Solution Briefs

Buyer's Guide -10 Things to Look for in a SIG

Issue link: https://learn-umbrella.cisco.com/i/781128

Contents of this Issue

Navigation

Page 1 of 2

2 Cloud-delivered security platform The benefits and capabilities that a SIG provides can only be achieved when the platform is entirely built and delivered via the cloud. A SIG must also provide a comprehensive, yet simple way to get all traffic to the cloud platform for analysis. With Umbrella, there's no hardware to deploy or software to maintain, and it can scale to meet the needs of any organization. Umbrella uses DNS — a foundational component of how the internet works — as the main mechanism to get all internet requests to the cloud. Umbrella also has tight integration with Cisco endpoint and network products (AnyConnect, ISR, Wireless LAN Controllers, etc.) to make it even easier. Additionally, with the Cisco Security Connector app, you can use the Umbrella extension to protect supervised iOS 11 devices. © 2018 Cisco and/or its affiliates. All rights reserved. 3 Protection against threats over all ports and protocols With comprehensive coverage over every protocol and port, a SIG is able to protect against a broader range of attacks. By using DNS, Umbrella stops threats over all ports and protocols — not just web ports 80 and 443 like a traditional web proxy. The DNS request becomes the very first point at which Umbrella enforces security, by determining whether the domain or IP is legitimate or malicious. 4 Proxy-based inspection of web traffic and files A SIG must have a cloud proxy to be able to more deeply inspect web traffic, especially for requests to risky sites. The proxy should be built using the latest technology and offer the ability to inspect files using antivirus (AV) engines and behavioral sandboxing. With the Umbrella intelligent proxy, only requests to risky domains (those hosting malicious and legitimate content) are proxied for deeper inspection — removing performance impacts felt by traditional proxies. Our proxy was built using a microservices architecture that automatically scales for better performance, and we check files against AV engines and Cisco Advanced Malware Protection file reputation services (http://cs.co/IntelligentProxy). 5 Open platform to integrate with your existing security stack A SIG must be built as an open platform that can integrate and share intelligence and event data with other systems. To better defend against today's threats, you need the ability to share information automatically between systems, and a SIG should be able to extend protection beyond the perimeter and help amplify investments you've already made. Umbrella was built with a bidirectional API to easily integrate with existing systems including security appliances, intelligence platforms or feeds, and custom, in-house tools. Using our API, you can send local intelligence into Umbrella and enforce it globally within minutes. You can also query our threat intelligence using the Cisco Umbrella Investigate API and enrich security event data in your SIEM or other systems. 6 Discovery and control for SaaS apps Cloud Access Security Brokers (CASB) solutions protect the usage of data and applications in the cloud. A SIG should work together with a CASB to provide more comprehensive visibility and control of SaaS apps. Umbrella works directly with Cisco Cloudlock to provide visibility into and to control the use of sanctioned and unsanctioned SaaS apps. For example, Cloudlock helps control data usage for sanctioned apps, and Umbrella can uncover unsanctioned SaaS apps being used by employees and can be used to prevent access to those apps if needed. Together, Umbrella and Cloudlock protect your users, data, and infrastructure wherever they are. ALL PORTS

Articles in this issue

Links on this page

view archives of Solution Briefs - Buyer's Guide -10 Things to Look for in a SIG