home, we wanted another layer in there.

    How has it helped my organization?

    It hasn't done as much in terms of remediation as it has just flat-out in prevention. Duo has done a very good job in making sure that a problem doesn't become a bigger problem. It's done that very well.

    What is most valuable?

    We like the different ways that it allows you to push notifications to people. It can do text, a phone call, and email. We liked the versatility for all of our different end-users, regardless of their level of understanding of the technology.

    It does a very good job of helping workers feel safe and secure and supported. Some people view it as just another layer of things that they have to go through, but the simplicity of use, such as being able to call in if they need to, or receive a text, takes into account all levels of end-users and what it takes to get that authentication from them.

    It is also important that the solution considers all resources to be external. When you already have certain pieces of security in place, it's really difficult to just rip everything out and replace them. You need something that can start as a standalone solution and then slowly work its way into the rest of your corporate network. When we changed buildings, we had a lot of people working at home for the first time and suddenly using different devices to do their day-to-day jobs, so that aspect became very important.

    When it comes to supporting an organization across a distributed network it becomes very important, again, because the traditional method of backhauling security solutions to a central point gets very dicey. It starts to generate a lot of traffic across a wide area. And what happens if some of that can't get back to you? Or what happens if you're dealing with low bandwidth or other scenarios? Plus, depending on where you're at, they may view that as some kind of encrypted back tunnel and not let that happen. Whereas Duo, because it's more distributed and it's trusted out there, allows you to drop something in on a footprint on a very large scale. Before, it would've been a nightmare to get all that configured properly and working.

    In addition, the single pane of glass management is very important because security is an extremely complex issue. If you have all these different windows to look at, you're not sure if somebody was looking at this window at this particular time, or if they were over there at that window and missed something. The single pane of glass is very important because the biggest enemy of security is complexity. If you miss something because somebody is not watching the right dashboard, it can blow right by you.

    The single pane of glass management does a pretty good job of helping to optimize the user experience, in my particular role. And from what I hear from my team, they're very happy with it. They feel it does a good job for the clients and they love the simplicity.

    What needs improvement?

    There could be improvements made to the dashboards and more integration with the rest of the Cisco ecosystem. Duo was clearly purchased, and Cisco has a lot of other panels for their Firepower products, et cetera. They need to continue bringing it, Umbrella, and the endpoint pieces even more together and make the integration a little more seamless among all of them.

    For how long have I used the solution?

    Our company has been using Duo Security for about two years.

    What do I think about the stability of the solution?

    It's very stable. I don't think we would have gotten it if it wasn't stable. It obviously had set quite a reputation before Cisco acquired it, and that has continued.

    What do I think about the scalability of the solution?

    The scalability has worked great for us. We've not had any issues with it.

    My team gives demonstrations of Duo regularly. The number-one piece of feedback that we get from people is that they like the simplicity. They like the windows, that it's easy to set up, and the features. There are different features and you don't have to turn them all on right away. You can turn on the basic features and get the authentication piece. They like the ability to then drill down and turn on some of those extra features because they don't have to ramp up straight away. They can turn on the basics and be in good shape. Then, if they want to keep tweaking it and turn on all the other pieces, it scales really nicely that way.

    End user-wise, we're probably up to about 600 to 700. Our central office is out of Harrisburg, PA and we have a couple of warehouses across the U.S. where I believe they use it too. It's a bit of a distributed model, but it's not a massive distributed model.

    How are customer service and support?

    I have not personally had to deal with tech support, but my engineers who have had to deal with them have said that they've been very on the ball with quick responses. There have been no major issues.

    Which solution did I use previously and why did I switch?

    We did not use a solution for authentication.

    How was the initial setup?

    It was a little interesting in the beginning when we first put Duo out there because everybody was concerned about text messages on their personal cell phones, and use of their cell phones, and who actually owns their cell phones. We dealt with a lot of what was more along the lines of company policy issues, back and forth.

    But after we got past the initial rollout, everybody seemed to calm right down and we don't get any complaints or negativity about it now. It's just part of normal life. Before Duo was pushed out, there were a lot of other companies that were starting to do the same type of thing. That helped ease the release of the Duo product in our organization because people were already starting to get somewhat used to having that kind of stuff happening.

    What's my experience with pricing, setup cost, and licensing?

    Licensing and pricing are a little bit out of the area that I play in, but I think the pricing is in pretty good shape. 

    One of the issues that we used to have is that Umbrella, Duo, and Cisco Secure Endpoint all had different license quantities that you had to buy. That made it really difficult to buy a complete solution with all the other pieces. I had to buy 25 of this one at a time, and 10 of that at a time, and 15 of another one at a time. They seem to have fixed that and the number of seats that you buy now matches across all the different products.

    Which other solutions did I evaluate?

