Cisco Umbrella at a glance

Issue link:

Contents of this Issue


Page 0 of 1

© 2018 Cisco and/or its affiliates. All rights reserved. In the past, desktops, business apps, and critical infrastructure were all located behind the firewall. Today, more and more is happening off-network. More roaming users. More corporate-owned laptops accessing the internet from other networks. More cloud apps, mean that users don't need to be on the corporate network to get work done. And more branch offices connecting directly to the internet. By 2021, Gartner predicts the average company will have 25% of its corporate data traffic bypassing the network perimeter. When a user is off-network, they are more vulnerable and the organization lacks visibility and protection. If you rely on perimeter security alone, you're not fully protected. These gaps open the door for malware, ransomware, and other attacks. The first line of defense As a Secure Internet Gateway, Cisco Umbrella provides the first line of defense against threats on the internet wherever users go. Umbrella delivers complete visibility into internet activity across all locations, devices, and users, and blocks threats before they ever reach your network or endpoints. As a cloud-delivered, open platform, Umbrella integrates easily with your existing security stack and delivers live threat intelligence about current and emerging threats. By analyzing and learning from internet activity patterns, Umbrella automatically uncovers attacker infrastructure staged for attacks, and proactively blocks requests to malicious destinations before a connection is even established — without adding any latency for users. With Umbrella, you can stop phishing and malware infections earlier, identify already infected devices faster, and prevent data exfiltration. Enforcement built into the foundation of the internet The Domain Name System (DNS) is a foundational component of the internet — mapping domain names to IP addresses. When you click a link or type a URL, a DNS request initiates the process of connecting any device to the internet. Umbrella uses DNS as one of the main mechanisms to get traffic to our cloud platform, and then uses it to enforce security, too. When Umbrella receives a DNS request, it uses intelligence to determine if the request is safe, malicious or risky — meaning the domain contains both malicious and legitimate content. Safe and malicious requests are routed as usual or blocked, respectively. Risky requests are routed to our cloud-based proxy for deeper inspection. The Umbrella proxy uses Cisco Talos web reputation and other third-party feeds to determine if a URL is malicious. Our proxy also inspects files attempted to be downloaded from those risky sites using anti-virus (AV) engines and Cisco Advanced Malware Protection (AMP). And, based on the outcome of this inspection, the connection is allowed or blocked. Cisco Umbrella at a glance. AT A G L A N C E Benefits Mitigate remediation costs and breach damage: Because Cisco Umbrella is the first line of defense, security teams will have fewer malware infections to remediate and threats will be stopped before they cause damage. Reduce the time to detect and contain threats: Cisco Umbrella contains command & control callbacks over any port or protocol and provides real-time reports on that activity. Increase visibility into internet activity across all locations and users: Cisco Umbrella provides crucial visibility for incident response and also gives you confidence that you're seeing everything. Identify cloud apps used across the business: Cisco Umbrella provides visibility into sanctioned and unsanctioned cloud services in use across the enterprise, so you can uncover new services being used, see who is using them, and identify potential risk. Block Stop phishing, malware, and ransomware earlier. Learn Intelligence to uncover current and emerging threats. See Visibility for activity across all devices and ports, anywhere. OPEN

Articles in this issue

view archives of Datasheets - Cisco Umbrella at a glance