Solution Briefs

Extend Threat Protection

Issue link: https://learn-umbrella.cisco.com/i/710484

Contents of this Issue

Navigation

Page 1 of 1

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this URL: www.cisco.com/go/trademarks. Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (1110R) Our solution: enforce our partners' intelligence everywhere Our partners gather powerful real-time intelligence about newly-detected threats hitting your corporate network. Umbrella makes sure that intelligence protects your employees everywhere they work. Our cloud security platform Cisco Umbrella provides the first line of defense against threats on the internet wherever users go. The cloud- delivered security service is powered by our global intelligence to automate protection against known and emergent threats. Now, we have added an API designed for partners and practitioners. Umbrella's API automatically validates and globally enforces local intelligence gathered from multiple sources (e.g. appliances, endpoints, feeds). The Umbrella API is available as part of the Umbrella Platform package. Umbrella's partner ecosystem Umbrella integrates with security controls from market leaders and innovative startups to ensure our customers get the most out of their existing security stack. These security controls offer advanced threat defenses (ATDs) including data file analysis, network traffic analysis, endpoint behavioral analysis, and threat intelligence services. By leveraging Umbrella's platform, joint customers extend and enforce the intelligence from these security controls globally, even when users are off the corporate network. How it works First, point DNS requests to the Cisco Umbrella global network. • For roaming employees, if you use Cisco AnyConnect clients, then you can simply enable the roaming security module — without requiring another agent. Alternatively, you can deploy a lightweight and transparent agent on Windows or Mac laptops. The agent only redirects DNS requests. • For managed networks, just change one IP address on routers, wireless access points, or DNS servers. • All policies are enforced and stay up-to-date in the cloud. Second, point real-time alerts to Umbrella's platform. • To enable partner integrations in minutes, just copy a few lines of information from Umbrella's UI and paste it into the partner's UI. • For practitioners, create basic scripts using Umbrella's documented API. These scripts automate the sending of indicators of compromise contained in a threat feed, SIEM, or incident response process. • In both cases, our platform automatically extracts DNS attributes from each alert, checks for false positives, and updates a customer- specific threat list. Together, Umbrella and your local intelligence can deliver global protection against advanced attacks. Internet connectivity is secured on any device, and over any port, protocol or app without slowing employees down. Umbrella reports which specific devices or employees were protected. And additional security insights and investigative features allow security practitioners to determine whether the attack was targeted and if it is related to other known or advanced threats. " By 2017, at least 50% of technology providers will use intelligence-sharing capabilities between disparate technologies and across different vendors to support orchestrated security policy responses across protected environments." Lawrence Pingree, Intelligence-Aware Security Controls Featured Partners: The FireEye NX Series appliances detect advanced malware that bypass traditional signature-based defenses. This detection works in real- time using FireEye's purpose- built, virtual machine-based web security platform. Joint customers can globally block FireEye-detected indicators of compromise. The Check Point Security Gateway, Power-1, and UTM- 1 appliances identify bot- infected devices by detecting command and control (C&C) communications using Check Point's Anti-Bot Software Blade. Joint customers can globally block Check Point-detected C&C communication origins. Malicious domain identied by partner product or your local intelligence Checked and validated by Umbrella Extend protection to all locations & users globally with Umbrella

Articles in this issue

Links on this page

view archives of Solution Briefs - Extend Threat Protection