    We shopped around for other layers of security but I don't think we specifically shopped around for the authentication piece. When we looked at everything, and the dust settled, this was the easiest piece to put on top of what we had and to give us another layer of security.

    What other advice do I have?

    Duo hasn't eliminated trust, but it has certainly been a piece of what has helped build our whole hierarchy. We're moving forward and starting to put other pieces in place too on top of that, things that sync a little better with it.

    Duo is beneficial to the overall connectivity. It doesn't cause any issues. It doesn't cause an excessive amount of delay, from what we have seen. The nice thing about it is that it just sits on top of whatever else is already in place and it doesn't cause disruption to whatever else you're using.

    I rate it highly because it's something that can grow with you, whether you have very little security or a lot of security, whether it's already Cisco or not, and whether you have a mixed mess that you're trying to put into some kind of order. It will go in any direction with you and grow. It will get better as you improve the stuff around it and it will start to integrate with Cisco solutions. It's one of the best products because you have the ability to go with or without Cisco, and it gets better as you add more.

    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    Flag as inappropriate
    PeerSpot user
    Buyer's Guide
    Duo Security
    October 2022
    Learn what your peers think about Duo Security. Get advice and tips from experienced pros sharing their opinions. Updated: October 2022.
    634,775 professionals have used our research since 2012.
    Paul Mhiripiri - PeerSpot reviewer
    Networks and Infrastructure Manager at a financial services firm with 201-500 employees
    Real User
    Easy to integrate, good VPN capabilities, and technical support is quick to assist with problems
    Pros and Cons
    • "The most valuable feature is the ability for users to connect securely to the office using the VPN."
    • "We have had instances where Duo Security stops working on a user's device, which we have fixed by uninstalling and then reinstalling it."

    What is our primary use case?

    We began using Duo Security just after the pandemic began. We set up the VPN for our users so that they could connect from home and use the business applications. It is a security feature that is used on your mobile device, rather than something that is fixed in the office. You can use it at any given moment, as long as you have your mobile device with you.

    Prior to implementing it, they were using just a username and password. That was not secure enough, so there had to be the second level of authentication. As it is now, it is integrated with the firewall. You put in your password and it is followed by a six-digit code that needs to be entered.

    We operate in the financial sector so this product is crucial for our business.

    The security codes are not generated locally, or on-premises. Rather, they are generated and sent from the cloud.

    It is integrated with our Check Point firewall, which is used across different departments. People can connect from anywhere, including from home, and then utilize the business applications in different departments. All of them authenticate using the same firewall.

    Importantly, it's not limited to one vendor or one firewall. You can use it to connect through a primary DC and a secondary DC, even if they are different vendors.

    How has it helped my organization?

    Using this product has improved our organization, primarily with respect to security. Even the system administrator, in charge of setting up the users, would not be able to use another person's ID to connect. This is because they would then need to use Duo Security, which resides on the user's device. This is something that other people cannot do because they can't generate the six-digit codes.

    In terms of securing access to the applications on our network, this solution is very reliable.

    With respect to our users feeling safe, secure, supported, and included, Duo Security is among the best solutions that we have ever used. We have not fully utilized all of the features. However, we're looking at using Duo to authenticate internet banking solutions. Providing a second level of authentication in these situations, perhaps in mobile banking, would be valuable.

    Our regulatory requirements necessitate creating a very secure connection for financial services, which is what we get from this product.

    Having a single solution for multifactor authentication makes it comfortable for the users. They only need to train on one product.

    Maintaining network connectivity is not difficult. We are integrated with Fortinet and Check Point solutions. The Check Point solution is in a different data center than Fortinet, and Duo Security integrates with both of them, despite being from different vendors.

    Overall, this product has helped us to remediate threats more quickly. There is no way that others can generate the security code, such as by using another server. They will not be able to connect or authenticate themselves another way.

    The resilience that Duo Security provides is valuable in terms of meeting our audit requirements. This is important to us because it helps us to meet our regulatory requirements, which are set by the central bank and enforced by our cybersecurity team.

    What is most valuable?

    The most valuable feature is the ability for users to connect securely to the office using the VPN. There's no way to breach security using Duo. No user can connect from a different device, which guarantees access on a per-user basis. The only way somebody else can connect is if the user shares their VPN password, as well as the six-digit code. This is a well-accepted, business solution.

    It is very easy to set up, configure, and integrate this product. It is also easy, from the user's side of things.

    The interface is such that all of the management can be done from a single pane of glass. You can integrate as many applications as you want, and it's up to the enterprise that dictates that. Overall, it's easy to manage and administer. There are not too many moving pieces, which would make things more difficult to administer and troubleshoot when there are problems.

    From our employees' perspective, they are confident that they are the only people that can connect to their accounts. Access to their own accounts remains under their control, and they are the only ones that can connect. 

