Duo Security: Product Overview and Insight

Duo Security makes zero-trust security, enabling organizations to provide trusted access to critical applications, for any user, from any device, from anywhere.

Duo.Security.PO

eWEEK has started a new IT products and services section that encompasses most of the categories that we cover on our site. In it, we will spotlight the leaders in each sector, which include enterprise software, hardware, security, on-premises-based systems and cloud services. We also will add promising new companies as they come into the market.

Company Name Duo Security (zero trust security software)

Company description: Duo Security, acquired by Cisco Systems on Aug. 2, 2018, provides zero-trust security with Duo Beyond, enabling organizations to provide trusted access to critical applications, for any user, from any device, from anywhere. The company’s success is rooted in its mission to protect organizations against data breach by making security easy and effective.

Privately-held Duo is a trusted partner to more than 10,000 customers worldwide, including Etsy, Facebook, University of Michigan, Yelp, Zillow and more. The company also has technical partnerships with Microsoft, Workday, VMware, Intel and hundreds of other technology leaders.

Founded in 2010 by Dug Song and Jon Oberheide, the Ann Arbor, Michigan-based company has offices in Detroit, San Mateo, Calif.; Austin, Texas; and London.

Markets:  Duo serves customers in 100+ countries worldwide in the VSB, SMB, mid-market, enterprise and channel segments.

International Operations: London

Product and Services: Duo’s cloud-based product suite, delivered in a software-as-a-service (SaaS) model, consists of its flagship “Push” two-factor authentication (2FA) technology, device health check and insight dashboard, secure Single Sign-On (SSO), mobile and endpoint security, user and entity behavior analytics and Duo Insight phishing simulation tool.

Key Features:

  • Duo Free: The company’s free offering (up to 10 users) offers Duo 2FA for unlimited applications. Push-based notifications, one-time passwords, SMS, U2F and other authentication methods are used to verify a user’s identity.
  • Duo MFA: Provides Duo’s flagship 2FA with added capabilities of user provisioning for both on-premises and cloud applications, advanced administrative management, access controls, endpoint and mobile device inventory, and Duo’s secure SSO solution.
  • Duo Access: Duo Access extends the capabilities provided in Duo MFA with visibility into and control over devices, including personal devices, accessing corporate applications. Duo verifies the security posture of all devices as well as the identity of every user before granting access to protected applications, without the use of agents. Additionally, Duo Access allows end users to self-correct security shortcomings on their devices to improve the organization’s overall security posture.
  • Duo Beyond: Duo’s premium product, Duo Beyond, enables organizations to provide trusted access to all applications, for any user, from any device, from anywhere. Duo Beyond provides a zero-trust security platform that allows organizations to control access to applications from corporate-issued or personal devices and base application access decisions on trusted user identities, instead of the networks from where access originates.
  • Duo Insight: Duo Insight is a free phishing risk assessment tool that allows you to find vulnerable users and devices. With Duo Insight, administrators can automate and deploy phishing campaigns in minutes and receive valuable insight into the risk profile around their users and devices.

Insight and Analysis:

Pro: QuinStreet Inc. (publisher of eWEEK) itself uses Duo for its multi-factor identification application in order to access the company’s email (Microsoft Outlook) application. Generally, we find that Duo works as advertised and that it protects the access to company email very well. We use it in conjunction with another app, GlobalProtect, to log in on a daily basis. The combination of these two enables QuinStreet employees to work safely within the Outlook app for nine-hour blocks of time. It only takes a few seconds to log in.

Con: Sometimes the connection among the three apps (Duo, GlobalProtect and Outlook) doesn’t happen immediately. Wi-Fi and a virtual private network, if used, also provide interaction points that can fail in this chain of command. A user cannot immediately be certain exactly where the breakdowns occur, but they do happen on an occasional basis, and when it does happen, the user will have to wait for about 10 minutes to try again and connect. This can be annoying to the user and potentially dangerous to the business, especially if there’s a time factor involved.

The following analysis is from a user on Gartner Peer Insights:

Overall Comment: Duo has worked with us to understand and train up on the product. They are always available and easy to work with on both the sale and the implementation.

Q: If you could start over, what would your organization do differently?

A: We might have looked harder at the Microsoft full solution. It may have been more cost effective to integrate to our Microsoft cloud but Duo has been great as a spot solution.

Q: What one piece of advice would you give other prospective customers?

A: Review all the products available and then narrow the field. Don't rule a vendor out because they are integrated with other products and services. Duo was a great choice on everything but the cost.

Q: What one thing do you wish the vendor did differently?

A: Duo has been a great vendor and I don't think we have any other needs from them. The product works and they have been very supportive as we bring systems online.

Q: What do you like most about the product or service?

A: The people at Duo are helpful and realize that for their product to be successful, it has to work and be fully implemented. They are willing to help make the product a success and are listening to our requests and suggestions for expanding the product's capabilities. The people at Duo are really partners in our security and success rather than just a vendor.

Q: What do you dislike most about the product or service?

A: Con: The price was a little high for the product but the quality and service has been tremendous so I don't really have any dislikes. We paid for quality and are receiving it.

Q: Would you recommend this product or service to others?

A: Yes

Q: Please explain your willingness or hesitation to recommend this product or service.

A: I like the product in the space. I would caution any of my peers to look at the full category and narrow your selections. For most companies, Duo will be in the final group with regards to quality and service.

---------------------

IT Central Station has a page on Duo Security here.

List of current customers: Akamai Technologies, Children’s Health System of Texas, Dresser-Rand Group, Etsy, Facebook, McKean Defense, Random House, Stryker Corp., University of Michigan, Zillow and others.

Delivery: Software as a service, cloud, mobile

Pricing:

  • Duo Free: Free up to 10 users
  • Duo MFA: $3 / User / Month
  • Duo Access: $6 / User / Month
  • Duo Beyond: $9 / User / Month

Other key players in this market:  RSA/Dell, Symantec, SecureAuth, Okta, OneLogin

Contact information for potential customers:

https://duo.com/about/contact

https://duo.com/

US: +1 (866) 760-4247

UK: +44 8003 585 309

Resources:

eWEEK.com

Gartner Peer Insights

IT Central Station

Crunchbase

Chris Preimesberger

Chris J. Preimesberger

Chris J. Preimesberger is Editor-in-Chief of eWEEK and responsible for all the publication's coverage. In his 13 years and more than 4,000 articles at eWEEK, he has distinguished himself in reporting...