LLMpediaThe first transparent, open encyclopedia generated by LLMs

Duo Security (Cisco)

Generated by GPT-5-mini
Note: This article was automatically generated by a large language model (LLM) from purely parametric knowledge (no retrieval). It may contain inaccuracies or hallucinations. This encyclopedia is part of a research project currently under review.
Article Genealogy
Parent: Atlassian Hop 3
Expansion Funnel Raw 76 → Dedup 6 → NER 3 → Enqueued 3
1. Extracted76
2. After dedup6 (None)
3. After NER3 (None)
Rejected: 3 (not NE: 3)
4. Enqueued3 (None)
Duo Security (Cisco)
NameDuo Security (Cisco)
TypeSubsidiary
IndustryComputer security
Founded2010
FoundersDug Song; Jon Oberheide
HeadquartersAnn Arbor, Michigan; San Francisco, California
ParentCisco Systems

Duo Security (Cisco)

Duo Security (Cisco) is a cybersecurity subsidiary focused on multi-factor authentication and zero trust access solutions, acquired by Cisco Systems in 2018. The company was founded by Dug Song and Jon Oberheide and grew from a startup incubated near University of Michigan and Y Combinator into an enterprise provider used by organizations including Facebook, Yelp, and Uber. Duo's offerings emphasize device trust, adaptive access, and cloud-native integration across platforms such as Microsoft Azure, Amazon Web Services, and Google Cloud Platform.

History

Duo was founded in 2010 by Dug Song and Jon Oberheide, who previously worked on projects at McAfee and the University of Michigan; early funding included investors such as Benchmark (venture capital firm), Google Ventures, and True Ventures. The company participated in Y Combinator and expanded with offices in Ann Arbor, Michigan and San Francisco, California, hiring talent from firms such as Twitter, Yahoo!, and Facebook. Duo released its flagship two-factor authentication service in the early 2010s and secured customers across sectors including Walmart, Salesforce, and Adobe Systems. In 2018 Duo was acquired by Cisco Systems for approximately $2.35 billion, joining Cisco's security portfolio alongside OpenDNS and Duo's acquisition partners. Post-acquisition leadership transitions involved executives from Palo Alto Networks and changes aligned with Cisco's strategy under CEO Chuck Robbins.

Products and Services

Duo provides multi-factor authentication (MFA), device health checks, and zero trust network access (ZTNA) under product names such as Duo Access and Duo Beyond; these services integrate with identity providers like Okta, Microsoft Active Directory, and Ping Identity. The product suite supports protocols including RADIUS, SAML, OAuth 2.0, and SCIM and offers client applications for Android (operating system), iOS, Windows 10, and macOS. Duo's cloud-managed service includes administrative consoles used by enterprises such as Target (retailer), Capital One, and JPMorgan Chase for policy management, device remediation, and single sign-on with platforms like Office 365 and Workday. Professional services and training are provided, drawing customers from sectors including Healthcare (United States), Higher education in the United States, and Financial technology firms.

Technology and Architecture

Duo's architecture centers on a cloud-based service that brokers authentication and device trust signals, leveraging APIs and SDKs for integration with applications and network gateways such as Citrix Systems, VMware, and F5 Networks. The system uses cryptographic techniques and mobile app push notifications to verify user identities, interfacing with hardware tokens from vendors like Yubico and standards bodies including FIDO Alliance. Duo's device posture checks assess operating system versions and endpoint status via agents and APIs compatible with Windows Defender, Jamf, and MobileIron management stacks. The platform scales using cloud infrastructure patterns similar to those employed by Amazon Web Services, Google Cloud Platform, and Microsoft Azure, and relies on telemetry and logging integrations with SIEM tools such as Splunk and IBM QRadar.

Security and Compliance

Duo's services aim to meet compliance frameworks and certifications including SOC 2, HIPAA, and ISO/IEC 27001 for customers in regulated industries like Healthcare (United States) and Financial technology. The company publishes security whitepapers and participates in standards development with organizations such as the Internet Engineering Task Force and the FIDO Alliance. Duo's threat models address password compromise, phishing, and lateral movement, offering risk-based policies and anomaly detection interoperable with solutions from CrowdStrike, Palo Alto Networks, and McAfee. Audits and third-party assessments are conducted to validate encryption practices and key management consistent with guidance from National Institute of Standards and Technology and cloud security best practices advocated by Cloud Security Alliance.

Market Impact and Adoption

Duo captured market share in the MFA and zero trust segments during the 2010s, competing with providers such as Okta, Microsoft, and Ping Identity and influencing enterprise adoption strategies at firms including Dropbox, Airbnb, and Slack (software). The acquisition by Cisco positioned Duo within a broader security portfolio that includes Cisco SecureX, affecting channel partners such as Deloitte and Accenture and OEM integrations with vendors like HP Enterprise and Dell Technologies. Analysts from Gartner and Forrester Research have cited Duo in reports on authentication and zero trust, and the product contributed to industry shifts toward passwordless and adaptive access models exemplified by initiatives from Google and Microsoft.

Duo's commercial and security practices intersected with legal and policy discussions involving data residency, export controls, and government access; these issues paralleled debates involving Apple Inc. and Microsoft on encryption and law enforcement requests. Post-acquisition, Duo's integration into Cisco Systems raised antitrust and consolidation concerns similar to scrutiny faced by large technology mergers involving Facebook and Google, though no major enforcement action specific to Duo was reported. Security researchers and academics from institutions such as University of Michigan, Carnegie Mellon University, and Stanford University have analyzed authentication threats that informed product changes; occasional vulnerability disclosures led to coordinated remediations with vendors including Apple Inc. and Google to address platform-specific issues.

Category:Computer security companies