Cisco Systems is positioning its planned $2.35 billion acquisition of Duo Security Inc. as a key component of its intent-based networking strategy and the linchpin of its broadening software-focused and subscription-based portfolio.
Duo's cloud-based SaaS solution for unified access security and multi-factor authentication will play an important role in extending Cisco's intent-based networking solutions into multi-cloud environments, and is also part of a larger strategy to integrate the networking giant's most important software and cloud products into a "single platform architecture," Executive Vice President and General Manager David Goeckeler said during a conference call to discuss the Duo acquisition Thursday.
"Intent-based networking is all about automating the network," Goeckeler said. "Think of the network as one large software system, not a collection of independent routers and switches and access points. You define the intent of what you want that software to do. As the users access that network, you have to understand what capabilities you're providing to those users. What policy do you want to allow them? What do you want them to access so you can enforce security?"
Goeckeler said he expects Duo's solution to be closely integrated with Cisco's Umbrella cloud-delivered enterprise security platform, to add identity awareness to Cisco's internet gateway, cloud access security broker, enterprise mobility management and several other cloud-delivered products. "We will deliver the most effective zero-trust security architecture in the market," he said.
With Umbrella, Cisco brought firewall and advanced threat capabilities into a cloud-delivered model, and the company intends to add identity and access management to the same model, Goeckeler said.
Beyond that, Goeckeler said Duo's solution will extend into Cisco's networking portfolio, especially as the red-hot SD-WAN market continues to expand. As it does, Cisco will be in a position to offer a frictionless, cloud-native identity and access management solution integrated with products like its Meraki cloud WiFi and its Viptela SD-WAN solution.
"This is extending the reach of our solution," Goeckeler said. "Applications are moving through multiple public clouds. The private data center is still there. We've been looking at this space for quite some time, and we know we were going to move the portfolio in this direction. To have a world-class security architecture, you need to have these capabilities."
Privately held Duo Security is based in Ann Arbor, Mich. Its cloud-based solution verifies the identity of users and the health of their devices before granting them access to applications.
Acquiring Duo is also part of Cisco's continued acknowledgement that the IT market has embraced multi-cloud strategies. Cisco, Goeckeler said, sees itself as the preeminent provider of multi-cloud networking and security fabric.
"Cisco's ability to navigate all the different public cloud providers to provide an underlying networking and security fabric is exactly what we do," Goeckeler said. "We see a very clear role for us sitting at the intersection of the new network that's being built. Wherever the users are, wherever the devices are, wherever the applications are, how we connect that and deliver a consistent networking and security policy across it in partnerships with all the players and ecosystems is extremely important to us."
Combining Cisco's network security capabilities with Duo's expertise around securing applications will put the combined company in an unrivaled position, said Tim Femister, head of cybersecurity and customer lifecycle for Eagan, Minn.-based ConvergeOne, No. 34 on the 2018 CRN Solution Provider 500.
"It's a very powerful message that no one else in the industry has a way to compete with," Femister told CRN.
Integrating Cisco and Duo's capabilities into a single pane of glass architecture will take a little while to do, Femister said, but once it happens, the company will stand out among its peers for being able to secure both the network and application layer in a unified manner.
Until now, Femister said Cisco didn't have a great way of protecting remote workers that were using applications residing in the cloud rather than on a corporate network. But once the Duo acquisition closes, Femister said Cisco should be able to deliver more holistic security through a centralized policy.
"You can talk about securing the network all day long, but what about if you're not on the network?" Femister said.
Femister praised Duo for going beyond typical multi-factor authentication and doing a posture analysis on a user's device to figure out whether or not it aligns with corporate standards. Unlike the traditional token approach that doesn't require any prior verification of the system, Femister said Duo requires devices to get authenticated through the system, making it easier to spot malicious intent earlier on.
Duo is already the market leader in the authentication space, Femister said. But with Cisco's backing, Femister said Duo should be able to make more of a power play in the broader identity and access management (IAM) space and go after more large Fortune 500 clients who are looking to work with a trusted name in the industry.
"This is a critical piece that Cisco needs to complete its story," Femister said. "If I had a choice, Duo is the one I would have recommended."