Duo Security logo

Duo Security

Emerging

Cisco-owned zero trust and MFA platform protecting millions of users; push notification authentication with device trust and continuous access evaluation.

23
AI Score
Grade D↑ Trending
AI Visibility Score (Beta)
CybersecurityWebsiteUpdated March 2026

Company Overview

About Duo Security

Duo Security (now Cisco Duo) is an enterprise-grade zero-trust security platform providing multi-factor authentication (MFA), device trust, and secure access solutions that protect applications and users against credential-based attacks. Founded in 2009 by Dug Song and Jon Oberheide in Ann Arbor, Michigan, Duo was acquired by Cisco in 2018 for $2.35 billion and has grown significantly under Cisco ownership, expanding from MFA to a comprehensive zero-trust access platform.

Business Model & Competitive Advantage

Duo's simplicity was its defining early advantage — deploying MFA took hours instead of weeks, and the end-user experience (a push notification to a smartphone) was frictionless compared to hardware tokens. This drove rapid adoption at technology companies, universities, and eventually enterprises across all industries. By 2024-2025, Duo protects access for millions of users at tens of thousands of organizations, with particularly strong penetration in education, government, and healthcare.

Competitive Landscape 2025–2026

In 2025, Cisco Duo is a core component of Cisco's security portfolio, integrated with the Cisco Security Cloud platform alongside Umbrella (DNS security), Secure Endpoint, and Cisco Identity Intelligence. The platform has evolved from standalone MFA to a comprehensive continuous trust evaluation layer that considers device health, user behavior, and network context in every access decision. Duo competes with Microsoft Entra (Azure AD MFA), Okta Verify, and RSA SecurID in the MFA market, with the broader zero-trust access competition including Zscaler and Palo Alto Networks. Cisco's distribution network gives Duo access to enterprise accounts that might not otherwise evaluate a standalone identity tool.

Founded
2009
Curated content • Fact-checked and verified

Recent Activity

View all →
8-K
8-K — 8-K

Material Event filed 2026-07-01

blog_post
Hanging Up on Telephony: How to move from SMS and phone to stronger MFA

When it comes to multi-factor authentication (MFA), not all methods provide the same level of protection. Telephony-based MFA, including SMS passcodes and phone callback verification, was once considered a reliable and accessible option. Today, evolving security standards and an increase in sophisticated cyberattacks has rendered these methods increasingly vulnerable, and many organizations are replacing SMS MFA with stronger alternatives like Duo Push notifications, security keys, and biometric authentication. This blog post explains why telephony-based MFA is no longer sufficient, what stronger MFA options are available, and how to migrate your organization away from telephony methods step by step. Whether you are just starting to evaluate the change or ready to execute, this guide gives you a clear path forward. Explore the versatility of Duo’s authentication methods and how they support a modern security strategy. Phone call and SMS-based MFA methods are vulnerable to several well-

blog_post
Cisco Duo Identity Summit: Making Sense of Identity in 2026 and Beyond

Agentic AI is rapidly changing the world, creating opportunities for growth and innovation we couldn’t even have imagined just a few years ago. And threat actors are taking notice, using these same advanced AI models to penetrate an expanding threat surface, take over systems, steal sensitive information, and create chaos in their wake. It’s clear we’re at a tipping point in the industry where fast-moving, AI-led innovation on both sides of the fence is putting immense pressure on people like us who are tasked with securing this brave new world. Trust in identity has never been more critical. The Cisco Duo Identity Summit brings together industry experts to bring clarity and trust to identity into your organization in 2026 and beyond. We will unpack the exact trends shaping the current threat landscape, while learning how to secure the new agentic workforce, defeat advanced social engineering attacks, achieve true phishing resistance and how to, ultimately, create trust across your org

blog_post
Duo brings identity and authorization across AI agent gateways

At RSAC 2026, we introduced Duo Agentic Identity—identity, authorization and audit purposed for AI agents operating at machine speed across enterprise environments. The launch laid out three capabilities that together close the agent governance gap: Discovery , built on Cisco Identity Intelligence, to surface every agent in your environment, including the shadow ones you didn't know existed. Identity lifecycle , built on Duo Directory, to make every agent a first-class non-human identity tied to an accountable human owner. Least-privilege authorization , enforced at every tool call through a gateway that intercepts agent requests and evaluates them against Duo's fine-grained authorization policy engine. The first two capabilities are infrastructure-agnostic by design. Today, we're closing the loop on the third: per-tool-call authorization now works with different AI gateways you run. Since RSAC, the agent infrastructure landscape has only diversified. Enterprises aren&#0

blog_post
Passwordless for Microsoft 365 starts with federation

There’s a pattern I see regularly when talking with enterprise customers about Microsoft 365: they want to go passwordless, they’re already using Cisco Duo for multi-factor authentication (MFA) through a conditional access integration, but they assume the next step would require a massive identity migration project. It’s a reasonable assumption, but it’s wrong. Federation is simpler than its reputation suggests, and it doesn’t require moving your existing applications anywhere. Many organizations come to me already using one of our conditional access integrations with Entra ID, either the custom control or the newer Microsoft Entra External MFA (formerly known as Microsoft External Authentication Methods, or EAM) integration. Both of these integrations are great at what they do: they let you enforce Duo MFA after users authenticate with their Microsoft password. The experience is familiar, the rollout is quick, and you can be up and running in minutes. But here's the thing: these

blog_post
Your admins have too much privilege

You apply least privilege to your end users. You verify their devices, scope their access, and monitor what they can reach. But what about the admins managing your security tools every day? Admin accounts are some of the highest-value targets in any organization. A compromised admin with broad permissions can generate bypass codes, weaken MFA policies, or modify single sign-on (SSO) configurations—quietly undermining the security layer your business depends on. That is why we are bringing the same least privilege discipline to the people managing Duo. Custom Admin Roles is now generally available for all Duo customers. You can create your own administrator roles with granular permission controls, so every admin on your team gets exactly the access they need and nothing more. Ready to get started? Log in to the Duo Admin Panel to create your first custom admin role. You already apply least privilege to your end users. Your admins deserve the same protection. Depending on the privilege l

blog_post
Identity-based attacks: How attackers bypassed MFA four times in one month

