Breaking into the muiltifactor authentication market, Cisco is set to buy Duo Security for $2.35 billion in cash, the company announced Thursday. The company expects the deal to close this quarter. This is Cisco's largest acquisition since it purchased AppDynamics for $3.7 billion in January 2017.
Founded in 2010, Duo has 700 employees and about 12,000 customers, said Dug Song, co-founder and CEO of Duo Security, in a blog post. Cisco is looking for Duo's offerings to extend access control in multicloud environments, simplify cloud security policies and increase endpoint visibility and protection, according to the announcement.
For Cisco, the deal is probably more about Duo's customers and growth trajectory rather than its core functionality, said Merritt Maxim, principal analyst at Forrester, in an interview with CIO Dive. And from the acquisition, Duo has another avenue to expand its footprint, building on its success from the education and public sector.
As more businesses and data stores shift to the cloud, many organizations are questioning the security of connections, according to Maxim. Authentication plays a strong role in that process and Cisco will want to offer customers a solution that can protect their connections from logins down to the network level.
While there have been incremental shifts in the two-factor and mulitfactor authentication market, the industry has existed for at least the past 20 years, said Maxim. Cisco is paying a "pretty high premium" for Duo's suite of capabilities in a market, which arguably has not evolved much, beyond the shift for physical keys to smartphones and underlying apps for additional authentication.
As the modern authentication market has matured, vendors have worked to make logins and managing credentials more seamless. While there are many products from vendors like RSA, Symantec and CA Technologies to manage authentication, other vendors simply build their own platforms and offerings.
Google, for example, use physical Security Keys rather than two-factor authentication, which the company boasts has prevented successful phishing attacks against employees. The keys worked so well for Google, it is now offering the authentication keys as a product.
Cisco's acquisition is one of the largest single authentication purchases in the space, ahead of Symantec's 2010 acquisition of VeriSign for $1.28 billion.
It's a new era for Cisco, which is traditionally rooted in networking technology, a space it has favored from an acquisition standpoint. The company has worked to expand its footprint in the security through internal investment and acquisitions.
Cisco's security technology firm acquisitions, 2015 to 2018
|OpenDNS||Device threat protection, which became Cisco Umbrella||$635M||June 30, 2015|
|Lancope, Inc.||Network behavior analytics, visibility and security intelligence.||$452.5M||Dec. 22, 2015|
|CloudLock Inc.||Cloud access security broker||$293M||June 28, 2016|
|Observable Networks Inc.||Network visibility delivered as a service||Not disclosed||July 31, 2017|
|Duo Security||Multifactor authentication||$2.35B||Aug. 2, 2018 (announced)|
Cisco is preparing for life after traditional networking, and making more acquisitions in the security space will boost its portfolio. Now, the focus for Cisco is on streamlining its portfolio so the quality, not quantity, of products is a priority.