Feature Briefs

Lightweight transparent roaming client

Issue link: https://learn-umbrella.cisco.com/i/749067

Contents of this Issue


Page 0 of 1

We know everyone promises it. And we know you already have multiple clients on your endpoints. Our client's footprint in memory and on disk is 4 times smaller than antivirus because enforcement happens in the cloud. More importantly, Cisco Umbrella prevents threats — unlike many clients that just detect them. The Umbrella roaming client enables security at the DNS and IP layers, in the cloud, no matter where the endpoint is located. The client simply forwards DNS requests or tunnels suspect IP connections to the Umbrella global network. Something so simple is so powerful because it enables Umbrella to be a virtual "bump-in-the-wire" for every internet connection. We allow good requests. We redirect users to a block page for malicious requests. And we can even proxy the connection for deeper inspection, as needed. Other endpoint protection or cloud service clients scan all system activity or redirect all data traffic, which increases the system footprint, network latency, and end user burdens. Depending on your endpoint protection today, our customers are able to stop up to 98 percent more attacks when they deploy our roaming client — with the same endpoint impact as using instant messengers or downloading songs. © 2017 Cisco and/or its affiliates. All rights reserved. How the Cisco Umbrella roaming client enables lightweight & transparent security everywhere. F E AT U R E B R I E F Data Sources [1] Third-party report (http://static. symanteccloud.com/estore/ PassmarkReports/en/SEP/endpoint- protection-2014-performance-testing.pdf) [2] Third-party paper (http://www.invincea. com/wp-content/uploads/2014/01/Buyers- Guide-for-ATP-Endpoint-Solutions-1-4-14. docx.pdf) [3] Umbrella engineers determined the footprint in memory by measuring and aggregating the private working set, which is the RAM that is not shared between system processes, for all running Umbrella Roaming Client services. User-initiated network activity was simulated by rapidly requesting websites, including domains like tmz.com, which has many browser redirects that generate hundreds of DNS requests. The system under test was running Windows 7 SP1 x64 and contained 4GB memory and a I3-4005U CPU (1.70GHz, 2 cores, 4 logical processors). [4] Third-party service tracked Yahoo Messenger (j.mp/YahooIM), which includes two services: ymsgr_tray.exe (j.mp/ymsgr_tray) and YahooMessenger.exe (j.mp/ymsgr_IM). [5] Third-party article (http://filecatalyst.com/ todays-media-file-sizes-whats-average/) Footprint in memory (during operation) Footprint on disk (after installation) Antivirus scanner (average of 6 vendors 1 ) Antivirus scanner (across of 6 vendors 1 ) 185 MB (active) 775 MB (average) 153 MB (idle) 151 MB (smallest) Virtual container (1 example vendor 2 ) Virtual container (1 example vendor 2 ) ~50 MB 100 MB Umbrella roaming client (3-4 running services 3 ) Umbrella roaming client (all program files plus logs) 25-55MB* (active) 6-16MB Instant messenger (1 example vendor 4 ) 26 MB (min) 66 MB (max) Average MP3 file 5 3.5 MB *During stress tests, it consumes 45-55MB on Windows and 25-45 MB on Mac OS X. A fourth service (umbrella-ipsec.exe) runs on Mac OS X. Why add roaming protection? 1. Extend protection to laptops beyond the network perimeter. 2. Pinpoint activity to specific endpoints on and off the network. 3. Block malicious IP connections that bypass DNS lookups.

Articles in this issue

Links on this page

view archives of Feature Briefs - Lightweight transparent roaming client