Solution Briefs

Security beyond the SWG

Issue link: https://learn-umbrella.cisco.com/i/766938

Contents of this Issue

Navigation

Page 0 of 1

Just as AV cannot block enough malicious files, SWGs cannot block enough malicious destinations. Umbrella covers more destinations before files can even be seen. • Umbrella statistical models include live DGA 1 detection to predict malicious destinations used by (1) exploit kits to download ransomware and (2) ransomware to download encryption keys. Unlike SWGs, which rely on web reputation systems or rudimentary machine learning that are ineffective against today's DGAs. • Umbrella enforces security at the DNS, IP, and HTTP/S layers to learn, see, and block any app from calling back to any malicious destination. SWGs enforce security at the HTTP/S layer using a proxy; often only for browsers using PAC files. Yet malware is not browser dependant and may call back to attacker infrastructure using any port or protocol, easily bypassing a SWG. • Umbrella API allows any system to add malicious destinations into a custom category within seconds. Your security stack (e.g. SIEM, TIP, sandbox) locally detects malicious destinations all the time. But your SWG can do nothing with it. Not Umbrella — our open platform automatically converts local threat intel into global threat prevention. After months of network changes & browser exceptions, your SWG secured some but not all of your users. Not with Umbrella — it'll fill all your SWG gaps in minutes. • Umbrella secures every device on your network in minutes using an ubiquitous DNS setting in every network — nothing gets easier than this! Unlike SWGs, no PAC files, complex tunnels, or dedicated appliances are required to roll out Umbrella to a whole organization. • Umbrella secures every roaming laptop in minutes using a native integration with Cisco's endpoint footprint (AnyConnect) 3 — without requiring any action from your users. VPNs work when users access corporate resources, but VPNs are not needed to access cloud apps and are not enforced 4 . With SWGs, you deployed yet another agent or your sysadmin team pushed back; leaving a gap. With Umbrella, all users are protected on- or off-VPN without another agent. • Umbrella secures every branch office in minutes using a native integration with Cisco's network footprint (ISR 4000 series) — without requiring any action from DNS sysadmins. With SWGs, you deployed traffic forwarding appliances, hired professional services, or just gave up. With Umbrella, all locations are protected with an easy activation. © 2016 Cisco and/or its affiliates. All rights reserved. Security beyond the SWG: You need more effective, earlier, and automated threat protection over all ports and protocols. S O LU T I O N B R I E F " Camuto Group dropped Umbrella to test Zscaler and Websense. With Zscaler, "malware rose by thirty percent. We were getting up to three infections every day, spending a minimum of one to three hours each doing cleanup—more if we had to do a rebuild. The Websense product was just slow — it was like having extra software loaded on your PC. It increased latency by forty to fifty percent." Tom Olejniczak, Camuto Group Network Engineering Manager (read more at cs.co/camuto) 15% of C2 bypasses web ports 80 & 443 100% of C2 bypasses PAC deployments 185+ Million endpoins deployed with AnyConnect VPN Utilize your existing Cisco network footprint SWG (cloud or on-prem) Infected device Any device on network Roaming laptops Branch offices Safe request Blocked request Cisco Umbrella

Articles in this issue

Links on this page

view archives of Solution Briefs - Security beyond the SWG