Both network and enterprise security have undergone significant changes in recent times. The rise of remote work models and widespread use of cloud applications have made traditional on-premise security solutions impractical—and, in many instances, obsolete. To adapt to the evolving landscape, businesses are turning towards a more decentralized approach to networking that is not only cost-effective but also convenient.
However, this shift brings new risks and challenges, increasing the need for robust protection and simplified management. Fortunately, Cisco Umbrella offers comprehensive security solutions to address these concerns.
Cisco Umbrella: Four Packages And Their Features
Leveraging the collective expertise of the world's largest commercial intelligence teams, Cisco Umbrella is equipped to detect and block a wide range of malicious domains, URLs, files, and IPs that threaten network security. This is made possible through IP and DNS (domain name security) layer enforcement, preventing connections to ransomware, botnets, malware, and phishing sites before they can cause harm. However, Cisco Umbrella offers several different packages with varying levels of security solutions. These packages include the following:
1. DNS Security Essentials
The Umbrella DNS Security Essentials package offers essential DNS-layer security capabilities to prevent requests to malicious domains from reaching your network or endpoints. This base package also provides off-network protection, mobile support, and access to Umbrella's APIs for policy, reporting, and enforcement.
Additionally, this package includes log exporting, a multi-org console, integration with Cisco Threat Response, and identity-based policies through the virtual appliance and Active Directory connector. The App Discovery report also allows for the discovery and blocking of shadow IT by domain.
The DNS Security Essentials package is ideal for businesses that require basic protection against cyber threats but do not need advanced features such as identity-based policies or integration with other Cisco security solutions. It offers a cost-effective solution for small and medium-sized businesses looking to secure their network and endpoints.
The following are some of the key features of the DNS Security Essentials package:
DNS Security Extensions
DNS Security Extensions, or DNSSEC, is a security technology created to prevent cache poisoning attacks by digitally signing data. It verifies the validity of DNS answers and the identity of the signer through cryptographic signatures, similar to using GPG (GNU Privacy Guard) to sign an email. This means that users can trust the answers they receive from DNS responses.
DNSSEC does not rely on a central certificate authority but instead uses a chain of trust through parent zones, which provide certificate hash information in the delegation. This allows for proof of validity and ensures that DNS answers are not tampered with in transit.
Cisco Umbrella supports DNSSEC by performing validation on queries sent from Umbrella resolvers to upstream authorities. As a result, customers can have confidence in the security of their network and endpoints, as Cisco Umbrella protects against cache poisoning attacks without the need for local validation.
DNS Filtering And Threat Intelligence
With the DNS Security Essentials package, businesses can take advantage of DNS filtering and advanced threat intelligence to enforce acceptable web use and comply with internal policies.
DNS filtering is the process of blocking access to specific domains, websites, or IP addresses through DNS resolution. This capability allows organizations to control and manage web traffic within their network, preventing employees from accessing potentially harmful or inappropriate content. It differs from content (or web) filtering in that it is performed at the domain level, while content filtering goes a step further and analyzes specific webpage content for malicious or inappropriate material. This way, businesses can block all requests to known malicious domains, regardless of the content on those pages.
When it comes to threat intelligence solutions that prevent access to malicious domains and URLs, Umbrella uses predictive intelligence and machine learning algorithms, along with data from Cisco Talos, one of the world's largest commercial threat intelligence teams. This combination enables Umbrella to gain a comprehensive understanding of the threat landscape and effectively detect malicious activity before it can cause harm. This partnership also allows for continuous updates to be made to the Cisco Security product portfolio and open-source community, ensuring businesses have the most up-to-date protection against evolving threats.
Privacy Measures And Access Control
DNS Security Essentials offers robust privacy measures and access control to prevent data leakage and unauthorized access to sensitive information.
In addition to its DNS-layer security and interactive threat intelligence capabilities, Umbrella includes a firewall, secure web gateway, and cloud access security broker (CASB) functionality, plus integration with Cisco SD-WAN. All of these features are delivered from a single cloud security service, making it easier for organizations of all sizes to confidently connect to the internet without sacrificing security.
Additionally, Umbrella prioritizes the protection of user data by allowing for granular control over access to sensitive information. This is made possible through user roles, which allow organizations to manage access to the Umbrella dashboard based on their specific needs. Administrators can be assigned one of Umbrella's default roles or a custom role created through the User Roles page. This feature ensures that sensitive information can only be accessed by authorized users and helps prevent data leakage.
