Through their partnership with Cisco, Meraki makes networks that are easy to manage and scale, while also delivering top-tier security out of the box. A Meraki network utilizes cloud-based smart configuration systems, allowing you to attach a new Meraki device to your network and have it instantly self-configure, along with also self-updating and having access to top-tier Cisco security systems.
However, there are still limitations to the amount of security that Meraki can provide (or any brand for that matter) - particularly if your workers are roaming outside of your business network. Perhaps you have a VPN that they're supposed to be logging into for any work-related activity, but not every employee does this. In fact, Cisco's own research suggests that only one in five workers actually uses a secure business VPN when available.
This is somewhat understandable for the user; VPNs tend to drastically slow down connections and can be frustrating productivity wise. However, it's still a massive security risk. Clearly a better solution was called for, and it's here in the form of Cisco Umbrella.
What Is Cisco Umbrella?
Cisco Umbrella is a cloud-based DNS replacement (security at the DNS layer with zero latency), which can work with or without users connected to a VPN. The basic way it works is simple:
- You purchase and register the appropriate Umbrella licenses.
- You update the DNS on your firewall or router to utilize the Umbrella DNS records. Depending on which license you purchase, you can (and should) install the Umbrella roaming agent on laptops- for protection outside the firewall.
- Every online activity your employees take on these devices is then routed through some of the most powerful and sophisticated anti-malware systems in the world first, courtesy of Cisco's Talos malware tracking and identification initiative. Each DNS request (or website URL address) is first looked up in Cisco's (perhaps hundreds of billions) of known potentially malicious websites. This address list is updated in real-time 24/7.
It's the fastest and easiest way to provide mobile security. In addition, you can also get access to a cloud-based Umbrella Dashboard which offers detailed granular tracking of all employee usage and your hub to make policy changes.
Better yet, Umbrella can also be integrated directly into your Meraki MX-series firewalls and\or MR-series access points, so that anyone accessing your Meraki network is automatically routed through the Umbrella DNS servers as well.
Combining Cisco Umbrella with Meraki Networks
You've got two basic options in combining Umbrella into an existing Meraki network, which will partially determine which and how many licenses you need.
First, you can apply Umbrella directly to a Meraki MX-series firewall, which instantly applies the DNS to any traffic on your network going through the firewall. In this case, the licensing is simply based on the total number of users.
Or, you can apply Umbrella to your MR-series access point. There are two ways this can happen: automatic integration or manual integration.
Automatic integration
Automatic integration is the simpler of the two methods, and only requires the Meraki MR Advanced Security License (which we strongly recommend anyway). This routes all traffic on that AP through Umbrella DNS servers automatically. However, you do not get access to the Umbrella Dashboard, or any ability to create custom policies. It is the easiest way to protect your network, but there isn't much granular visibility inside the Meraki dashboard. We hope that will change over time.
API integration
API integration is more complicated, and requires purchasing separate Umbrella licenses. However, in this scenario you get full benefits of Umbrella licensing, including Dashboard access and the ability to create custom policies or even host custom software utilizing the API for DNS integration.
(Important note: The Umbrella Dashboard is separate from your Meraki Dashboard. Taking this option requires managing two dashboards.)
The Three Types Of Cisco Umbrella Licenses
Finally, let's take a quick look at the three basic Umbrella license types. As is typical, they're distinguished based on price vs features.
1. DNS Security Essentials
This is the entry-level license, aimed primarily at startups and SMBs. You get the core DNS security services, web filtering, domain block lists, and some basic tracking features. There aren't a lot of options, but it still provides a lot of high-powered security for the money.
2. DNS Security Advantage
Security Advantage is the mid-tier all-around license, which can be right for businesses of nearly any size. Along with the "essentials," you also get IP blocking, significantly more sniffing and filtering, and access to a robust web console with the high-level Umbrella Investigate analysis systems for backtracking infections/attacks.
3. Secure Internet Gateway Essentials
This is the top-tier license which utilizes everything Umbrella has to offer, and is aimed at large-scale operations with extensive WANs and customized policies. All traffic can be monitored, filtered, tracked, or investigated, and you also get a cloud-based firewall. This allows for an unprecedented level of insight into how mobile users are utilizing your network.
Umbrella + Meraki = Simple Robust Security
If you have a Meraki network, but your workforce does a lot of mobile connecting, an upgrade to Cisco Umbrella would be a very good idea. It plugs one of the biggest gaps in your overall security profile.
You have a lot of options in Umbrella licensing with multiple potential upgrade paths, so please contact Hummingbird Networks for a free consultation on your choices!
