Cisco Duo is a two-factor authentication system (2FA), acquired by Cisco in October 2018. It provides single sign-on (SSO) and endpoint visibility, as well as access controls and policy controlled adaptive authentication.
$3
per month per user
Delinea Secret Server
Score 9.0 out of 10
N/A
Secret Server (originally from Thycotic, now from Delinea since the 2021 Thycotic merger with Centrify) is an enterprise password management application, which is available with either a cloud-based or on-premise deployment which emphasizes fast deployment, scalability, and simplicity.
I would fully expect a competitor like Okta or any other multifactor mechanic to function pretty similarly, and I hesitate to say duos the best. I think the idea is that it's a simple concept, but it does it well. So I haven't evaluated any myself outside of duo, but I'm also …
Cisco Duo had an integrated method for handling MFA on Endpoints and Servers. This was a huge bonus. Administration and implementation seemed more efficient as well.
There are Okta has that Duo does not have, however since my environment has CISCO solutions implemented and the service that we receive from the vendor and integrator is top quality, DUO was the right choice.
We selected Cisco Secure Access by Duo due to its ability to interoperate with almost any on premise, cloud, or hybrid application or system. Duo also integrates nicely with our other security systems, including XDR. As well, Duo is a market leader and always pushing the sector …
Cisco Secure Access by Duo's ability to integrate with a wide variety of SSO applications and systems, as well as its focus on usability, make it an attractive option.
There were not very many solutions that provided the entire package of taking an account from creation and deactivating it when no longer needed, as well as providing the discovery of unknown service accounts. Other solutions like RoboForm and LastPass did not offer the …
We tried using 1Password, and they have a great mobile app, but they weren't able to do the password rotation on our devices. Secret Server was basically our top option after reviewing.
KeePass is fine for individual use, but it does not meet the same objectives. There are a lot of products like KeePass that are just not as portable or robust, and do not have the kind of granularity Secret Server has. Being able to assign password permissions based on user …
I've only used simple phone apps for this before. This is the only enterprise-grade solution I've used in this space. Given THOSE options, Secret Server is a fantastic solution. I still feel like there is a better interface out there somewhere.
Besides KeePass, I have used the built-in browser password vaults, like the one for Chrome. These however are not very secure as security can be bypassed. KeePass is lighter weight and could be considered more secure as it is not a website. You can also create alternate modes …
We explored Jum Cloud and ManageEngine. Delinea is comparable in terms of features; however, the implementation of these tools differs. Delinea is a bit more manual than the other two. However, the licensing and overall ROI are better for Delinea, as it provides almost all …
Cisco Duois is well suited in all kinds of scenarios where you need to ensure proper security measurements, I think. We can't just rely on our passwords only, as they can be easily stolen through phishing or data breaches thus keeping multi factor authentication is quite essential. I always prefer MFA or at least 2FA for any critical system.
Great for managing access to secrets and servers and is more secure than storing passwords in a browser. The browser plugin to autofill passwords works well. Being able to schedule access ahead of time is a big plus for me as I can be forgetful. If you want a lightweight password vault, however, it may not be the best choice.
Documentation is oftentimes missing key information for proper implementation. This is circumvented by reading third-party guides or contacting support for additional details.
They do not push Fail-Closed as much as I think they should. Fail-Open is fairly trivial to bypass and it should be made known to the customer during setup how much this will affect overall security.
More vendor integration is something that is always craved by administrators. There are so many third-parties to integrate with.
The sharing functionality NEEDS improvement. We share most passwords at a group level, but then it becomes impossible to share them with a dynamic group and one or two one-off people as well. This is a major shortcoming.
I don't love the interface. I feel like there is an attempt at a dashboard, but it is really not effective.
I've heard, but never seen, that the software can actually change passwords in the target systems. If this is part of its deliverable, I do not know how to use it, and I don't know how you would do that. Seems like a great feature for password management.
There are a lot of competing solutions on the market; however, Duo "just works", and there is little to no learning curve for the new members to be acclimated to it. As long as that continues I see it as the preferred option moving forward
La interfaz es intuitiva y fácil de navegar, lo que permite a los usuarios administrar sus dispositivos y acceder a las políticas sin problemas. La integración con las aplicaciones SSO y SaaS facilita aún más el proceso de acceso, mejorando la experiencia del usuario.
My rating is purely based on the configurational activities, as feature-wise delineation has all the features that are very beneficial for customers, though the implementation is a bit more manual work, which can be reduced with a low-code platform. Along with that, we can have a better UI to have intuitiveness and can manage the platform for shared customers in a better way. Overall, it is a very good tool for PAM.
In the last 5+ years we've been using Duo, there may have been 1 outage that impacted us. We do receive periodic notifications of issues but, for the most part, they impact carriers or functionality that we either don't use, or do not care about.
Since it’s a reputable company, I have received technical support when needed and I trust that if anything else happens I can contact them with any issues. I haven’t experienced bad customer service and I totally feel supported while using this authentication method. No complains so far and the high rating!
Implementation was straight forward and you can isolate different scenarios in order to test new application setup or add to an existing setup. Gui interface is pretty easy to understand and follow. I had no experience with Duo and still manage to easily set up new policies and rules.
Ultimately we ended up going with Cisco Duo because we are a Cisco shop. All of our networking infrastructure, our phones, our wireless environment is Cisco based. It made logical sense to stay with a product that we already have a line of support with. With a smaller support / tech group we depend on outside Cisco support. That support is already here for us, so we stayed with a Cisco product.
We explored Jum Cloud and ManageEngine. Delinea is comparable in terms of features; however, the implementation of these tools differs. Delinea is a bit more manual than the other two. However, the licensing and overall ROI are better for Delinea, as it provides almost all market-ready solutions and has a robust licensing mechanism, resulting in a better ROI.
It's one of those things that only costs money in the sense of you have to convince a leadership team to spend money to save money, right? Like a compromise is far more expensive than duo paying for duo. So specifically it's really just about trying to prevent problems. And so while it costs money and we don't have a direct return on investment that we can point out immediately, I would still always advocate for it just because it keeps security. Paying for security is cheaper than getting compromised essentially.
The best return on investment is that all of our passwords are now up to date and usable by everyone in the department. The old way could only be accessed by one person at a time, and it was frequently wrong.
We save a lot of time in IT by having the passwords easily accessible. We also meet our security audit objectives by using this app instead of, say, an Excel spreadsheet or an old application that is no longer supported, as was the case at a previous workplace.
With the size of our department, we don't have enough passwords to go beyond the free version. It's fully functional, but it costs nothing (except some resources on a VM). ROI on free can't be beat.