2. DNS Security Advantage
The DNS Security Advantage package builds upon the features of DNS Security Essentials, offering additional capabilities such as proxying risky domains for URL blocking and file inspection through AV engines and Cisco AMP. This added layer of security helps organizations prevent malicious files from entering their network and endpoints, providing enhanced protection against advanced threats.
The package also offers advanced threat intelligence through the Investigate console and on-demand enrichment API, providing organizations with deeper context during incident investigations. The following are some of the critical features of the DNS Security Advantage package:
Proxy And Decrypt Risky Domains
While DNS is the initial point of inspection, the DNS Security Advantage package also offers a cloud-based web proxy for more thorough scanning. Unlike traditional web gateways that proxy all web connections, including safe ones, the intelligent proxy from Umbrella only routes requests to risky domains or sites with both safe and malicious content for deeper scrutiny.
By utilizing a more intelligent proxy, Umbrella avoids the need to route requests to domains that are already known to be safe or malicious. Most phishing, malware, ransomware, and other threats reside on classified malicious domains, which means they can be effectively blocked at the DNS layer without having to proxy them. Additionally, for domains that pose no threat, such as popular content-carrying sites like Netflix or YouTube, Umbrella allows access without the need for proxying.
However, some domains are more complex, like those associated with web servers that can potentially host malware. These include sites that allow users to upload and share content. Such sites can be difficult to police, but by proxying only risky domains, Umbrella's intelligent proxy provides granular visibility and control without impacting network performance. This not only helps prevent infections and data leaks but also reduces false positives and supports inquiries for a smoother overall experience. In this way, Umbrella offers a more efficient and effective approach to web filtering while still providing robust security against advanced threats.
Discover And Block Shadow IT
Shadow IT refers to any unauthorized applications or services used by employees within an organization. These applications, which can range from personal cloud storage accounts to messaging apps, are often not monitored or approved by IT departments and can pose significant security risks to organizations.
Unfortunately, many organizations are not fully aware of the extent of their cloud activity, leading to various issues such as productivity, expense, security, and support problems. To effectively manage the adoption of cloud services securely, it is essential to have complete visibility and risk information. This allows for informed decisions about which applications to approve and block, reducing the risk of malware infections, sensitive data loss, and account compromises.
The DNS Security Advantage package makes it easy to discover and block shadow IT by providing visibility into all cloud services in use across an organization.
For example, it includes a dashboard that displays the level of cloud service activity and risk within the organization. It also provides an easy-to-understand summary by app category sorted by risk level, giving insight into potential policy and compliance violations. With preset application-level reports, organizations can easily track and manage apps with labels such as Unreviewed, Under Audit, Approved, and Not Approved. Custom filters can also be applied to create tailored views for understanding and tracking app usage.
To further secure cloud usage, organizations can easily block apps by clicking on the link in the application listing or detail pages. This control can be enforced for any network, group, or individual user accessible by Umbrella policies. With these features, organizations can effectively discover and manage shadow IT, reducing the risk of security breaches and ensuring a more secure cloud environment.
Enable Web Filtering Using Content Categories
Umbrella offers category-based web filtering (or content filtering), allowing businesses to control which websites their users can access. With over 80 content categories covering millions of domains and billions of web pages, businesses can easily customize their filtering settings to meet their specific needs.
Additionally, Umbrella allows for the creation of allow/block lists, giving businesses even more control over their users' internet access. This can be particularly useful for blocking or allowing specific sites for specific departments or individuals. The block bypass feature also allows certain individuals to have access to restricted categories or domains, ensuring that the right users have access to the right information.
3. Secure Internet Gateway Essentials
The Secure Internet Gateway (SIG) Essentials package incorporates all features of the DNS Security Advantage package as well as additional capabilities such as a full proxy for secure web gateway functionality, cloud-delivered firewall, sandbox file analysis with Cisco Secure Malware Analytics (known previously as Threat Grid), and cloud access security broker (CASB) functionality.
This package provides organizations with a complete solution for securing their network and remote/roaming users with ease and confidence. It simplifies management and provides visibility to control and manage applications from anywhere.
The following are some of the key features of the Secure Internet Gateway Essentials package:
DNS Security And SSL Inspection
SSL inspection (also known as SSL/TLS decryption) is the process of intercepting and decrypting secure web traffic to inspect for potential threats. This is important because many cyber attacks now use encrypted channels to hide their malicious activities.
Although the DNS Security Advantage package blocks access to malicious domains at the DNS level before any connection is made, some malicious websites may use HTTPS and SSL encryption to bypass this protection. To combat this, the SIG Essentials package includes SSL inspection capabilities to decrypt and inspect encrypted traffic for any signs of malicious activity. As part of Umbrella's Intelligent Proxy, SSL inspection uses advanced algorithms to quickly analyze the decrypted traffic and determine if it is safe or should be blocked.