    What needs improvement?

    The reporting feature is somewhat limited. All that you get is the list of times that the user connected. Given that it's only a secondary authentication, it may not be possible to enhance the reporting.

    We have had instances where Duo Security stops working on a user's device, which we have fixed by uninstalling and then reinstalling it.

    For how long have I used the solution?

    I am in my third year of using Duo Security.

    What do I think about the stability of the solution?

    Due Security is a very stable product. We have never had issues in that regard.

    What do I think about the scalability of the solution?

    This is a very scalable solution. It's not limited to specific applications and we can use it across multiple ones.

    We have 175 end-users.

    How are customer service and support?

    If we need to reach out to them, they would quickly assist us. At any given time, you can get support from Duo Security. This is not a free product and the technical support team is very reliable.

    I would rate the technical support a nine out of ten.

    How would you rate customer service and support?

    Positive

    Which solution did I use previously and why did I switch?

    Prior to implementing Duo Security, our users were not using multifactor authentication. They were simply authenticating with a username and password. That was not secure enough, which is why we implemented the second level of authentication.

    How was the initial setup?

    The initial setup is easy and straightforward. It is very quick to integrate and manage. As it is very easy to integrate, it works well to secure our infrastructure from end to end, helping us to detect and remediate threats.

    You just download the application and within a minute or so, you have an admin panel. After that, it is integrated with the firewall and the users can then quickly connect.

    The integration is easy because Duo gives you a list of steps that vary based on the application and vendor that you want to integrate with. For example, if you want to integrate with a Check Point product then you have one set of instructions, whereas if you want to integrate with a Fortinet product, there is an alternate set for that.

    In total, the deployment took less than two hours to complete.

    What was our ROI?

    Our ROI is mainly from the security side. Because of the regulator's requirement, it's worth the procurement. That said, on our end, we're not fully utilizing the product because you can integrate it with different applications. At this point, we are just using the basic feature, which is to connect to the VPN.

    The administration is comfortable knowing that no user can connect to the system without using Duo authentication.

    What's my experience with pricing, setup cost, and licensing?

    From a business perspective, it is a little bit costly. The licensing is on a per-user basis. However, it's worth the cost.

    We began with a free trial of the product that lasted for one month. After that, we paid for the license to use it.

    Which other solutions did I evaluate?

    We had an option to use Google Authenticator. It is also a secure solution but we chose Duo Security because it was recommended to us, and it has been acquired by Cisco.

    What other advice do I have?

    We do not utilize all of the features that are offered by Duo Security.

    I would rate this solution a nine out of ten.

    Which deployment model are you using for this solution?

    Hybrid Cloud

    If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

    Other
    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    Flag as inappropriate
    PeerSpot user
    Sean Muller - PeerSpot reviewer
    IT Security manager at a energy/utilities company with 201-500 employees
    Real User
    Top 5Leaderboard
    A highly-scalable multi-factor authentication solution
    Pros and Cons
    • "The multi-factor authentication process and the geo-locking features are great."
    • "We had some trouble with the password reset function."

    What is our primary use case?

    When our users are connecting to our Cisco VPN, Duo effectively ensures that they are who they say they are by taking a second factor into account, such as the cell phone that was used to create their profile. To do this, it sends them a second mode of authentication, such as a PIN or push confirmation. It also geo-locks who is allowed to actually log into our systems. We have it locked to the continental United States and Puerto Rico, and one outsourcing firm that we work with.

    Once you have it set up, all you really have to do is add people to a group in the active directory and send them the instructions on how to do it. If you have a lower technical user base, you may have to walk them through it. But once it's set up, it really is automatic.

    Not a single person from our IT staff really needed anything other than the instructions. Of the 15 people in our test group, nobody actually needed instructions on how to use it either — beyond what I just wrote up and sent them.

    As we get to the older population in our company, the less technical population, we're probably going to have to walk them through it or hold their hands a little bit.

    Within our organization, there are currently 15 employees using this solution. Eventually, we will have all 221 office staff users with it set up. Still, we'll probably top out at about 80 users a day.

    We will increase the overall usage as our users increase. So, if we hire another 10 people, then we'll buy another license.

    What is most valuable?

    The multi-factor authentication process and the geo-locking features are great. It provides us with statistics about the devices that are used to perform the second authentication factor.

    Upon successful connection, it tells us where and what device is being used to perform the second authentication factor. For example, when I log in with it, we'll see that I have my iPhone 11 and that it is located in the area via its IP address.

    What needs improvement?

    We had some trouble with the password reset function. When a user's password is expired, you can prompt them using Cisco AnyConnect — a password management feature — to change their password in the same channel during the login process. We had a lot of trouble configuring that. As a result, we now have a second channel that bypasses Duo to allow them to reset their password.

