D
Duo Security
Cisco · Identity & Access
Trusted access and multi-factor authentication
Overview
Duo Security (now Cisco Duo) provides MFA, device trust, and zero-trust access controls. It sits in front of any VPN, web app, or on-premises system to enforce MFA and verify device health before granting access, regardless of the identity provider in use.
UK Pricing
Duo Essentials from ~£3/user/mo. Duo Advantage (device trust) ~£6/user/mo. Duo Premier (ZTNA) ~£9/user/mo.
Target Size
Any size
Why Use It
Duo is the fastest way to add MFA to legacy systems (VPNs, on-prem apps, RDP) that don't natively support modern authentication. If you have a mix of cloud and on-premises systems, Duo unifies MFA across all of them without replacing your IdP.
Why Not
If you're fully on Microsoft 365, Entra ID MFA (included in Business Premium) with Microsoft Authenticator provides comparable protection at no extra cost. Duo's value is in hybrid and legacy scenarios.
Pros & Cons
Pros
- Easy to deploy MFA on any existing system including legacy apps and VPNs
- Device Trust checks health before granting access
- Duo Push is user-friendly and supports number matching
- Works alongside any IdP (Entra, Okta, on-prem AD)
- Trusted Access reports show who accessed what and from where
Cons
- Overlaps with Entra ID MFA and Okta Verify if already using those
- Cisco acquisition has added complexity to licensing
- Duo Essentials lacks some reporting features needed for compliance
- App-by-app integration can be time-consuming for large portfolios
- Pricing has increased post-Cisco acquisition
How to Get the Most Out of It
- Enable number matching on Duo Push to eliminate MFA fatigue attacks
- Use Duo Device Health to block access from unmanaged or unhealthy devices
- Configure Duo for your VPN first — it's usually the quickest win with the most security impact
- Use Duo's Risk-Based Authentication to step up to stronger verification for risky logins
- Export Duo authentication logs to your SIEM for compliance and anomaly detection