Cisco (NASDAQ: CSCO) announced its intent to acquire privately-held Duo Security, headquartered in Ann Arbor, Mich. Duo Security is the leading provider of unified access security and multi-factor authentication delivered through the cloud. Duo Security's solution verifies the identity of users and the health of their devices before granting them access to applications – helping prevent cybersecurity breaches. Integration of Cisco's network, device and cloud security platforms with Duo Security's zero-trust authentication and access products will enable Cisco customers to easily and securely connect users to any application on any networked device.
Under the terms of the agreement, Cisco will pay $2.35 billion in cash and assumed equity awards for Duo Security's outstanding shares, warrants and equity incentives on a fully-diluted basis.
"In today's multi-cloud world, the modern workforce is connecting to critical business applications both on- and off-premise," said David Goeckeler, executive vice president and general manager of Cisco's networking and security business. "IT teams are responsible for protecting hundreds of different perimeters that span anywhere a user makes an access decision. Duo's zero-trust authentication and access products integrated with our network, device and cloud security platforms will enable our customers to address the complexity and challenges that stem from multi-and hybrid-cloud environments."
Business-critical data and applications today are accessed by customers, partners and employees from a multitude of locations and networks, both secure and open, using company-issued and personal devices. Attackers know that one of the most effective ways to access enterprise systems is through compromising user passwords or devices. According to the 2017 Verizon Data Breach Report, the majority of hacking-related breaches involve stolen or weak passwords. Acknowledging this, Cisco and Duo Security are closely aligned in the approach of designing infrastructure for the extended enterprise where users, devices, and applications are the center of the modern security architecture.
The acquisition of Duo Security will:
- Extend intent-based networking into multi-cloud environments. Cisco currently provides on-premises network access control via its Identity Services Engine (ISE) product. Duo's software as a service-based (SaaS) model will be integrated with Cisco ISE to extend ISE to provide cloud-delivered application access control.
- Simplify policy for cloud security. By verifying user and device trust, Duo will add trusted identity awareness into Cisco's Secure Internet Gateway, Cloud Access Security Broker, Enterprise Mobility Management, and several other cloud-delivered products.
- Expands endpoint visibility coverage. Cisco's in-depth visibility of over 180 million managed devices will be augmented by Duo's broad visibility of mobile and unmanaged devices.
"Our partnership is the product of the rapid evolution of the IT landscape alongside a modernizing workforce, which has completely changed how organizations must think about security," said Dug Song, Duo Security's co-founder and chief executive officer. "Cisco created the modern IT infrastructure, and together we will rapidly accelerate our mission of securing access for all users, with any device, connecting to any application, on any network. By joining forces with the world's largest networking and enterprise security company, we have a unique opportunity to drive change at a massive scale, and reshape the industry."
The acquisition is expected to close during the first quarter of Cisco's fiscal year 2019, subject to customary closing conditions and required regulatory approvals. Duo Security, which will continue to be led by Song, will join Cisco's Networking and Security business led by EVP and GM David Goeckeler.