Cloud-based DNS and web traffic protection that blocks threats before they connect. Protects users on the go, detects shadow IT, and prevents data leaks with encrypted inspection and DLP features.
In today’s digital environment, where the Internet may be accessed from any device and location, a security solution that provides protection no matter where users are is essential. Cisco Umbrella is a cloud-based security solution acting as the first line of defense against Internet threats with DNS protection and Secure Internet Gateway (SIG) functionality. The platform is designed to protect users from malware, phishing, ransomware, and other Internet threats before a connection is made, wherever users are – in the office, on the road, or working from home.
Key features and functions
DNS Security:
- DNS filtering and protection: Block access to malicious domains before a connection is established based on domain reputation and threat intelligence from Cisco Talos.
- Websites categorization: Ability to control and block websites by category (e.g., gambling, adult content, etc.).
- Basic reporting: Overview of blocked threats and websites.
Secure Web Gateway (SWG):
- Full-featured cloud proxy: Inspection of HTTP/HTTPS traffic at the URL level, including enhanced content inspection and encrypted traffic.
- TLS/SSL decryption: Ability to inspect encrypted web traffic to detect hidden threats.
- Granular web traffic control: Ability to block specific URLs, define custom block/allow lists, and advanced content filtering.
Cloud-Delivered Firewall (CDFW):
- Check all ports and protocols: Visibility and monitoring of Internet traffic across all ports and protocols, not just web traffic.
- Layer 3-7 inspection: Advanced network traffic monitoring, including the application layer.
- Intrusion Prevention System (IPS): Protection against network attacks and vulnerability exploitation.
Cloud Access Security Broker (CASB):
- Shadow IT Discovery: Detekce a monitoring používaných cloudových aplikací.
- Risk Scoring: Hodnocení rizika používaných cloudových aplikací.
- Cloud Malware Detection: Detekce a odstraňování malware z cloudových úložišť.
- Activity Controls: Granulární kontrola aktivit v cloudových aplikacích.
Data Loss Prevention (DLP):
- Multimode DLP: Inline and out-of-band data inspection to prevent leaks of sensitive information.
- Predefined DLP policies: Quickly deploy protection for common types of sensitive data (PII, PCI, HIPAA, etc.).
Remote Browser Isolation (RBI):
- Safe access to risky sites: Ability to isolate the rendering of web pages in the cloud environment, eliminating the risk of endpoint infection.
Cisco XDR integration:
- Telemetry sharing: Automatic sharing of security events for advanced analysis.
- Automated response: Rapid response to detected threats across the entire security ecosystem.
How Cisco Umbrella works
Umbrella works on the principle of cloud-delivered security, where all the protection is provided via Cisco’s cloud infrastructure. Redirecting traffic to the Umbrella infrastructure can be done in different ways:
DNS redirection: The simplest method, where DNS queries are routed to Umbrella DNS resolvers (208.67.222.222, 208.67.220.220), allowing malicious domains to be filtered out before a connection is established.
Secure Client integration: For mobile and remote users, the Umbrella module is installed within the Cisco Secure Client (formerly AnyConnect), ensuring that all Internet traffic is routed through the Umbrella regardless of the user location.
Proxy chaining: For organizations with an existing proxy infrastructure, Umbrella SIG can be deployed as a parent proxy.
IPsec tunneling: For branch offices and networks where all outgoing traffic needs to be protected.
In SIG operation, traffic is fully inspected including TLS decryption (exceptions possible), content analysis and inspection according to the set security policies.
Customer Benefits By implementing Cisco Umbrella, you will gain
Universal protection
Protecting users whether they are in the office, on the road, or working from home.
Layered security
The combination of DNS protection, web proxy, cloud firewall, CASB, and DLP provides comprehensive protection against a wide range of threats.
Quick deployment
The cloud-delivered solution requires no additional hardware and can be deployed in a matter of hours.
Scalability
Automatic scaling based on the number of users and traffic volume without the need for additional infrastructure.
Visibility
A single dashboard that provides visibility into threats, application access, and overall security status.
Cisco Secure ecosystem integration
Works seamlessly with other products such as XDR, Secure Endpoint, and Duo.
Malware reduction
Prevent malware infection by blocking access to malicious domains and checking downloaded files.
Shadow IT monitoring
Identify and manage cloud applications and services in use.
Technical aspects a implementation details
Cisco Umbrella is built on a global cloud infrastructure with more than 90 data centers worldwide, ensuring high availability and low latency.
Key technical aspects include:
Anycast routing: Ensures that user traffic is always routed to the nearest data center, minimizing latency.
TLS inspection: Selective decryption and inspection of encrypted traffic with exceptions for sensitive categories (e.g., banking and healthcare).
Integration with identity providers: Support for SAML and other authentication protocols for identity-aware policies.
API integration: Rich API to integrate with other security tools and systems.
Virtual appliance: For specific deployment scenarios, Umbrella offers a virtual appliance for traffic routing.
Roaming client: The Umbrella module within Cisco Secure Client provides protection for mobile users.
Cisco Umbrella
This is a comprehensive, scalable, and flexible security solution that protects Internet traffic regardless of where users are located. From basic DNS protection to advanced features, such as SWG, CDFW, CASB, DLP, and RBI, Umbrella offers solutions for organizations of all sizes and security needs. As a cloud-based solution, it requires no additional infrastructure and provides immediate value from day one. In today’s dynamic environment where the traditional network perimeter is disappearing, Umbrella is a key element of modern security architecture and an important part of the Secure Access Service Edge (SASE) strategy.