Cisco Umbrella Overview
Cisco Umbrella is a comprehensive cloud-delivered security service designed to provide organizations with a secure, reliable, and fast internet experience. This platform is tailored to protect users, networks, and cloud applications from a wide range of cyber threats, whether they are accessing the internet from the office, branch offices, or remotely.
Key Functions and Protection
- DNS-Layer Security: Cisco Umbrella’s DNS-layer security is a foundational component that stops threats before they reach the network or endpoints. It improves security visibility, detects compromised systems, and protects users on and off the network by blocking threats over any port or protocol.
- Secure Web Gateway: The secure web gateway logs and inspects web traffic, providing full visibility, URL and application controls, and protection against malware. It uses IPsec tunnels, PAC files, or proxy chaining to enforce acceptable use policies and block advanced threats.
- Cloud-Delivered Firewall: Umbrella’s firewall logs all activity and blocks unwanted traffic using IP, port, and protocol rules. It simplifies management by automatically applying policies as new tunnels are created, ensuring consistent enforcement across the network.
- Cloud Access Security Broker (CASB): This feature detects and reports on cloud applications in use across the organization, exposing shadow IT. It provides details on the risk level of discovered apps and allows for blocking or controlling usage to manage cloud adoption and reduce risk.
Advanced Security Capabilities
- Interactive Threat Intelligence: Cisco Umbrella Investigate offers real-time context on malware, phishing, botnets, trojans, and other threats through its console and API. This enables faster incident investigation and response, leveraging insights from Cisco Talos, one of the largest threat intelligence teams in the world.
- Remote Browser Isolation (RBI): This feature adds an extra layer of protection against browser-based security threats, particularly for high-risk users, by isolating web browsing sessions.
- Data Loss Prevention (DLP): Umbrella helps discover and block sensitive data from leaving the organization, ensuring compliance and data security.
- Integration with SD-WAN: The integration with Cisco SD-WAN allows for easy deployment across the network, securing cloud access and protecting branch users, connected devices, and app usage from all direct internet access breakouts.
Additional Benefits
- Proactive Security: Cisco Umbrella proactively blocks requests to malicious destinations before a connection is established or a malicious file is downloaded. It also stops compromised systems from exfiltrating data via command & control (C2) callbacks to the attacker’s botnet infrastructure.
- Increased Visibility: The platform provides crucial visibility into internet activity across all locations and users, aiding in incident response and ensuring comprehensive security monitoring.
- Reduced Detection and Containment Time: Umbrella reduces the time to detect and contain threats by providing real-time reports on malicious activity and containing C2 callbacks over any port or protocol.
Product Packages and Support
Cisco Umbrella offers various product packages, including DNS Security Essentials, DNS Security Advantage, SIG Essentials, and SIG Advantage, each providing different levels of security functionality. Additionally, dedicated customer support packages are available to resolve any requests or issues quickly.
In summary, Cisco Umbrella is a robust cloud security solution that unifies multiple security services into a single platform, providing comprehensive protection against cyber threats, enhanced visibility, and proactive security measures to safeguard organizations’ internet access and cloud application usage.