Datasheets

Cisco Umbrella at a glance

Issue link: https://learn-umbrella.cisco.com/i/784254

Contents of this Issue

Navigation

Page 0 of 1

At a glance Cisco Umbrella Cisco Umbrella at a glance Benefits • Mitigate remediation costs and breach damage: Because Cisco Umbrella is the first line of defense, security teams will have fewer malware infections to remediate and threats will be stopped before they cause damage. • Reduce the time to detect and contain threats: Cisco Umbrella contains command & control callbacks over any port or protocol and provides real- time reports on that activity. • Increase visibility into internet activity across all locations and users: Cisco Umbrella provides crucial visibility for incident response and also gives you confidence that you're seeing everything. • Uncover shadow IT and block risky apps: Cisco Umbrella's App Discovery and blocking provides cloud app visibility with vendor, app and risk details to enable secure cloud enablement plus the blocking of apps that are not approved. © 2018 Cisco and/or its affiliates. All rights reserved. In the past, desktops, business apps, and critical infrastructure were all located behind the firewall. Today, more and more is happening off-network. More roaming users. More corporate-owned laptops accessing the internet from other networks. More cloud apps, letting users get work done off the corporate network. And more branch offices connecting directly to the internet. By 2021, Gartner predicts the average company will have 25% of its corporate data traffic bypassing the network perimeter. When a user is off-network, they are more vulnerable and the organization lacks visibility and protection. If you rely on perimeter security alone, you're not fully protected. These gaps open the door for malware, ransomware, and other attacks. The first line of defense As a Secure Internet Gateway, Cisco Umbrella provides the first line of defense against threats on the internet wherever users go. Umbrella delivers complete visibility into internet activity across all locations, devices, and users, and blocks threats before they ever reach your network or endpoints. As a cloud-delivered, open platform, Umbrella integrates easily with your existing security stack and delivers live threat intelligence about current and emerging threats. By analyzing and learning from internet activity patterns, Umbrella automatically uncovers attacker infrastructure staged for attacks, and proactively blocks requests to malicious destinations before a connection is even established — without adding any latency for users. With Umbrella, you can stop phishing and malware infections earlier, identify already infected devices faster, and prevent data exfiltration. Enforcement built into the foundation of the internet The Domain Name System (DNS) is a foundational component of the internet — mapping domain names to IP addresses. When you click a link or type a URL, a DNS request initiates the process of connecting any device to the internet. Umbrella uses DNS as one of the main mechanisms to get traffic to our cloud platform, and then uses it to enforce security, too. When Umbrella receives a DNS request, it uses intelligence to determine if the request is safe, malicious or risky — meaning the domain contains both malicious and legitimate content. Safe and malicious requests are routed as usual or blocked, respectively. Risky requests are routed to our cloud-based proxy for deeper inspection. The Umbrella proxy uses Cisco Talos web reputation and other third-party feeds to determine if a URL is malicious. Our proxy also inspects files attempted to be downloaded from those risky sites using anti-virus (AV) engines and Cisco Advanced Malware Protection (AMP). And, based on the outcome of this inspection, the connection is allowed or blocked.

Articles in this issue

view archives of Datasheets - Cisco Umbrella at a glance