Feature Briefs

Custom Integrations

Issue link: https://learn-umbrella.cisco.com/i/718719

Contents of this Issue


Page 1 of 1

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this URL: www.cisco.com/go/trademarks. Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (1110R) Programmatically enrich your intelligence and actions Additionally, Cisco Umbrella Investigate has an API that can be used to enrich your local threat intelligence with our real-time, internet-wide context about suspicious domains, IPs, ASNs, and malware files. Using the Investigate API, you can automatically add our risk scores and other information to your existing IOCs and security event data — helping to quickly surface high impact security incidents and provide more intelligence for security analysts and incident responders. And all the time saved by eliminating manual configurations can be used for investigating incidents. Using the Investigate web-based console, you can query and interactively pivot on different data points during incident investigations and threat research. Enforce threat intelligence globally Today, mobile employees increasingly bypass their VPN agents for a variety of reasons. If VPNs are not always on, traffic will not always pass over the network's perimeter where you have deployed security appliances. Unlike appliances, Umbrella enforces threat intelligence globally using the Umbrella global network. While many new endpoint detection and response (EDR) agents only detect IOCs, Umbrella blocks advanced attacks before data breaches or new malware infections happen. Plus, many of these EDR agents still rely on VPN agents to receive updates when the device is off the network. Not with Umbrella, because all security enforcement and intelligence is in the cloud. Why Umbrella? • Threat prevention, not just threat detection • Protects on & off network, not limited to devices forwarding traffic through on-prem appliance • Always up-to-date, no need for device to VPN back to an on-prem server for updates • Block by domains for all ports, not just IP addresses or domains over ports 80/443 • Integrate in minutes, the simple API does not require pro services to be set-up Investigate offers direct access to predictive intelligence generated by our statistical models via 80B+ daily DNS queries & BGP data. Umbrella enforces both your IOCs and our predictive intelligence via the Umbrella global network of 25 data centers with 100% uptime. Customers simply point DNS at us to block malware, botnets/C2 & phishing over any port, protocol, or app.

Articles in this issue

view archives of Feature Briefs - Custom Integrations