    For this, we needed Cisco support, Duo support, and our network administrator all lined up. It should have just been something that they could have just configured, but they weren't able to do it in the same channel. We had to actually create a second channel. When you do this, people will try to log on and it'll tell them that their password is incorrect. They'll realize that their password is expired because it's been 90 days. Afterward, they'll have to then go back to AnyConnect, change the channel that they're logging into, attempt to log in, get the password prompt, disconnect from the AnyConnect, and then reconnect using the Cisco Duo multifactor authentication — this is extremely complicated.

    Still, it's really only a problem for a small subset of users. The ones who ignore the notifications 10 days before saying, "Hey, change your password."  So, it's not as big of a deal as it sounds. Just by having a functional way to do it, it makes it so that if nobody's on staff, the user can reset their own password without having to call us in the middle of the night on a Saturday, because that's the best time for those passwords to expire. 

    Also, it would be nice if it was easier to modify the splash screen that comes up when entering your username and password.

    For how long have I used the solution?

    We actually just configured Duo Security — we're in the process of pushing it out. Currently, we've been using it for the past three to four months.

    What do I think about the scalability of the solution?

    Scalability is definitely up there. It could easily handle many, many, many more authentications than we are currently or ever would use. It could definitely go far beyond what we are currently using.

    How are customer service and technical support?

    The technical support agents are definitely knowledgeable; they give us plenty of recommendations on how to do things. They are very quick to send us white papers describing how to fix things ourselves. 

    Although they try to push us toward a self-help model, they do eventually get online with us via a WebEx chat with the Cisco reps and help us out. We've never really had any problems finding somebody from chat support that wouldn't jump on to the WebEx meetings with Cisco premium support.

    Which solution did I use previously and why did I switch?

    We didn't have anything covering multifactor authentication. We were using Cisco AnyConnect with the tie-in to the active directory, but we just had the single factor — the username and password. Duo allowed us to greatly enhance our security. Now, not only do users have to know their username and password, but they also have to be able to receive the second-factor authentication in order to get in. The same goes for anyone trying to break in.

    How was the initial setup?

    The initial setup was complex, but due to the support that we received during the onboarding, it was very simple with the exception of the password reset channel that I mentioned earlier that we tried to use but didn't end up doing. The way we have it set up now is actually how it was configured during the onboarding process. It just would've been nice to have had it functionally work — to have that all in one channel.

    What about the implementation team?

    Regarding deployment, we have an in-house person, but we still had Cisco Duo onboarding support to assist us with the setup. If you have a CCNA, you'll probably be able to do it yourself, but it's just much easier to do it with onboarding support.

    The functional part of the onboarding process only took roughly an hour. Including troubleshooting our channel issue, we spent roughly 16 hours before we just decided to go back to the original build.

    What's my experience with pricing, setup cost, and licensing?

    Our licensing fee is currently on an annual basis.

    There are two levels of support with Duo that we were considering. The first level of support is just the two-factor authentication — it doesn't do anything else. But the second level of support provides us with network access control. This basically allows us to say, "Hey, your iPhone hasn't been updated in 10 years, update your iPhone to continue using this service." Or, "Your Windows device does not have updates." It also provided us with the geolocation feature. We were experiencing a lot of break-in attempts from Moldavia. So, thanks to this feature, we just locked out Moldavia. If nobody in Moldavia can connect to our system, then nobody in Moldova can hack us. 

    What other advice do I have?

    If you're interested in using this solution, be sure to get the onboarding team to set everything up during the onboarding phase. Set up a proxy server if you can and get them to do everything during the onboarding phase — then you won't have any problems.

    Compared to the after-purchase support, the onboarding people are a lot more willing to just take over your computer and set things up for you.

    Overall, on a scale from one to ten, I would give this solution a rating of ten — it's the best. 

    Which deployment model are you using for this solution?

    On-premises
    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    PeerSpot user
    Ronnie Scott - PeerSpot reviewer
    CTO at Charter
    Reseller
    Top 20
    Expanded our security posture, but needed better integration with our application stack
    Pros and Cons
    • "It was a simple way of providing two-factor authentication for remote access when we hit the COVID pandemic. It was very easy and quick to get it going."
    • "We found it difficult to integrate it into our broader product family of Microsoft tools and other applications used across our organization."

    What is our primary use case?

    Primarily, it was used as remote access for VPNs. It expanded our security posture, due to the increase in people working from home.

    How has it helped my organization?

    It certainly gave us a much more confident security posture as far as users coming on. 

    Having all resources be external is reasonably important for us. Zero trust is certainly a target. Not that we are there yet, but we would expect everything to be considered mostly untrusted.

    It eliminated trust for remote access, but not from inside our organization.

