Solution Briefs

Extend Threat Protection

Issue link: https://learn-umbrella.cisco.com/i/710484

Contents of this Issue

Navigation

Page 0 of 1

Gathering intelligence on advanced attacks that hit your networks is vital, but it's not enough. Cisco Umbrella gives you the power to block newly-detected threats beyond the network perimeter, everywhere your employees work. Security vendors such as Cisco, FireEye, and Check Point provide appliances to analyze and detect advanced malware and examine network traffic patterns to identify infected devices. While these appliances offer great visibility within your corporate network environment, they cannot block newly-detected threats for employees working off the corporate network. Through integration partnerships, Cisco Umbrella extends and enforces the local intelligence from your existing security stack to protect your employees, whether they're working on or off the corporate network. Most security integrations involve custom development and many hours of professional services. Not with Umbrella. In minutes, your local intelligence about malicious domains is extended beyond your perimeter. Your challenge: not every employee is protected Today, employees work from many locations, across multiple devices, and they are increasingly using public cloud services. Your organization's intellectual property or customer information will inevitably be accessed from unmanaged network locations. Can you count on all your roaming employees to always turn on their VPN while they are using Salesforce or Box? Maybe not. If VPNs are not always on, the only remaining defense from advanced attacks is traditional endpoint antivirus. Attackers increasingly target the weak link between roaming employees and the corporate network. To close the gap, could we free the intelligence that advanced threat defenses gather and locally silo at the perimeter and extend it to all endpoints? Yes, but it might require a high level of effort. First, relying on manual processes is no longer effective. Automation is critical to block newly-detected threats on endpoints. Second, it is very difficult to deploy a layer of security enforcement that prevents internet connections in real-time. Often, such inline blocking capabilities will slow down or disrupt internet connectivity and applications. If this happens, employees will find a way around your security controls. Yet, if both web and non-web communications can be blocked, an attack's initial malware infection and subsequent botnet callback can be stopped. About Cisco Umbrella Cisco Umbrella is a cloud security platform that provides the first line of defense against threats on the internet wherever users go. By learning from internet activity patterns, Umbrella automatically uncovers current and emerging threats. And because it's built into the foundation of the internet and delivered from the cloud, Umbrella is the simplest security product to deploy and delivers powerful, effective protection. © 2016 Cisco and/or its affiliates. All rights reserved. Extend your threat protection to any device, anywhere. S O LU T I O N B R I E F What is "local intelligence"? When you or your security stack analyzes an attack targeting your organization's assets (e.g. a network, a laptop, an app, a file, a user's identity) you gather unique and timely indicators of compromise on threats that directly impact your environment. We call this "local intelligence". It is different than "global intelligence", which is the result of anonymizing, aggregating and analyzing data from many customers and other sources.

Articles in this issue

view archives of Solution Briefs - Extend Threat Protection