Protect From Anywhere: Cloud-Delivered Security with Cisco Umbrella

Network Security
Written By Theresa White

In today's interconnected digital landscape, organizations face a growing number of cybersecurity threats that can compromise their networks and data. To combat these risks effectively, businesses need a comprehensive and integrated security solution. Enter Cisco Umbrella, a cloud-delivered service that seamlessly combines multiple components to provide robust protection and granular control over network traffic. In this blog post, we'll explore the major components of Umbrella and the benefits they offer to organizations seeking a reliable security solution.

DNS-layer Security

At the core of Cisco Umbrella is its DNS-layer security, which prevents connections to malicious or unwanted destinations even before a connection is established. By blocking threats over any port or protocol, Umbrella safeguards your network and endpoints effectively. Key highlights of this component include:

  • Enhanced visibility for protecting internet access across all devices, office locations, and roaming users.

  • Detailed reporting on DNS activity, allowing you to track security threats, web content, and corresponding actions taken.

  • Long-term log retention capabilities, enabling you to maintain activity logs as needed.

  • Rapid deployment to thousands of locations and users, ensuring immediate return on investment.

While this level of protection suffices for many locations and users, Umbrella offers additional components for organizations that require increased visibility and control to meet compliance regulations and further reduce risks.

Secure Web Gateway (Full Proxy)

Umbrella's cloud-based full proxy feature logs and inspects all web traffic, providing transparency, control, and enhanced protection. This component offers a range of features, including:

  • Content filtering based on categories or specific URLs to block destinations violating policies or compliance regulations.

  • Efficient scanning of uploaded and downloaded files using the Cisco Secure Endpoint engine and third-party resources for malware detection.

  • Rapid analysis of suspicious files through Cisco Secure Malware Analytics.

  • Blocking specific file types (e.g., blocking the download of .exe files).

  • Full or selective SSL decryption for advanced protection against hidden attacks.

  • Granular app controls to block specific user activities in selected applications.

  • Detailed reporting with comprehensive URL addresses, network identity, allow/block actions, and external IP addresses.

Cloud-Delivered Firewall (CDFW)

Umbrella's cloud-delivered firewall provides visibility and control over traffic originating from internet-bound requests across all ports and protocols. Key highlights of this component include:

  • Deployment, management, and reporting through the Umbrella single, unified dashboard.

  • Customizable policies for IP, port, protocol, application, and IPS, allowing tailored security configurations.

  • Layer 3 and 4 firewall with the ability to log all activity and block unwanted traffic based on IP, port, and protocol rules.

  • Detection and blocking of vulnerability exploitation.

  • Scalable cloud compute resources that eliminate concerns about appliance capacity.

  • Integration with Cisco Talos threat intelligence, enhancing threat detection and blocking capabilities.

Cloud Access Security Broker (CASB)

Umbrella helps organizations manage their cloud adoption securely by detecting and reporting on cloud applications used across their environment. The CASB component offers the following benefits:

  • Reports on vendor categories, application names, and volume of activity for each discovered app.

  • Detailed app information, including web reputation scores, financial viability, and relevant compliance certifications.

  • Cloud malware detection to identify and remove malware from cloud-based applications.

  • Ability to block or allow specific applications.

  • Tenant restrictions to control user access to specific instances of SaaS applications.

Remote Browser Isolation (RBI) (Optional Add-on)

Umbrella's RBI feature adds an extra layer of protection by isolating web traffic from user devices, safeguarding against browser-based threats. Key highlights include:

  • Isolation of web traffic between user devices and potentially risky websites.

  • No performance impact on end users.

  • Protection against zero-day threats.

  • Granular controls for different risk profiles.

  • Rapid deployment without altering existing browser configurations.

  • On-demand scalability to protect additional users on all devices, browsers, and operating systems.

Umbrella and SD-WAN Integration

Umbrella and Cisco SD-WAN integration offers a powerful combination of networking and security functions. By adopting the secure access service edge (SASE) architecture, organizations can simplify and accelerate the deployment of Umbrella across their network, ensuring robust cloud-delivered security. Key benefits include:

  • Rapid and straightforward deployment and management of security environments across multiple remote sites.

  • Flexibility to create security policies based on specific protection and visibility requirements.

  • Integration with Cisco SecureX for unified threat intelligence and streamlined workflows.

Cisco SecureX: Extending Simplicity, Visibility, and Efficiency

Included with Umbrella subscriptions, Cisco SecureX unifies Umbrella's threat intelligence with data from other Cisco Security products and existing security infrastructure. Key features include:

  • Accelerated threat investigation and remediation by centralizing your entire security ecosystem.

  • Automated workflows for increased operational efficiency.

  • Reduction of complexity through a built-in platform experience.

Global Cloud Architecture for Reliable Security Performance

Umbrella's battle-hardened global cloud architecture ensures network resiliency, reliability, and fast performance. Key features include:

  • Over 1000 peering partnerships with leading IXPs, CDNs, and SaaS platforms for lightning-fast performance.

  • Automated routing for optimal availability and reliability.

  • Flexible and scalable containerized, multi-tenant architecture.

Correlated Threat Intelligence for Improved Incident Response

Umbrella's vast dataset of over 620 billion DNS requests daily enables the identification of malicious domains, IPs, and URLs before they can be used in attacks. Security researchers analyze this information, in addition to intelligence from Cisco Talos, to detect and block a wide range of threats. Key benefits include:

  • Deeper visibility into threats with the most comprehensive view of the internet.

  • Improved incident prioritization and accelerated investigations.

  • Prediction of future attack origins and mapping of attacker infrastructures.

  • Seamless integration with other security orchestration tools

Cisco Umbrella offers a robust and comprehensive security solution that combines various components seamlessly in a cloud-delivered service. From DNS-layer security and secure web gateway to cloud-delivered firewall, CASB, remote browser isolation, and integration with SD-WAN, Umbrella provides organizations with the protection and control they need to defend against cybersecurity threats effectively. Furthermore, the inclusion of Cisco SecureX and the global cloud architecture ensures simplicity, visibility, efficiency, and reliable security performance. With Umbrella's correlated threat intelligence, organizations can strengthen their incident response capabilities and better safeguard their digital assets in today's evolving threat landscape.

You may also like…

Theresa White
Previous

Cisco Secure Endpoint: Comprehensive Protection for Today's Advanced Threats
Next

The Scoop on AI: What it Means for the Industry