Cloud Application Control And Data Loss Prevention
Data Loss Prevention (DLP) is a feature designed to prevent sensitive data from leaving an organization's network. This can include financial records, intellectual property, personal information, or any other data that could cause harm if it falls into the wrong hands.
In the context of the SIG Essentials package, DLP works in conjunction with cloud application control to monitor and control the transfer of sensitive data through cloud applications by analyzing outbound web traffic in real-time. This includes both inline and out-of-band analysis, giving organizations unified control over sensitive data leaving their network.
With an easy deployment process and flexible policy options, organizations can customize their DLP rules using pre-built data identifiers to meet compliance requirements and mitigate the risks associated with generative AI applications. The Umbrella multimode cloud DLP allows for inline SSL inspection through the secure web gateway proxy or out-of-band scanning of data at rest using SaaS APIs. This ensures that all data leaving an organization's network is thoroughly inspected for potential threats and policy violations. Additionally, both inline and out-of-band policies and reporting can be managed through a single interface, simplifying management for organizations.
4. Secure Internet Gateway Advantage
The Secure Internet Gateway (SIG) Advantage package is Cisco Umbrella's most comprehensive and valuable subscription offering. In addition to all the features included in SIG Essentials, this package includes advanced capabilities such as an intrusion prevention system (IPS), data loss prevention (DLP), and cloud malware detection. It also includes Cisco Secure Malware Analytics licenses providing organizations with enhanced protection against advanced threats.
The following are some of the key features of the Secure Internet Gateway Advantage package:
Protecting Against Zero-Day Attacks
A zero-day attack is a cyber attack that exploits a previously unknown vulnerability. This means that security measures such as antivirus software or firewalls are unable to detect and prevent the attack because they do not have signatures or patterns for it. These attacks can cause significant damage before they are discovered and mitigated.
To protect against these types of attacks, the SIG Advantage package includes Cisco Secure Malware Analytics. This tool uses advanced threat intelligence and machine learning to analyze unknown files for potential malicious behavior. It allows organizations to detect and block zero-day attacks before they can cause harm.
With the integration of Cisco Umbrella Investigate and Cisco Secure Malware Analytics, security analysts have access to a comprehensive view of an attacker's infrastructure and tactics. This empowers organizations to detect hidden attack methods, predict unknown threats, and respond quickly with automated alerts.
The solution also offers simple APIs for integration with SecureX and SIEMs, making it easier to enrich security data and speed up threat hunting and incident response. With a single, correlated source of intelligence, organizations can stay ahead of advanced threats and protect their networks from potential breaches.
Blocking Malicious Websites And Downloads
The SIG Advantage package also includes advanced capabilities to block malicious websites as well as prevent users from downloading potentially harmful content. This is achieved through a combination of DNS Security, SSL Inspection, and cloud malware detection, providing organizations with multiple layers of protection against cyber threats.
The SIG Advantage package also includes the Umbrella cloud-delivered firewall, providing organizations with comprehensive protection against inbound and outbound internet traffic. This feature allows for visibility and control of all traffic originating from requests going to the internet across all ports and protocols. The highlight features of this firewall include:
- Deployment, management, and reporting can all be done through the Umbrella single, unified dashboard. This streamlines the process for organizations and allows for easier management of their security measures.
- Customizable policies for IP, port, protocol, and application allow organizations to tailor their security measures according to their specific needs. Additionally, the IPS feature provides an extra layer of protection against network-based attacks by inspecting all traffic for known vulnerabilities and exploits.
- The Umbrella cloud-delivered firewall provides a Layer 3/4 firewall that logs all activity and also blocks unwanted traffic using IP, port, and protocol rules.
- Layer 7 application visibility and control allow organizations to identify thousands of applications and block or allow them based on their specific needs. This feature provides granular control over the types of applications that can be accessed through an organization's network, allowing administrators to ensure that only authorized and safe applications are being used.
- Intrusion prevention system (IPS) using SNORT 3 technology and signature-based detection to examine network traffic flows and prevent vulnerability exploits.
- Detection and blocking of vulnerability exploitation.
Advanced Threat Protection And Network Security Monitoring
The advanced threat protection and network security monitoring features in the SIG Advantage package provide organizations with enhanced visibility and control over their network traffic. These features include real-time monitoring for potential threats, customizable alerts, and detailed reporting to help organizations proactively identify and respond to cyber threats.
