Cisco plans to buy Duo Security for $2.35 billion, to help enterprises provide secure access by users wherever they are -- even scary users with personal devices on public networks.
Duo's technology provides unified access security through multi-factor authentication, to verify the identity of users and the health of their devices before granting access to applications, Cisco Systems Inc. (Nasdaq: CSCO) said in a statement announcing the deal Thursday morning. The technology applies to traditional enterprise networks as well as users accessing applications from public networks. (See Cisco to Buy Duo Security for $2.35B.)
Cisco expects the acquisition to close during its fiscal 2019 first quarter, which ends in October. Duo will continue to be led by Dug Song, co-founder and CEO, and the company will join Cisco's Networking and Security business led by EVP and GM David Goeckeler, Cisco says.
Cisco's security business grew 11% in its most recent quarter, ending in April, almost triple the company's overall growth. But security comprised only 4.7% of total sales. The bulk of Cisco's business is still equipment sales, such as switches and routers. (See Cisco: Revenue Slump? What Revenue Slump?)
Duo's security, offered as a service from the cloud, provides user authentication, device authentication and applies policies based on those factors and the apps that a user is trying to access.
Users log in using two-factor authentication, with Duo supporting tokens, SMS, call-back touch ID and face ID. Duo identifies whether the user is coming in on a device that's owned and managed by the enterprise, or on some kind of third-party or BYO device. Duo knows whether the user is coming in on the enterprise network or an outside network. And Duo knows whether the user is trying to access harmless information or high-security applications.
Duo then combines all that information to apply security measures as appropriate, Song says. For example, the network can apply light security to a user accessing the company cafe menu, but strict security to users accessing ERP or financial information, Song says.
Duo can even extend network access controls to users who are not employees of the enterprise, such as customers, partners and suppliers, Song says.
Duo focuses on simplifying security for both end users and enterprises. The company's service is designed to make security easy and therefore encourage users to do the right thing and abide by good security practices and policies. By making security easy, users are less likely to engage in practices such as using public file-sharing services that actively undermine and circumvent policies, Song says.
About 30% of Duo's sales are currently through the channel, and the company expects channel sales to grow following the Cisco acquisition, Song says.
Duo is privately held, has about 700 employees, and is based in Ann Arbor, Mich., with plans to stay there after the acquisition. Founded in 2010, the company raised about $119 million in venture capital, with investors including Meritech Capital Partners, Lead Edge, Benchmark Capital, Google Ventures and True Ventures.
Under the terms of the deal, Cisco will pay $2.35 billion in cash and assumed equity awards for Duo's outstanding shares, warrant and equity incentives on a fully diluted basis, Cisco says.
- Google: Security vs. Convenience – You Don't Have to Choose
- Viptela's Kingpins Have a New Stealth Startup
- Cisco & Juniper Heat Up Cloud Security Feud
— Mitch Wagner Executive Editor, Light Reading