LLMpediaThe first transparent, open encyclopedia generated by LLMs

Duo Security

Generated by GPT-5-mini
Note: This article was automatically generated by a large language model (LLM) from purely parametric knowledge (no retrieval). It may contain inaccuracies or hallucinations. This encyclopedia is part of a research project currently under review.
Article Genealogy
Parent: Ping Identity Hop 4
Expansion Funnel Raw 67 → Dedup 0 → NER 0 → Enqueued 0
1. Extracted67
2. After dedup0 (None)
3. After NER0 ()
4. Enqueued0 ()
Duo Security
Duo Security
Cisco · Public domain · source
NameDuo Security
TypeSubsidiary
IndustryCybersecurity
Founded2010
FoundersJon Oberheide; Dug Song
HeadquartersAnn Arbor, Michigan; later Palo Alto, California
Key peopleDug Song; Jon Oberheide; Zach Lanier
ProductsMulti-factor authentication; Zero Trust; Access controls
ParentCisco Systems (from 2018)

Duo Security Duo Security is an American cybersecurity company specializing in authentication and access security for cloud and enterprise environments. Founded in 2010, the company developed multi-factor authentication and zero trust access solutions adopted by organizations across technology, finance, healthcare, and education sectors. Duo was acquired by Cisco Systems in 2018 and continues to operate as a brand within a major networking and security portfolio.

History

Duo Security was co-founded in 2010 by Dug Song and Jon Oberheide following prior work at Damballa and projects connected to the University of Michigan research community; early funding included investors such as Redpoint Ventures and Google Ventures that supported rapid growth. The company relocated operations between Ann Arbor, Michigan and Palo Alto, California while expanding product development and sales teams to serve clients including Toyota and institutions in the Higher education in the United States sector. In 2015 Duo raised capital in a round led by Index Ventures and Scale Venture Partners, deepening partnerships with platform providers like Amazon Web Services, Microsoft, and Google Cloud Platform. In 2018 Duo announced an acquisition by Cisco Systems in one of the notable transactions of that year within the Information technology industry consolidation trend.

Products and services

Duo's core offerings center on multi-factor authentication (MFA), device health checks, and conditional access capabilities integrated into cloud and on-premises environments. Product lines include an MFA service that supports push notifications, passcodes, and hardware tokens compatible with standards from the FIDO Alliance, OATH-based token schemes, and Universal 2nd Factor devices. The company offered single sign-on (SSO) integrations with enterprise platforms such as Salesforce, ServiceNow, and Slack plus connectors for directory services like Active Directory and LDAP. Additional services encompassed device security posture features that integrate with endpoint management vendors including VMware, Microsoft Intune, and Jamf, enabling conditional access policies for remote workforces during crises like the COVID-19 pandemic.

Technology and architecture

Duo implemented a cloud-native architecture relying on scalable services, load balancing, and geographically distributed data centers to provide high-availability authentication. The platform interoperated with standards such as SAML 2.0, OAuth 2.0, OpenID Connect, and RADIUS to connect with identity providers and legacy VPNs like Cisco AnyConnect. Duo's mobile-first approach utilized SDKs for iOS and Android client integration and supported hardware token vendors including Yubico. The company embraced cryptographic practices aligned with recommendations from organizations like the National Institute of Standards and Technology and participated in industry groups such as the FIDO Alliance to advance passwordless and phishing-resistant authentication methods. Infrastructure automation and continuous deployment workflows drew on tools and practices common within DevOps-oriented firms and platform providers such as HashiCorp and Kubernetes-based orchestration projects.

Security and compliance

Duo pursued compliance attestations and certifications to meet requirements for regulated industries, aligning with standards such as SOC 2, ISO/IEC 27001, and frameworks referenced by HIPAA-covered entities and PCI DSS environments. The company published security whitepapers and operated a vulnerability disclosure program to engage researchers from communities including Bugcrowd and HackerOne-style initiatives; Duo collaborated with incident response teams at organizations like Mandiant and auditors from firms such as Deloitte during assessments. Encryption of authentication flows, secure storage practices, and audit logging supported client obligations under regional regulations influenced by bodies like the European Union and laws such as the California Consumer Privacy Act.

Market presence and acquisitions

Before and after acquisition by Cisco Systems, Duo maintained a customer base spanning startups to Fortune 500 companies in sectors including Financial institutions, Healthcare in the United States, and Higher education. The acquisition expanded Cisco's portfolio alongside other security assets from transactions involving companies like OpenDNS and aligned with vendor consolidation trends reported across the Cybersecurity market. Strategic partnerships and channel relationships leveraged resellers and managed service providers including Deloitte, Accenture, and systems integrators serving cloud migrations to Amazon Web Services and Microsoft Azure.

Reception and criticism

Duo received recognition in industry coverage from outlets such as TechCrunch, Wired (magazine), and analyst firms like Gartner for its ease of deployment and usability in multi-factor scenarios. Security researchers and enterprises praised Duo's push-based authentication for reducing phishing risk compared with SMS-based methods, mirroring recommendations from NIST and the FIDO Alliance. Criticism included debates over vendor lock-in and concerns about cloud-dependency raised by infrastructure teams managing on-premises legacy systems such as RADIUS-based VPN concentrators; other observers compared pricing and feature sets against competitors like Okta, Ping Identity, and Microsoft Azure Active Directory. There have been community discussions about centralized identity services and resilience in face of outages impacting services from major cloud providers like Amazon Web Services and Google Cloud Platform.

Category:Cybersecurity companies