This is the first edition of a new monthly identity threat brief for the Cisco Duo blog. Each month, I examine the identity-based attacks shaping the current threat environment, the structural weaknesses they exploit, and the defenses that hold up against them. Identity-based attacks target authentication systems, credentials, and identity infrastructure rather than application code or encryption. In recent weeks, four incidents made the pattern clear: attackers stole authentication tokens from compromised routers, breached a national identity agency, abused a trusted vendor's notification system to deliver phishing, and compromised messaging-app accounts to read encrypted communications. None of these attacks broke cryptography. None defeated multi-factor authentication (MFA) head-on. Each one went around the authentication layer instead of through it. These incidents are a clear opening case for this series: identity is now the primary attack surface, and the authentication laye

8-K
8-K — 8-K

Material Event filed 2026-05-21

blog_post
How Duo Directory automates user lifecycle management

User lifecycle management is the process of creating, updating, and removing user access to applications and systems as employees, contractors, and partners join, change roles, or leave an organization. Done well, it protects the business without slowing people down. Done manually, it introduces errors, delays, and orphaned accounts that attackers can exploit. Organizations no longer deal with a simple, centralized workforce logging in from a single corporate office. Today’s IT environments are hybrid, user populations are highly diverse, and the perimeter has dissolved into a network of cloud applications, remote endpoints, and third-party integrations. To secure this dynamic environment, you need comprehensive identity lifecycle management. In a recent episode of our Duo 3 in 30 webinar series, I sat down with Cisco Customer Solutions Engineer Reetam Mandal to explore three Duo features that automate identity lifecycle management from onboarding to departure: Duo Directory, Directory

10-Q
10-Q — 10-Q

Quarterly Report filed 2026-05-14

8-K
8-K — 8-K

Material Event filed 2026-05-14

blog_post
Cisco Systems Named a Customers’ Choice in Gartner Peer Insights™ 2026 Voice of the Customer for Access Management

Cisco stands alone in the Customers’ Choice Quadrant for 2026 based on reviews of its Duo offering in the Access Management VOC Cisco Systems was named a Customers’ Choice in the 2026 Gartner Peer Insights™ Access Management Voice of the Customer . The recognition follows Cisco’s inclusion in the 2026 Gartner Peer Insights™ Voice of the Customer User Authentication category. Cisco is the only vendor to be mentioned as a Customers’ Choice in both the 2026 VOC for Access Management and User Authentication based on reviews of its Cisco Duo offering. Among the companies evaluated by customers within the 2026 Gartner Peer Insights™ Access Management Voice of the Customer, Cisco was the only vendor to appear in the Customers’ Choice quadrant. Placement in the quadrant reflects ratings and reviews that met or exceeded the market average for User Interest and Adoption (x-axis) and Overall Experience (y-axis). Cisco, based on reviews for Duo, received an overall rating of 4.8 out of 5, reflecti

Key Differentiators

Emerging Innovator

Duo Security is an emerging player bringing innovative solutions to the Security market.

Frequently Asked Questions

Estimated Visibility Trend (Beta)

Simulated 8-week rolling score

23
↑ Trending

Based on estimated brand signals. Historical tracking coming soon.

Similar Brands

Reality Defender logo

Reality Defender

Security
B2bCybersecuritySaasSecurityStartup

Reality Defender is an AI-powered deepfake and synthetic media detection platform protecting enterprises, media organizations, and government agencies from AI-generated voice cloning, video manipulati

Tracecat logo

Tracecat

Security
B2bCybersecurityEnterpriseFortune500SaasSecurity

Tracecat is a San Francisco-based open-source security automation platform — backed by Y Combinator (W24) with $500,000-$2 million in seed funding from Y Combinator, Pioneer.app, Pioneer Fund, and Sur

1Password logo

1Password

Security
B2bCybersecuritySaasSecurity

1Password is an enterprise password manager and secrets management platform enabling individuals, teams, and businesses to securely store, manage, and share credentials, credit cards, and sensitive in

Bitwarden logo

Bitwarden

Security
B2bCybersecuritySaasScaleupSecurity

Bitwarden is a Santa Barbara-based open-source password manager and identity security platform — backed with $100 million raised in a Series C led by PSG in September 2022 — providing individuals, tea

Anduril Industries logo

Anduril Industries

Security
B2bCybersecuritySaasSecurityUnicorn

Anduril Industries is a defense technology company building autonomous weapons systems, surveillance infrastructure, and AI-driven defense platforms for the US military and allied nations. Founded in

Browser Use logo

Browser Use

Developer Tools
B2bDeveloper ToolsPlatformSaasStartup

Browser Use is an open-source project that provides a Python library allowing AI agents and large language models to control web browsers as a tool. The library sits between LLM APIs and browser autom

Compare Duo Security with Competitors

Side-by-side AI visibility scores, platform breakdown, and market position.

For Duo Security

Claim This Profile

Are you from Duo Security? Claim your profile to see full AI mention excerpts, get weekly visibility change alerts, and optimize how AI systems describe your brand.

Claim Duo Security Profile →
For competitors & analysts

Track AI Visibility in Real Time

Monitor how ChatGPT, Gemini, Perplexity, and Claude mention Duo Security vs competitors. Get alerts when AI recommendations shift.

Start Free Tracking →