Benefits Of Cisco Umbrella
Cisco Umbrella provides organizations with a comprehensive and effective solution for securing their networks and remote users. With its different packages, organizations can choose the level of protection that best meets their needs. In addition to advanced security capabilities,
Cisco Umbrella also offers several benefits for organizations. Below are the benefits of using Cisco Umbrella services, regardless of the package.
- Easy deployment: Deploying Cisco Umbrella is quick and easy, requiring no hardware installation or software maintenance. This enables organizations to implement the solution quickly without disrupting their operations.
- Fast and reliable: Cisco Umbrella's cloud infrastructure is designed for speed and reliability, ensuring that DNS requests are resolved quickly and without any additional latency.
- Predictive intelligence: Cisco Umbrella's predictive intelligence constantly analyzes and monitors global internet activity to identify threats in real time. This allows the solution to proactively block suspicious IPs, domains, and URLs before they can cause harm.
Factors To Evaluate When Choosing A Cisco Umbrella Package
When considering which Cisco Umbrella package is right for your organization, there are several factors to evaluate. Each package offers different levels of protection and capabilities, so it is important to carefully consider your organization's specific needs. Below are some key factors to evaluate when choosing a Cisco Umbrella package.
- Performance: Performance is a key factor to evaluate when choosing a cloud-based security solution. All three Cisco Umbrella packages provide 100% cloud-based performance, eliminating the need for hardware installation or software maintenance. Additionally, Cisco Umbrella boasts an impressive uptime of 100%, resolving over 80 billion requests daily without lag or added latency.
- System protection: When considering a security solution for your organization's devices, it is essential to look for measures such as predictive security, policy enforcement, and protection against malware threats. This ensures that all devices, regardless of location or network connection, are secure from cyber attacks. Fortunately, all Cisco Umbrella packages offer these essential security measures. In addition, they also protect against C2 callbacks and phishing attempts over ports. The inclusion of these measures ensures comprehensive system protection for organizations using Cisco Umbrella.
- Enforcement: While all three Cisco Umbrella packages offer DNS-level enforcement, there are additional capabilities in the DNS Security Advantage and Secure Internet Gateway Essentials packages. These include blocking malicious URL paths and IP connections at the IP layer, as well as leveraging Cisco AMP (a separate product) and AV engines for URL and file inspection. These additional enforcement measures provide an added layer of protection against advanced threats, making them ideal for organizations with higher security needs.
- Visibility: While all three Cisco Umbrella packages offer real-time activity search and scheduled visibility reports, only the DNS Security Advantage and Secure Internet Gateway Essentials packages have additional capabilities. These include identifying targeted attacks and risks associated with cloud and IoT usage by comparing local and global risk activity. This package also provides reports on usage risks for over 1,800 services, giving organizations a comprehensive understanding of their internet activity. This added visibility makes the DNS Security Advantage and Secure Internet Gateway Essentials packages a valuable choice for organizations looking to closely monitor and mitigate potential risks.
- Management: While performance and system protection are vital aspects to consider, evaluating the management properties of Cisco Umbrella packages is also essential. All three packages offer customizable block and allow lists, as well as options for customized block pages and bypass settings. However, it is worth noting that the DNS Security Essentials package does not retain logs indefinitely and lacks integration with the Amazon S3 bucket. Additionally, it does not provide enforcement and visibility per Active Directory user/group. These differences in management capabilities should be considered when selecting the appropriate Cisco Umbrella package for your organization's needs.
Cisco Umbrella is a leading provider of cloud-based security solutions, offering secure and reliable services to millions of businesses worldwide. Their integrated security offerings include a unified firewall, secure web gateway, threat intelligence solution, and DNS-layer security. This comprehensive approach makes Cisco Umbrella an ideal choice for organizations looking to adopt direct internet access with roaming users and branches. Before selecting a package, it is crucial for businesses to carefully consider their specific security needs and choose the option that provides the most suitable measures for their organization.
Choose The Right Cisco Umbrella Solution For Your Business
Cisco Umbrella offers a range of comprehensive and reliable cloud-based security solutions to protect businesses from advanced threats. With options for DNS-layer security, secure web gateway, threat intelligence, and unified firewall, your organization can select the package that best fits its specific needs.
As a certified Cisco/Meraki partner, Hummingbird Networks offers two decades of experience and expertise to assist with your organization's IT needs. Our knowledgeable staff is equipped to handle large deployments, multi-site projects, and complex initiatives with ease. Contact us for more information on how we can help you choose the right Cisco Umbrella solution for your business needs.
