Cisco closes US$2.3B deal for unified access, multi-factor authentication security firm Duo

Cisco says it has closed the US$2.35 billion deal it made for network identity, authentication security company Duo.

According to Cisco, Duo’s zero trust security model authorizes secure connections to all applications based on the trustworthiness of users and devices. Duo’s cloud-delivered technology lets IT professionals set and enforce risk-based, adaptive access policies and get enhanced visibility into users’ devices and activities.  As more devices come onto the network remotely this issue takes on more importance.

“Outdated devices are particularly vulnerable to being compromised, which can easily spiral into a full-blown, major breach,” wrote Richard Archdeacon, Duo Advisory CISO about a recent Duo study on remote access security.   “Organizations don’t necessarily need to block individuals from using their personal devices, but they do need to re-shape their security models to fit these evolving working practices…If you don’t know what’s connecting to the network, how can you protect data from being compromised? “

Duo in combination with products in Cisco’s portfolio including Umbrella, Stealthwatch, ISE and Tetration will let Cisco to provide an end-to-end Zero Trust Architecture, wrote  Gee Rittenhouse, senior vice president of engineering for Cisco’s Security Business Group in a blog about the Duo acquisition. 

“Integrating our network, device and cloud security platforms with Duo’s zero trust authentication and access products, Cisco’s security architecture is equipped to address the complex challenges that stem from hybrid and multi-cloud environments in today’s work environment,” Rittenhouse wrote. 

A few technical details of the deal include:

• Cisco currently provides on-premises network access control via its Identity Services Engine (ISE) product. Duo's software as a service-based (SaaS) model will be integrated with Cisco ISE to extend ISE to provide cloud-delivered application access control.
• By verifying user and device trust, Duo will add trusted identity awareness into Cisco's Secure Internet Gateway, Cloud Access Security Broker, Enterprise Mobility Management, and several other cloud-delivered products.
• With Duo’s Unified Endpoint Visibility, customers can see, track and report on all end user devices from a single dashboard. Duo's user and device reports give admins actionable data on user behavior and risky devices.

Cisco said that Integration of its network, device and cloud security platforms with Duo Security’s zero-trust authentication and access products will let customers to quickly secure users to any application on any networked device.

The deal is Cisco’s biggest since its $3.7-billion buy of performance monitoring software company AppDynamics in 2017, and its largest in the cyber security sector since its $2.7-billion Sourcefire acquisition in 2013.  Duo, founded in 2009, has about 700 employees working from offices in Ann Arbor, Mich.; Detroit, Austin, Texas; San Mateo, Calif. and London.  Cisco said it expects the deal to close in the first quarter of Cisco’s fiscal year 2019.

According to a report from MarketWatch Duo said in early 2017 that it had recorded $73 million in annual recurring revenue in 2016, growing that total 135% from the year before. In a similar announcement in early 2018, Duo said it had surpassed $100 million in recurring revenue.  Duo Security was valued at about $1.17 billion as of its last funding round.

Cisco Security topped $2 billion in annual revenue for the first time in the 2017 fiscal year, reporting $2.15 billion in sales out of Cisco’s total of $48 billion.

Duo CEO and co-founder Dug Song and the Duo team are joining Cisco’s Networking and Security business led by executive vice president and general manager, David Goeckeler.