
Ann Arbor's Duo Security sold for $2B: What it teaches us - fjk
https://www.freep.com/story/money/business/john-gallagher/2018/08/19/duo-security-cisco-ann-arbor/999379002/
======
segmondy
Goes to show that one can build a Unicorn outside of the Bay area. That's the
biggest take away. The Bay will always be special because of the capital out
there, but I'm a firm believer that this will erode away with time. Folks are
going to go over there, get the money and build in a different location.

~~~
coolaliasbro
Agreed. Part of this, IMO, also has to do with the fact that the capital in
the Bay is very concentrated and often excessive. In other words, most of what
gets done out there could get done better, for less, elsewhere, but there's a
cultural tick in the community that makes the fast-and-loose approach almost
obligatory. Anecdotally, this tick seems to be diminishing, which I attribute
to changing attitudes about wealth accumulation and the fact that a lot of
people would rather make a comfortable living doing something cool/useful than
chase a dragon/ride a unicorn.

------
ram_rar
I;m not sure, why is this article in HN. The only thing I garner is, Cisco is
famous for throwing zealous amount of money for companies
(AppDynamics,Jasper,Meraki,Viptela,Webex,Jabber...) , instead of building them
in-house.

------
LinuxBender
Is there a good alternative to Duo? Is there a decent on-prem solution?

------
dj-wonk
To fuse some snippets from Fortune and the New York Times:

"Cisco has agreed to buy Duo Security, a 700-person strong cybersecurity
startup based in Ann Arbor, Mich., for $2.35 billion in a combination of cash
and stock." [1]

"Duo was last privately valued at $1.17 billion after a $70 million financing
round in October. Cisco participated as an investor in that round." [1]

"Cisco has a long history of buying security startups. Some of its
acquisitions in recent years include Sourcefire, an intrusion detection tech
firm (2013); Threatgrid, a malware analyzing firm (2014); OpenDNS, a domain
name service provider (2015) and Lancope, a network monitor (2015)." [1]

"Duo’s technology allows companies to provide employees or customers with
remote access. Its software verifies the identity of users, scans their device
for security weaknesses and then lets them connect, a kind of supercharged
username-and-password. Cisco said it would integrate Duo’s technology across
its network, device and cloud platforms." [2]

"The acquisition is part of a trend in which cloud providers and cybersecurity
companies are trying to bolster the services they offer." [2]

"But Cisco has hardly been the only buyer. In the past 12 months, Oracle
acquired Zenedge, Amazon purchased Sqrrl, VMWare struck a deal for CloudCoreo,
McAfee bought Skyhigh, and Symantec acquired Skycure." [2]

"The pace of such deals — particularly in identity management, like Duo —
should only pick up over the coming years as companies try to strengthen their
defenses against cyberthreats, Mr. Ives said." [2]

[1] [http://fortune.com/2018/08/02/cisco-buys-duo-
security/](http://fortune.com/2018/08/02/cisco-buys-duo-security/)

[2]
[https://www.nytimes.com/2018/08/03/business/dealbook/cisco-d...](https://www.nytimes.com/2018/08/03/business/dealbook/cisco-
duo-acquisition-cloud.html)

For a more pointed perspective:

"But the worry here is that Cisco is going to murder the golden goose—and, as
a former Cisco customer, I’m struggling to feel anything but dread about all
the ways in which this acquisition might kill everything that’s good about
Duo." [3]

"In my opinion—which is informed by my own anecdotal experience—Cisco belongs
on the same shelf as Oracle when it comes to businesses that exhibit a profit-
above-all-else mindset. From my point of view as an enterprise customer, Cisco
consistently came across as unswervingly committed to maximum revenue
extraction at every single point in its relationship with a customer. The
company’s per-feature licensing was (and remains) so expensive and so complex
that the whole product portfolio seemed designed around creatively separating
customers from their capital first and actual network/SAN administration a
distant second." [3]

[3] [https://arstechnica.com/information-
technology/2018/08/heads...](https://arstechnica.com/information-
technology/2018/08/heads-up-2fa-provider-duo-security-to-be-acquired-by-cisco-
ugh/)

~~~
knorthfield
"In my opinion—which is informed by my own anecdotal experience—Cisco belongs
on the same shelf as Oracle when it comes to businesses that exhibit a profit-
above-all-else mindset. From my point of view as an enterprise customer, Cisco
consistently came across as unswervingly committed to maximum revenue
extraction at every single point in its relationship with a customer. The
company’s per-feature licensing was (and remains) so expensive and so complex
that the whole product portfolio seemed designed around creatively separating
customers from their capital first and actual network/SAN administration a
distant second."

Agreed. As someone who has worked at clients of Oracle they don't come across
as a technology company, they are basically a sales company with a technology
department.

------
ISL
That some people had access to $2B and wanted to buy Duo, and the owners of
Duo thought that $2B was an acceptable exchange?

