Feature Briefs

How the roaming client for Max OS X works

Issue link: https://learn-umbrella.cisco.com/i/801864

Contents of this Issue

Navigation

Page 0 of 1

Breach protection and internet-wide visibility everywhere Cisco Umbrella prevents system compromise and data exfiltration over any port or protocol — whether infections happen on or off the corporate network or if malware initiates command & control callbacks via DNS requests or direct IP connections. Our advanced threat prevention is transparent because there is no additional latency, memory hogs, or end user prompts. A virtual "bump-in-the-wire" for any internet activity Starting with DNS, we route over 80 million IP connections away from malicious destinations every day — covering nearly all attempts to compromise systems or exfiltrate data. But there are exceptions. A small number of malicious payloads use hard-coded IP addresses to establish direct command & control connections — bypassing the need to resolve a domain name. Unique innovations built into our network infrastructure and client software, as well as our predictive threat intelligence, address these targeted threats. Suspect IP connections are tunneled to our global network, then either the connection is blocked or traffic to safe URLs is further inspected via our transparent proxy. There's nothing you need to change on the device. There is no additional latency because most traffic is safe. Your users and apps won't even notice it's happening. Protect roaming users 1. Your CFO, Bob, is targeted by attackers while traveling. An email attachment with unique malware is opened, and compromises his laptop. 2. While Bob uses Office 365 to get some work done, the malware tries to call back to a command & control server over port 2000 using an encrypted P2P protocol. 3. Bob forgot to turn on his VPN, so there's no firewall. And there's no web traffic for a cloud proxy to inspect. But using Umbrella, the DNS request to a malicious domain and the non-DNS connection to a malicious IP is blocked. © 2017 Cisco and/or its affiliates. All rights reserved How the Cisco Umbrella roaming client for Mac OS X works at the DNS and IP layers. F E AT U R E B R I E F Umbrella global network 208.67.222.222 Safe trac Suspect trac Tunnel IP connection Safe IP or URL Bad IP or URL Umbrella roaming client Built-in OS networking stack Any running app Mac OS X device Umbrella roaming client Built-in OS networking stack Any running app Mac OS X device Umbrella roaming client Built-in OS networking stack Any running app Mac OS X device Internet Internet Internet Umbrella global network 208.67.222.222 Umbrella global network 208.67.222.222 Umbrella's suspect IP list inject routes to 208.67.222.222 for suspect IPs Step 1 continuously update list & watch for suspect traffic Step 2a safe traffic routed directly to internet Step 2b suspect traffic tunneled through Umbrella or Figure 1: Allow, block, or proxy non-DNS internet activity Note: The [Built-In Networking Stack] includes the Mac OS X IPsec VPN Client and Network Routing Table

Articles in this issue

view archives of Feature Briefs - How the roaming client for Max OS X works