What is Cisco Umbrella?
Cisco Umbrella is a secure internet gateway (SIG) that protects all users and devices from threats on the internet, regardless of whether inside or outside the company, at headquarters or branch locations, while on the move, or with VPN turned on or off. Since a secure environment is built based on the DNS layer, it functions as a cloud-provided firewall regardless of whether or not there is a VPN connection, even when accessed from remote locations or mobile devices on the move. Since the user can build a secure environment by changing the DNS settings, there is no need to install software or install new equipment on the devices currently being used by the customer.
Features
Can be installed without rebuilding the existing environment
Since the user only needs to set the DNS to connect to the security of the cloud service, there is no need to install new hardware or software for introducing security.
Provision at DNS layer
Since security measures can be taken at the DNS layer, secure communication is possible without introducing a VPN even when accessing systems and data from a remote location during telework.
Users can easily customize access policies to suit their company
Settings such as remote access, guest access control, and blocking of malware/phishing sites can be easily set on an intuitive screen.
Also possible to visualize the usage status of cloud applications
By visualizing shadow IT, users can evaluate the risk level of each application, check the reliability of application vendors, monitor existing applications, etc.
The service will solve problems such as the following:
- Feeling uneasy when only using conventional perimeter-based security
- Feeling uneasy regarding complete protection against external access when introducing telework, etc.
- Time concerns with setting up VPN, etc., for security measures
- Feeling uneasy regarding external threats due to increased usage of cloud services such as SaaS, etc.
- Not knowing what kind of security is best for each device used for business
- Time concerns with revising the existing environments for security
- Cannot keep pace with countermeasures for unknown cyberattacks
Main Services
Functions of Cisco Umbrella
| Security services of main package | DNS Security Essentials | DNS Security Advantage | SIG Essential | |
|---|---|---|---|---|
| DNS Layer Security | Blocks phishing, malware, botnets, and domains in dangerous categories (such as mining and new domains) | ● | ● | ● |
| Block domains based on custom lists with partner (Splunk, Anomali, etc.) integration and enforcement APIs | ● | ● | ● | |
| Block IP traffic directly as a countermeasure against C2 callbacks that bypass DNS | - | ● | ● | |
| Secure WEB gateway (SWG) | Proxy for web traffic testing | - | Only dangerous domains | ● |
| Decryption and testing of SSL (HTTPS) traffic | - | Only dangerous domains | ● | |
| Web filtering | Category base Domain base |
Category base Domain base |
Category base Domain base |
|
| Customizable block/permit list | Domain base | Domain base | IP base URL base |
|
| Blocks URLs based on feeds from Cisco Talos, etc., and blocks files based on antivirus engines and Cisco AMP data | - | Only dangerous domains | ● | |
| Use the Cisco Threat Grid cloud sandbox environment to analyze suspicious files (up to 200 files per day) | - | - | ● | |
| Retroactive security that can even identify harmless files when they turn into dangerous files | - | - | ● | |
| Cloud-provided firewall | Blocks IPs, ports, and protocols designated in layer 3 and layer 4 policies | - | - | ● |
| Supports IPsec tunnel termination | - | - | ● | |
| Cloud application security control | Detect and block shadow IT | Domain base | Domain base | URL base |
| Policy that enables detailed control for each application (prohibition of uploads, attached files, posting, etc.) | - | - | ● | |