In today’s modern work environment, where people are on and off the network, security is getting increasingly complex. That is why Cisco has been working to build a comprehensive and integrated security portfolio that protects employees whether they are working at headquarters, at a branch office or on-the-go.

But we also know that the easiest way for a hacker to gain access to an organization’s sensitive data is through stolen credentials. In fact, the Verizon 2017 Data Breach Investigation Report found that 81 percent of hacking-related breaches leveraged either stolen and/or weak passwords.

To reduce organizations’ vulnerability to these types of attacks requires a different approach—one in which we protect an individual’s identity. In order to do so, we must rethink security to include a zero trust model that is identity-centric.

Enter Duo Security.

At the beginning of August, we announced our intent to acquire Duo, a unified access security and multi-factor authentication company headquartered in Ann Arbor, MI. Today, I am happy to share that we have completed the acquisition of the company.

Duo’s people-centric, zero trust security model, allows secure connections to applications – whether on premises or in the cloud. Using multi-factor authentication (MFA) and contextual user access policies, organizations can verify an employee’s identity to ensure they are who they say they are and add more checks on the trustworthiness of devices through security health inspections. With MFA a person’s username and password are not enough to assume an individual’s identity, and the risk of a hacker getting access to critical data is significantly reduced.

To further reduce your attack surface and protect applications, on-premises or in the cloud, companies should define policies that limit access to those users and devices that meet the organization’s risk tolerance levels. With Duo’s cloud-delivered technology, it is easy to establish per-user and per-application policies to restrict remote user access, so employees access only what they need to do their job. In doing so, customers have even greater threat protection by being able to prevent lateral movement.

This is what Duo’s technology does today. We are excited about this, but it is just the beginning. We know there is great value in pursuing integration opportunities within our existing portfolio to drive an even greater security posture. Duo in combination with products like Umbrella, Stealthwatch, ISE and Tetration will enable Cisco to provide an end-to-end Zero Trust Architecture.

Together, Cisco and Duo are designing infrastructure for the extended enterprise where users, devices and applications are the center of the modern security architecture. Integrating our network, device and cloud security platforms with Duo’s zero trust authentication and access products, Cisco’s security architecture is equipped to address the complex challenges that stem from hybrid and multi-cloud environments in today’s work environment.

We are incredibly excited about what this addition will bring our customers, and we look forward to talking about how you can deploy Duo in your environment. You can learn more here.



Dr. Gee Rittenhouse

Senior Vice President and General Manager

Security Business Group