Cisco ups its security game with $2.35B deal to buy Duo Security

Cisco has broadened the reach and depth of its security portfolio with today's news that it's buying Duo Security for $2.35 billion in cash and assumed equity awards.

Duo's security is based on two-factor authorization across any network, device or application. With today's workforce being more mobile, business employees aren't always on their own networks when they are trying to access their applications. By verifying the users with Duo's two-factor authentication and contextual access policies, employees can safely gain access to their applications without posing a security threat to their networks.

Duo uses a cloud-native, software-as-a-service (SaaS) model to host and deliver its security solutions. David Goeckeler, executive vice president and general manager of Cisco's networking and security business, said during a conference call this morning that Duo will bring an identity and policy-based access model into Cisco's existing cybersecurity portfolio. Goeckeler said the Duo deal was "a seminal development for IT teams."

"Cisco customers will be able to easily and securely connect users to any application on any network device with Duo's zero-trust authentication and access products," he said. "We believe with Duo we can extend intent-based networking into multicloud environments. Today, Cisco provides on-premises network access control with our identity services engine product, and with Duo's SaaS-based model we will extend our capabilities by bringing cloud-delivered application access control.

"We will significantly simplify policy for cloud security by verifying user and device trust. Duo will add trusted identity awareness to Cisco's secure internet gateway, cloud access security broker, enterprise mobility management and several other cloud-delivered products. Lastly, together we'll expand endpoint visibility coverage by combining Cisco's in-depth visibility over 180 million managed devices with Duo's broad visibility of mobile and unmanaged devices."

As Cisco has transitioned from being a hardware company that sells switches and routers, it has identified intent-based networking as its primary focus. Goeckeler said software-defined, intent-based networks would benefit from Duo because the policy-based profiles would allow access to unmanaged devices that enterprises can't normally control.

Duo CEO Dug Song said that 30% of the company's revenues came through its channel partners, which should grow significantly given Cisco's global reach. Song said on the conference call that Duo's security solutions could typically be provisioned with customers in less than a week, while some of Duo's competitors need six to 12 months.

Goeckeler didn't go into detail on how Duo's technology would be integrated into Cisco's security portfolio, but he did note the company's experience with integrating cloud-based vendors such as OpenDNS and Viptela after Cisco bought them.

Goeckeler and Cisco also didn't provide any details on how Duo will impact Cisco's bottom line going forward, but said they would once the acquisition closes.

RELATED: Cisco's Robbins: No, we're not a subscription software company

In addition to the new security features, the deal for Duo also moves Cisco farther down the path of being a more software-based company. With Duo being a subscription-based service for small-to-medium businesses and multinational enterprises, Cisco will add recurring revenues and services to its bottom line.

Ann Arbor, Michigan-based Duo was founded in 2010 by Dug Song and Jonathan Oberheide. Prior to today's news, Duo had raised roughly $121 million in funding from investors such as Cisco, Alphabet/Google and Workday.

Once the deal closes, Duo's 700 employees will join Cisco’s Security Business Group led by Gee Rittenhouse, SVP, within the networking and security business under Goeckeler. Song will continue to lead Duo under the new title of general manager.