After more than doubling revenue, Duo Security looks ‘Beyond’ the firewall

Few tech categories are growing faster than cybersecurity market, as organizations of all shapes and sizes seek to keep out their data out of the hands of increasingly sophisticated hackers. To help them face that threat, Duo Security is releasing a new suite of products based on a security framework developed by Google.

Founded in 2010, Duo Security largely got its start securing companies’ internal and external apps via two-factor authentication. Since then, Duo has added new verification methods and additional means of securing client applications, whether they were delivered on-premises or through the cloud.

Over the past several years Duo has seen huge demand for its products, which has driven annual recurring revenue to increase 135 percent over the past year, to $73 million for 2016. That marks the fourth year in a row that it had more than doubled revenue, and Duo’s founders say the company was cash-flow positive for the first time in the six years since it was founded.

With offices in Ann Arbor, Mich.; San Mateo, Calif.; Austin, Texas; and London, the company has won the trust of 8,000 paying customers, including the likes of Facebook, Etsy, Yelp, and NASA.

To serve those customers better, the company today is announcing its biggest release yet  — Duo Beyond — which is basically a commercial implementation of Google’s BeyondCorp framework. By doing so, Duo hopes to enable its customers to protect their networks and applications with the same type of security Google has deployed for its own internal applications and services.

Duo has benefitted from the general acknowledgment by organizations of all stripes that “cybersecurity has become the biggest geopolitical problem of our time,”as Duo CEO Dug Song puts it.

But whether we’re talking about the Sony hack or the DNC hack, it’s become clear that security today is less about fortifying the perimeter of the corporate network and more about ensuring that a person trying to access an organization’s data is who she says she is. According to Duo CTO Jon Oberheide, attackers have realized that going after end users and their access is the best way to breach network security. 

Google began developing the BeyondCorp framework in the wake of the Operation Aurora cyber attack, which targeted the search giant as well as about dozens of other organizations. Using malware that originated on end user machines, the attackers were able to burrow within corporate intranets and probe for additional network vulnerabilities.

Google’s response was to build a framework for security based on a perimeter-less architecture that focuses instead on device and user authentication. Duo’s adoption of that framework is designed to allow customers to replace existing VPN and network access control systems.

That approach fits well with what Duo had already been doing, but the founders hope the Beyond offering will build upon its already robust Duo Platform business.

Duo has raised $48 million from investors that include Redpoint Ventures, Benchmark, GV, True Ventures, Radar Partners, and Resonant Venture Partners.