    It was a simple way of providing two-factor authentication for remote access when we hit the COVID pandemic. It was very easy and quick to get it going.

    What is most valuable?

    Simple authentication for VPN was our primary function, and it worked well for that.

    As far as remote access, simple access, and authentication to gateways, it was perfect.

    Distributed access for ISE has been pretty strong for remote access and works very well.

    It has very strong network connectivity, which works reliably and well. It was very easy for people to connect and the app worked as it should. Just once people connected, they typically had to use a different tool from that point on.

    Duo applies and maintains well network connectivity across campus and remote locations. Remote access from people's homes and branches is also strong. Network connectivity is its strength and does that well.

    What needs improvement?

    We found it difficult to integrate it into our broader product family of Microsoft tools and other applications used across our organization. So, we have pulled back from this solution a little bit. It was easier to use Microsoft MFA, which integrated with everything and still did the two-factor authentication that we needed. 

    There is nothing wrong with the product, as far as its functionality. It was just the breadth of support. It got harder and harder to integrate.

    For what it does, it is fantastic. Once we started hitting Microsoft Office stacks, we then began to find its limitations.

    It is not so good for securing access to our application and network. We found it harder to integrate, particularly with the Office stack, which is our primary application stack. We did get it working with a few other cloud applications that we were working with as part of our single sign-on story. However, it certainly wasn't easy to integrate in-house.

    It created another step for users who don't know about the benefits, as far as the corporate benefits. I wouldn't consider having another app on their phones and having another thing to deal with a positive for our user community.

    For how long have I used the solution?

    My organization has been using it for about two and a half to three years, since around the beginning of the pandemic.

    What do I think about the stability of the solution?

    Stability was good. It was well-designed and simple to implement. Its cloud interaction went very well. We never had any major stability issues. Yeah. We had nothing to complain about regarding its operational functionality.

    What do I think about the scalability of the solution?

    We are a relatively small shop. It was well within our sizing. We never saw any issues with scaling. Obviously, the indications would be that it will scale very well, but nothing we had to experience with.

    How are customer service and support?

    We didn't encounter the technical support much. Things worked very well. Functionality and reliability were never a problem. 

    We asked a few questions about integration and so on. I think we got good answers back. We have had no big complaints, but we didn't have a lot of interaction with them.

    Which solution did I use previously and why did I switch?

    We did not previously use another solution. We brought Duo in as a tool that we could rapidly and easily deploy. It did that job. We actually removed it later, as our primary tool, because we could achieve what we needed with a more integrated single multi-function tool (Microsoft MFA).

    Which other solutions did I evaluate?

    Duo brings in another application for users to deal with. Whereas, Microsoft integrates with their single authentication stack, allowing us to handle their own personal banking accounts and personal two-factor authentication needs in one app. This isn't Duo's strength, and it's not what we see Google and Microsoft doing out in the cloud.

    Single-pane-of-glass management is important for us, but not critical, because fewer management points are better. Duo didn't provide a single pane of glass because of our different application stacks. Whereas, at least Microsoft Authenticator has allowed us to deal with most applications as well as their deep integration with Office.

    Duo needs to adopt the same kinds of concepts that we see from all the major authentication tools, such as Google Authenticator, Microsoft Authenticator, third-party password tools like Bitwarden, and Secret Server from Delinea. All of these are beginning to incorporate more functions into them as a single security tool,  protecting me with authentication codes and six-digit codes that interact with Google, Microsoft, and any of those vendors as part of the tool. There are more functions, fewer tools, and less user impact, which are all benefits. I don't think Duo showed us that as a single tool. Duo did its job really well, but there are many jobs that have to be done.

    What other advice do I have?

    Resilience security is all about business continuity. Resilience is an expected function of that, which is necessary and not optional.

    For businesses wanting to build more resilience, I would say, "Keep it simple," and fewer moving parts is better. That is one of the reasons that we ultimately moved away from Duo. Not because anything was wrong with it, but we could collapse two functions down into one. I think simplicity is really critical. It reduces the amount of time our staff has to spend on it, making things easier. Simplicity would be my number one reason for building resilience into an organization. It allows you to understand better how you are dealing with threats and more simply respond to threats.

    We are a valued reseller who works with Cisco and other vendors. We are primarily a Cisco networking shop across eight locations with 120-odd users who are mostly working from home or at least part-time working from home post-COVID. We have two major offices, a small data center, and five other locations, which are all remote access, using Cisco DMVPN. Microsoft is the application stack that we primarily use, plus cloud applications, and Juniper Mist for our wireless.

    I would rate it as seven out of 10. In the world of network security, it is outstanding and very strong. I have a lot of positive things to say. I think that it needs to be much more seamlessly integrated with today's application stack.

