Cisco Duo Reviews

When our users are connecting to our Cisco VPN, Duo effectively ensures that they are who they say they are by taking a second factor into account, such as the cell phone that was used to create their profile. To do this, it sends them a second mode of authentication, such as a PIN or push confirmation. It also geo-locks who is allowed to actually log into our systems. We have it locked to the continental United States and Puerto Rico, and one outsourcing firm that we work with.

Once you have it set up, all you really have to do is add people to a group in the active directory and send them the instructions on how to do it. If you have a lower technical user base, you may have to walk them through it. But once it's set up, it really is automatic.

Not a single person from our IT staff really needed anything other than the instructions. Of the 15 people in our test group, nobody actually needed instructions on how to use it either — beyond what I just wrote up and sent them.

As we get to the older population in our company, the less technical population, we're probably going to have to walk them through it or hold their hands a little bit.

Within our organization, there are currently 15 employees using this solution. Eventually, we will have all 221 office staff users with it set up. Still, we'll probably top out at about 80 users a day.

We will increase the overall usage as our users increase. So, if we hire another 10 people, then we'll buy another license.

The multi-factor authentication process and the geo-locking features are great. It provides us with statistics about the devices that are used to perform the second authentication factor.

Upon successful connection, it tells us where and what device is being used to perform the second authentication factor. For example, when I log in with it, we'll see that I have my iPhone 11 and that it is located in the area via its IP address.

We had some trouble with the password reset function. When a user's password is expired, you can prompt them using Cisco AnyConnect — a password management feature — to change their password in the same channel during the login process. We had a lot of trouble configuring that. As a result, we now have a second channel that bypasses Duo to allow them to reset their password.

For this, we needed Cisco support, Duo support, and our network administrator all lined up. It should have just been something that they could have just configured, but they weren't able to do it in the same channel. We had to actually create a second channel. When you do this, people will try to log on and it'll tell them that their password is incorrect. They'll realize that their password is expired because it's been 90 days. Afterward, they'll have to then go back to AnyConnect, change the channel that they're logging into, attempt to log in, get the password prompt, disconnect from the AnyConnect, and then reconnect using the Cisco Duo multifactor authentication — this is extremely complicated.

Still, it's really only a problem for a small subset of users. The ones who ignore the notifications 10 days before saying, "Hey, change your password."  So, it's not as big of a deal as it sounds. Just by having a functional way to do it, it makes it so that if nobody's on staff, the user can reset their own password without having to call us in the middle of the night on a Saturday, because that's the best time for those passwords to expire. 

Also, it would be nice if it was easier to modify the splash screen that comes up when entering your username and password.

We actually just configured Duo Security — we're in the process of pushing it out. Currently, we've been using it for the past three to four months.

Scalability is definitely up there. It could easily handle many, many, many more authentications than we are currently or ever would use. It could definitely go far beyond what we are currently using.

The technical support agents are definitely knowledgeable; they give us plenty of recommendations on how to do things. They are very quick to send us white papers describing how to fix things ourselves. 

Although they try to push us toward a self-help model, they do eventually get online with us via a WebEx chat with the Cisco reps and help us out. We've never really had any problems finding somebody from chat support that wouldn't jump on to the WebEx meetings with Cisco premium support.

We didn't have anything covering multifactor authentication. We were using Cisco AnyConnect with the tie-in to the active directory, but we just had the single factor — the username and password. Duo allowed us to greatly enhance our security. Now, not only do users have to know their username and password, but they also have to be able to receive the second-factor authentication in order to get in. The same goes for anyone trying to break in.

The initial setup was complex, but due to the support that we received during the onboarding, it was very simple with the exception of the password reset channel that I mentioned earlier that we tried to use but didn't end up doing. The way we have it set up now is actually how it was configured during the onboarding process. It just would've been nice to have had it functionally work — to have that all in one channel.

Regarding deployment, we have an in-house person, but we still had Cisco Duo onboarding support to assist us with the setup. If you have a CCNA, you'll probably be able to do it yourself, but it's just much easier to do it with onboarding support.

The functional part of the onboarding process only took roughly an hour. Including troubleshooting our channel issue, we spent roughly 16 hours before we just decided to go back to the original build.

Our licensing fee is currently on an annual basis.

There are two levels of support with Duo that we were considering. The first level of support is just the two-factor authentication — it doesn't do anything else. But the second level of support provides us with network access control. This basically allows us to say, "Hey, your iPhone hasn't been updated in 10 years, update your iPhone to continue using this service." Or, "Your Windows device does not have updates." It also provided us with the geolocation feature. We were experiencing a lot of break-in attempts from Moldavia. So, thanks to this feature, we just locked out Moldavia. If nobody in Moldavia can connect to our system, then nobody in Moldova can hack us. 

If you're interested in using this solution, be sure to get the onboarding team to set everything up during the onboarding phase. Set up a proxy server if you can and get them to do everything during the onboarding phase — then you won't have any problems.

Compared to the after-purchase support, the onboarding people are a lot more willing to just take over your computer and set things up for you.

Overall, on a scale from one to ten, I would give this solution a rating of ten — it's the best. 

