Cisco Duo, upgrade your authentication processes, sleep at night, be awesome.
April 14, 2021

Cisco Duo, upgrade your authentication processes, sleep at night, be awesome.

Sean Muller | TrustRadius Reviewer
Score 10 out of 10
Vetted Review
Verified User
Review Source

Overall Satisfaction with Duo / Cisco Secure Access, by Duo

Cisco Duo is being used to provide Multi-Factor Authentication for users who have administrative accounts to access our VPN. It will soon be deployed to general VPN users as well and eventually be required when logging into terminal servers. This allowed us to take one step further in our PCI compliance which required MFA for Privliged accounts. It takes its job a bit further by allowing us to geofence our users to ensure they are accessing their resources from know locations for instance within the united states. To sum it up it provides a layer of protection against external threats gaining access to our network by abusing our services that is a leap above our previous capabilities.
  • Integrates with our other cisco products perfectly.
  • Allows Cisco support to provide setup and troubleshooting instead of having to bring multiple vendors into a situation where support is quick to point fingers.
  • Provides user information and reporting which allows us to gain knowledge about our users we can use in troubleshooting.
  • Authenticates with almost perfect certainty that the user who is requesting access to our systems is a valid user
  • Uses geofencing to stop the majority of hacking attempts from countries we have no business with.
  • Elevates the authenticity of our security measures to the executive team
  • Cisco Duo allows for the use of a landline for users who do not have a cell phone which provides coverage for any potential user even ones without cellular devices
  • Other MFA products have a password manager function for an added fee that would be nice to have, though I believe Cisco Duo partnered with Last Pass to provide for now
  • Navigating Cisco Duos Support processes can be difficult, if you open a ticket in the wrong group you may end up having to reopen the ticket in the correct group.
  • We were able to comply with a higher level of PCI which will affect the insurance cost of credit card processing in a positive way.
  • We are able to show our cyber security insurance provider which will affect our insurance cost in a positive way.
  • We will be more assured of the integrity of our systems allowing us to sleep more peacefully at night.
  • We will have a smaller attack surface which will provide us the ability to better spend our budget on directed improvements instead of having to cast a wide net.
Cisco Duo is known for the ability to do what you want and being configurable to whatever you need if you have the talent. If you are new to Cisco Duo and have no support I would not recommend it. If you buy support from Cisco Duo then you can have them configure it properly and have access to their support if anything happens or you need to make a change to how you do things. If you are a Cisco certified network administrator you are in for an easy configuration with your support team. If you just got your network plus and have never worked with cisco before you need the support package or look into getting some external support from an MSP.
We see many blocked attempts to access our systems every day. There is always the fear that someone will sign up for a service to attempt to download a coupon or sign up for a video game with the same username and password they use at work which if those external low priority systems are ever broken into by a hacker would leave one of our usernames/passwords out on the dark web for a few pennies. Cisco Duo MFA provides us with the needed ability to prove that the users who attempt to log in are our users preventing lockouts from malicious actors trying to brute force their way in or flooding our systems with requests blocking the way for valid users. This lets us sleep at night without fearing the text notification at 3am.
Support has been great they assisted us in setting up everything from start to finish, we do have an excellent CCNA certified network administrator but even with that internal support we made sure to get the opinions of the subject matter experts at Cisco Duo to configure things the right way.
We brought Cisco Duo into our environment and it was discovered that our ACS needed to be replaced, but the support tech found that we had a higher model of the cisco ACS which could be upgraded to an ISE instead of having to mothball it. This allowed us to end up with two Cisco ISE devices which allowed for an easy transition and the repurposing of the ACS as a backup ISE in our backup/disaster recovery site.
Okta had some different methods and features which stacked up closely with Cisco Duo but we went with Cisco Duo for the assurance that the system would perfectly integrate with our other cisco products and the ability to acquire support from one vendor instead of having to bring in two vendors for any potential issue that could come across in the future.
Wherever the price of confirming authentication is a priority, we are not just protecting our network, we are protecting our users connection, we are protecting our employees data, we are protecting our company's stability, we are protecting our customers data, this all sums up to it has to be done right. If you had something less important you are configuring you may not be willing to go the extra length.