    Disclosure: My company has a business relationship with this vendor other than being a customer: Reseller.
    Flag as inappropriate
    PeerSpot user
    Network Engineer at a tech services company with 11-50 employees
    MSP
    Adds an extra layer of security, is self-managed, and helps remediate threats more quickly
    Pros and Cons
    • "Multifactor authentication is the most valuable feature."
    • "Technical support could be improved. I don't think all support should have to go through an agreement."

    What is our primary use case?

    With Duo, MFA allows the network to have an authenticated user sign-on seamlessly. If someone's entering a password and their user credentials and they want to get access to the network, the Duo app will have a code that the end-user has to input, which then authenticates them. It's a second layer of security before they can access the network. Even if a third party gets your username and password, without that Duo access, they won't be able to access your network.

    How has it helped my organization?

    We don't have to worry so much about the end-user that's logging in.

    What is most valuable?

    Multifactor authentication is the most valuable feature.

    As for establishing trust for every access request, that's exactly what this solution does. Outside of having a username and password, you have to get authentication from Duo as well.

    You can never eliminate trust, but what Duo Security does do is add an extra layer of security. When it comes to the internet, networks, inbound traffic, and outbound traffic, you're always subject to a potential threat. Duo Security just adds another layer.

    It's a great addition to the security of any network infrastructure.

    In terms of helping workers feel safe, everyone knows that the information within the enterprise is safe because the people that are logging in have been authenticated in more than one way.

    It's pretty easy to maintain network connectivity once it's set up; the end-user uses it to log in. It's not something that you have to constantly manage and deal with apart from pushing updates. It's pretty much self-managed.

    In terms of consistency across workspaces, it works all the time, except for when a forced update is needed.

    It helped us remediate threats more quickly. For instance, if someone accesses your credentials or you leave your laptop open and someone gains access when it times out, you still need the Duo code that is sent. A new code is always needed to be able to access that laptop or even that phone. Then, from there you're able to safeguard the information that your company has.

    Nowadays, data is the number one commodity, so protecting that at all costs is really important. Duo helps with that with end-users. The thing about end-users is that they are volatile. You can't really control what someone does. So, Duo security helps with managing that by having them implement a new time code that's always sensitive.

    What needs improvement?

    Technical support could be improved. I don't think all support should have to go through an agreement.

    For how long have I used the solution?

    I've been using this solution for seven years.

    What do I think about the stability of the solution?

    It's very stable. There aren't many issues with Duo.

    What do I think about the scalability of the solution?

    The scalability is just fine. If you scale a certain amount, you have to upgrade and update your license. Outside of that, it's fine.

    We are a large organization that deals with a lot of high transactional payments, and we have a large number of users, maybe 100,000 a day, and inbound user traffic.

    How are customer service and support?

    If you open up a TAC case and they get to you quickly, it's fine. If you have a service agreement that says that they will get back to you within one to two hours, that's fine because you can resolve an issue. Now, if you don't have that agreement and are just a regular user, they take 48 hours to get back to you, and if you and the network team or the security team can't figure out the issue, a lot of money could be lost in two days.

    Because there's always room for improvement and because I don't think all support should have to go through an agreement, I would rate technical support at eight on a scale from one to ten.

    How would you rate customer service and support?

    Positive

    What was our ROI?

    Anytime your network is secure and it's not breached or there's no downtime or infiltration of your perimeter, there's always an ROI.

    What's my experience with pricing, setup cost, and licensing?

    With regard to pricing, for a small business buying a one-off, it's pretty expensive. If it's an enterprise that has thousands of employees, however, it's really nothing to protect your data because if your network goes down or it's breached, you're losing millions of dollars every minute. When it comes to a large enterprise, it's priced where it should be because you're talking business to business. You're not talking business to consumer.

    What other advice do I have?

    To leaders who want to build more resilience within their organization's security, I would say that you can't go wrong with Cisco products when it comes to security. You can start with Cisco Umbrella, then go down to their firewalls, and then the next-generation firewalls. Then, you can move down to their end-user security endpoints.

    The whole lineup through their security portfolio is really strong. If you're spending $50,000 on a suite and a $100,000 total contract value, you can enter a 3.0 Enterprise Agreement. Then from there, you can lock in prices for one, three, to five years. So, when it comes to any enterprise, when you're talking about security, if you use all of Cisco's security features, from end-user out to your data centers, you'll be pretty well off.

    If you have security concerns, implement Duo for your end-users.

    Overall, I would rate Duo Security an eight on a scale from one to ten.

    Which deployment model are you using for this solution?