We mostly use it for our AnyConnect VPNs and two-factor authentication.

We use Firepower Defense as a firewall, and we have implemented the IPS system on the firewall. Previously, we had ASA, and two-factor authentication was with the code, but now, it's with a push notification. It has somehow made it easier for non-IT employees to easily connect to the VPN, but it, as such, hasn't saved any time. It didn't reduce any tasks. 

It hasn't helped consolidate any tools or applications because we're not using any other security components that can be integrated with it.

The two-factor authentication is valuable because that is the use case for which we are using it.

We first deployed Duo Security for our company with the VPN, and afterward, about a year later, we implemented it for a customer of ours where we offered infrastructure as a service. When I tried to establish a VPN connection through Duo Security, it did not function well on that version, which was the latest one at the time. So, I had to make a copy of the machine and then implement Duo Security with the VPN because it did not function well with the newer version. I didn't know why, but it did not function. I haven't tried to update it since then, but that could be an area of improvement.

I've been using Duo Security for almost four years.

It's stable.

It has good scalability.

They were helpful and fast 90% of the time. They have knowledgeable tech engineers. We didn't have many problems, but any problem that required a case to be opened was resolved quickly. I'd rate their support a nine out of ten.

We didn't use a similar solution previously. We went for this solution because of the consistency of Cisco products and the best cases that it provides. It fulfills our needs as a company.

It was straightforward. I had some issues, but mostly, I followed the complete path from sandboxing to testing and then going live in production.

We have two people, me and my colleague, but it's mostly me.

I am not involved in its pricing, but we haven't yet seen an ROI.

I'd recommend using it. You can read about the product and implement your infrastructure.

I'd rate Duo Security a 10 out of 10.

We use Duo Security for two different parts. One is for access to one of the servers, and the other one is for accessing the VPN connection.

It helped free up the time of IT staff. It helped them to manage the control within the users. They can control who gets access to which part of the system. For example, if there is a group of people who need a certain type of permissions, they can set them up easily. They can gather them in groups and give specific permissions. They can also give specific permissions to only one person.

It has been very useful in detecting or fixing threats that come into the organization.

It's a good thing for the authentication of your credentials. It's easy to use for the security part, and it helps to improve our security posture.

They can make authentication easier. It should be done in a shorter time. Sometimes, it can take a bit more time to get the answer on your phone. You have to wait a bit longer to get the SMS code and other things. There can be some internet or connection issues. They should make it faster because sometimes, it's urgent, and you need to access something as soon as possible.

I have been using this solution for about two years.

In general, all Cisco products, not just the Duo product, have a lot of stability.

Their tech support is pretty good, but there are some disadvantages. Sometimes, they take a long time to answer. I understand that some of the issues are not very easy, and it takes time to research them. I'd rate them an eight out of ten.

Positive

We didn't use any non-Cisco products. We were only using Cisco products. The IT part of our organization is using the Duo authentication system, and we are using another part of the server for authentication.

It's not very hard. It doesn't take long. The IT gives us an access code for it. 

I just downloaded the app, and after that, just got the security code from that department. I entered that, and it was done. That's it. If you are changing your device and they're just resetting your data, it can take two or three minutes maximum for a new device.

I'd rate Duo Security an eight out of ten.

Our primary use case for Duo Security is all user access to email.

Duo Security improved my organization by helping us secure all access points within the company infrastructure. 

Duo Security helped our company consolidate tools, including email and VPN.

What I find most valuable about Duo Security is that it is our one-stop application for multiple MFAs. 

Duo Security could be improved with the addition of more applications. 

Duo Security has not helped free up our IT department's time.

I have been using Duo Security for six months.  

Duo Security's stability is perfect.

Duo Security's ability to scale is perfect. We have 5,000 people using it in four countries. 

I have never used Duo Security's support. 

We previously used integrated multi-factor security from Microsoft 365 and Fortinet FortiToken. We made the switch to Cisco because we wanted to handle everything in one application.

I was not involved in the initial deployment. I do know however that 10 people were involved in the deployment. 

We have seen a return on investment because with Duo Security, we do not have to pay for multiple applications. Instead, we pay for one solution. 

The cost of Duo Security licensing is OK. 

Duo Security provides multi-factor authentication for anything that requires multi-factor authentication. It could be our internal corporate services, such as a single sign-on portal, or applications, such as Google Cloud.

It is very easy for users to enroll. There are a lot of insights that we get from using the app on devices that people use to authenticate.

The push notifications and the integrations they offer are valuable. Their mobile app is very useful. It is very easy to use.

The only time I really had some negative feedback for them was about the UI of their mobile app, but they improved it in the last version. There was no way to (re)name 3rd party OTP accounts so it got confusing when multiple ones were existing. In addition, each account took a lot of space on the screen, they condensed it in the new version to make it easier for people that have a lot of accounts added. Duo has a beta program and actively solicits and listens to feedback which personally I think is great.

It is good on the functionality side, but their pricing model is a little bit weird. Currently, there is no price advantage in signing up for yearly contracts. If you are on a monthly term or a yearly contract, you basically pay the same price, and that is very unusual. Normally, there is a discount when someone signs up for the 12-month system.