    On-premises
    Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
    Flag as inappropriate
    PeerSpot user
    Patryk Rurek - PeerSpot reviewer
    Dynatrace Architect at a hospitality company with 10,001+ employees
    Real User
    A robust solution with impeccable stability and good functionality, it fits well in a layered defense strategy
    Pros and Cons
    • "The app has greater stability than rival solutions such as Google Authenticator, and Duo Push authentication is a valuable feature."
    • "I would like to see some features simplified, such as securing, configuring, and implementing Microsoft Remote Desktop. Other than that, the solution was rock solid throughout my time administering it."

    What is our primary use case?

    Our primary use case is for two-factor authentication. We also use the solution to secure Microsoft Remote Desktop, VPN, and SSH connections.

    We deployed the product primarily to address security concerns, for example, implementing a more secure security posture using Duo Security.

    My initial deployment of the product at a previous employer was across multiple environments and business units. We were primarily an active directory shop using Windows servers and desktops and Wise desktops, all of which utilized Duo Security as their two-factor solution.

    In my current environment, the tool is implemented in different forms, on-premise and in the cloud. We deploy it everywhere.

    How has it helped my organization?

    Duo Security has been utilized in multiple organizations I've worked for, and it simplifies connecting securely via VPN, Microsoft Remote Desktop, and SSH.

    What is most valuable?

    The app has greater stability than rival solutions such as Google Authenticator, and Duo Push authentication is a valuable feature. 

    The product worked to establish trust for as long as I've used it. It's a more functional solution than some competitors, which I discovered during the POC process. I think that Duo Security considering all resources to be external is one of the reasons why they are at the top of their field. 

    Duo Security simplified establishing trusted connections, making it easier to implement distributed network solutions. I've always found it to be a good part of a layered defense strategy. 

    Most of the end users when I was responsible for implementation, didn't quite understand the value of the solution until it was demonstrated. 

    The tool does provide single-pane-of-glass management in my experience. I haven't implemented the solution for years, but I'm a user in my personal and professional life. Therefore, I can say that feature is essential in making Duo Security one of the critical steps in a defense-in-depth strategy. 

    I never had any problems maintaining network connectivity, and it always performs well.  

    Based on the logging I have seen Duo Security use, I would say their solution does help with threat remediation. It is an integral part of the defense strategy. 

    A robust two-factor authentication solution is a massive part of a proper defense strategy, and having Duo makes it easier to implement and manage that two-factor solution. 

    What needs improvement?

    I would like to see some features simplified, such as securing, configuring, and implementing Microsoft Remote Desktop. Other than that, the solution was rock solid throughout my time administering it. 

    For how long have I used the solution?

    I have been using the solution for six years.

    What do I think about the stability of the solution?

    The solution is very stable, I've never seen it go down.

    What do I think about the scalability of the solution?

    The product is incredibly scalable.

    How are customer service and support?

    I had to contact technical support on a few occasions, and my problem was always resolved, but it took some time and work to reach a workable solution. My experience with them is primarily positive, but there is room for improvement.

    How would you rate customer service and support?

    Neutral

    Which solution did I use previously and why did I switch?

    At the job in which I carried out the POC for the solution, we used physical RSA tokens, and I have been at locations that use HID tokens. In my opinion, the soft token solution is far better; it's more user-friendly, and staff can utilize the strategy more efficiently, effectively, and, unfortunately for RSA, more securely than the physical tokens offer.

    How was the initial setup?

    The basic deployment is very straightforward, though some Microsoft Remote Desktop support elements were a little more complicated. Primarily in getting the correct values and additional resources required for the deployment.

    I wasn't involved in the deployment at my current company. At my previous employer, I did the POC and the initial training for our help desk groups.

    What about the implementation team?

    I carried out the implementation myself; I was responsible for maintaining all of the integration points and training the help desk team members to support the product.

    What was our ROI?

    It's hard to precisely measure an ROI for security solutions, but I would say it provides a return.

    What's my experience with pricing, setup cost, and licensing?

    I haven't seen any information on the pricing in four years, so I can't comment on that. 

    Which other solutions did I evaluate?

    We tested a SecureAuth solution that didn't meet our security standards. We wanted to try RSA Authentication Manager, but that was more complex for users, so we decided to go with Duo Security.

    What other advice do I have?

    I would rate this solution an eight out of ten.

    When I carried out the POC for Duo Security at my former employer, I pitched it to them because it simplifies the login process and has excellent notifications. Physical tokens can be hard to read, especially for admins and staff trying to remediate problems late at night. We wanted a solution that was easy to set up and configure, and that is what we got; being a cloud-based solution, Duo Security is much easier to manage. We don't need to worry about managing, upgrading, and configuring much on our side; that's all handled in the cloud.   

    The first company I mentioned working for was based in Ann Arbor, and Duo Security is or was based there too. I had personal relationships with several team members and recognized their product's value.

    The solution improved trust models within our organization, significantly changing how people view connecting to the network. I don't think that it has had an impact on employee morale.

    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    Flag as inappropriate
    PeerSpot user
    Homer Martinez - PeerSpot reviewer
    Network Administrator at a retailer with 1,001-5,000 employees
    Video Review
    Real User
    Top 20
    Establishes trust with every integration or any sort of application that you are using
    Pros and Cons
    • "It is really scalable. It is easy once you get an application in. You can import users from Active Directory and enroll users really fast."
    • "They could just continue to add more integrations."

    What is our primary use case?

    We were really looking for two-factor authentication to secure our applications. We are basically looking for it to reduce risk.

    I am in the retail space at a company with more than 2,500 employees.

    It is SaaS. For VPN, we have our on-prem RADIUS servers, and there is an agent on our servers for RDP.

    How has it helped my organization?

    I definitely had some places where employees had password breaches in other locations, and it saved us there.

    It has definitely decreased our security risk.

    It does a really good job of helping workers feel safe, secure, supported, and included. In the beginning, it was new to everybody, so there was a little bit of friction with the onboarding. However, after everybody got used to it, they were quickly able to run with it and had very few problems using it. This has definitely been important for us. 

    Duo has helped us remediate threats more quickly by having one spot to look at. We can see whether a user authenticated it from somewhere or if they were denied a two-factor request.

    What is most valuable?

    The most valuable feature is just the ease of use. Out-of-the-box, there are so many integrations that are really easy to set up and use in a matter of minutes, depending on what the application is.

    It establishes trust with every integration or any sort of application that you are using, whether it is VPNs, Azure AD, or remote desktop.

    Duo provides single-pane-of-glass management. This is pretty important, especially if you are trying to respond to a security event. You don't want to look at different places and potentially forget to look at one spot. Now, we can have all our logs in one spot.

    The single-pane-of-glass management does a really good job of optimizing the user experience, especially with the updates that they provide. They really take in customer feedback. I have been on several customer feedback panels before, and they do surveys. They are constantly improving the product.

    What needs improvement?

    They could just continue to add more integrations.

    For how long have I used the solution?

    I have been using it for about seven years, since 2015.

    What do I think about the stability of the solution?

    It is pretty stable. They are really proactive. So, if there is an issue with a certain cloud instance or feature, they are proactive. They email you and tell you what is going on, sending updates. Stability-wise, we have hardly had any issues using them. It hasn't affected our production at all.

    Maintenance is minimal. There are some agent updates that you need to do every now and then, but for the cloud stuff, that is all taken care of.

    What do I think about the scalability of the solution?

    It is really scalable. It is easy once you get an application in. You can import users from Active Directory and enroll users really fast.

    How are customer service and support?

    I have only had to use them a couple of times. Every time, support was pretty easy to use. I would rate them as nine out of 10.

    How would you rate customer service and support?

    Positive

    Which solution did I use previously and why did I switch?

    We previously didn't have any sort of two-factor authentication. We were just looking for more security so people wouldn't be reusing passwords or have data breaches. 

    Earlier, we had solutions in the cloud and on-prem. So, it just helps having it in one spot. We can make sure any applications that we are using have been secured.

    How was the initial setup?

    The deployment took two months. We did a proof of concept, which didn't include that time. That time was just for the first application that we did, which was about two months. Then, as we grew into it, we added more applications so time was added as well.

    What was our ROI?

    We have seen ROI, but I wouldn't know what that metric would be. I don't have an off-hand, hard metric for that. It is for the unseen risk, and how do you measure an unseen risk?

    It definitely offers resiliency. If you are managing all your applications in one location, you can lock people out of it. So, it is just a fast way to remediate any sort of security issues. It has been important for reducing all the risk that comes with users having access to internal applications or cloud applications.

    What's my experience with pricing, setup cost, and licensing?

    It has a fair pricing model. I know they have different tiers, but it would be nice to have different types of licenses for certain groups of users in our organization. That way, we wouldn't have to lump everybody into one group. That would be also one complaint.

    Which other solutions did I evaluate?

    We did evaluate other options. Since it was so long ago, I can't remember which other ones we looked at, but I do remember they were not as easy to implement.

    We chose Duo Security for its ease of implementation and the number of applications that they are integrated with.

    What other advice do I have?

    Definitely take the end user process or perspective into account when trying to choose something. I feel like that will make or break a product.

    We did VPN. Network connectivity was a requirement for VPN. In that regard, it would be easy.

    I would rate it as nine out of 10.

    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    Flag as inappropriate
    PeerSpot user
    Buyer's Guide
    Download our free Duo Security Report and get advice and tips from experienced pros sharing their opinions.
    Updated: October 2022
    Buyer's Guide
    Download our free Duo Security Report and get advice and tips from experienced pros sharing their opinions.