I have been using this solution probably since 2014. In this company, we have been using it for two years in total.

It is stable. Over the last six or seven years, I didn't have any issues where something wasn't working.

The maximum number of users that I have had is around 600, and I haven't found any issues there. In my current organization, every employee is using this solution. We have 250 employees.

I have not interacted with them. I never had to open a support case.

We didn't have anything in place.

It is pretty straightforward. I just need to log in to an account and integrate systems that should be using Duo Security. That's basically it. It probably took me an hour to roll out the accounts.

IT support helps users if they run into problems with the application, but that's about it. There is no separate team for its maintenance and deployment. There are a lot of service options for our users. They don't even need to contact IT support. On a new phone, they can even do it on their own.

It has provided ROI.

Their pricing model is a little bit weird. Currently, there is no price advantage in signing up for yearly contracts. There are no additional costs to the standard licensing costs.

We looked briefly at Okta Verify. It is the Verify app from Okta to use a single sign-on provider. It had the same price but far less functionality. It was a no-brainer to just go with Duo Security.

I would advise others to look at the integrations that are available and see if they can roll it out to as many applications as they can. Encourage users to use Duo Push versus the six-digit pin code that the applicant generates.

I would rate Duo Security a nine out of ten.

We try to use the solution for pretty much everything that we can use with it. The tool helps us to get into our dashboard APIs, and log into Citrix, VPN, and servers. 

I love Duo Security's push notifications. It's simple, fast, and secure. From the user's perspective, the solution is seamless. The security aspect is great. 

We have been using the product for about two to three years in our company. 

I haven't seen any reason to think the solution is unstable. 

The product is very scalable from what I have seen. 

The solution's support is pretty good. It helped us quite a bit. Both Meraki and TAC have been pretty helpful. 

Positive

We switched to Duo Security due to the cybersecurity threats that came with COVID. There was a big one that came against us at one time, but we were able to squash it pretty quickly. The threat was not able to get into the mainframe because of the solution. 

The tool's setup was easy and we didn't require too much outside help to set it up. 

As a network and security guy, security is my return and it has been better with the product's use. 

I would rate the solution a nine out of ten. Duo Security can get spotty at the back end but it doesn't break. It would be great if I could use the product to log into the routers or switches in the infrastructure. We already have Active Directory enabled in our routers and switches. However, if we could do two-factor authentication, then it could go a long way since no one's getting into them unless you want them to. We are all for more security in healthcare. 

Duo Security is multi-factor authentication, specifically a two-factor authentication. It authenticates users so that you can know they're legitimate in the network. It can be used for mobile banking. For example, when you're doing mobile or internet banking with your phone, when it uses OTP, it is using Duo Security.

The most valuable features of Duo Security are visibility and OTP authentication. The OTP is very important because it is a self-enrollment feature, you are able to enroll users very quickly with a shorter time period.

Duo Security could improve by being more compatible with other vendors.

I have been using Duo Security for many years.

The solution is highly reliable.

Duo Security is sized per user. You can even have Duo Security for five users or 3,000 users. It depends on the size of the organization.

The solution is scalable.

The technical support is of a very high level. If you have a problem they will be able to support you. They are able to log in remotely as an engineer to give assistance. If you have the upgraded license then the support is even better and they will do everything for you if you have a problem. The support is extremely good.

The installation is very easy to do for Duo Security and it can be done with one person in one hour.

We have one person for maintenance of the solution and they do not need a lot of training to be able to do it. There is a manual that can be followed.

The licensing is very good because it does not cost a lot of money. It's affordable for all-sized customers, including enterprises. There is an additional cost for premium support.

The license can be purchased monthly, quarterly, half-year, or annual.

I would recommend this solution to others. I have seen it being used in large banks and there has never been a complaint about them. It is a very good solution.

I rate Duo Security an eight out of ten.

We are using it for perimeter protection.

We are using it to protect the DMZ servers of our organization. It protects our DMZ servers from malware and web attacks.

It meets our security needs very well. It is easy to use, and documentation is also available. 

It is also very stable and scalable, and its support is also very good. We are satisfied with this solution.

Its documentation must be in French because we are a French-speaking country. They should also provide more training documentation.

Its management interface should also be improved. They should also improve its update period. If I compare its update period with other products such as Palo Alto firewalls, this solution is really slow in updates.

I have been using this solution since October 2019.

It is very stable.

It is very scalable. In my company, I have between 90 to 100 users. We also have some users who are working at another site. 

We have plans to increase its usage, but due to COVID, we're mostly working remotely.

Their technical support is very good. They are very reactive. The last issue for which I contacted them was related to an OS update.

We have used Check Point and Palo Alto solutions previously.

It is very easy for me. I work with a lot of solutions like this. Its deployment took two weeks.

Its price is reasonable. It is not highly expensive.

We evaluated lots of options from different vendors.

I would recommend this solution. Duo Security is the best solution for the cybersecurity challenges that we are facing nowadays.

I would rate Duo Security a ten out of ten.