Solution Briefs

Trusting selective inspection - SB

Issue link: https://learn-umbrella.cisco.com/i/819045

Contents of this Issue

Navigation

Page 0 of 1

When it comes to the Cisco Umbrella intelligent proxy, what the proxy does not do is just as important as what it does. Unlike a traditional secure web gateway, Umbrella does not proxy everything — saving administrators from complexity and end-users from added latency. The Umbrella machine learning and statistical models weed out malicious and safe connections, and Umbrella proxies only those that are risky. Umbrella optimizes the protection-to- performance ratio directly in the cloud using live threat intelligence to make the best- informed decision. While this may seem radically different from web and email gateways, many steps in the process are in fact very much the same. Like Umbrella, the Cisco Web Security Appliance (WSA) and Email Security Appliance (ESA) use Cisco's industry-leading intelligence for selective inspection. Risky domains Risky domains are sites that contain both safe and known malicious content. These domains are often associated with a web server or site that have the possibility of hosting malware. Trusting selective inspection S O LU T I O N B R I E F © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Umbrella Internet request #1: Inspect the request #2: Inspect the header #3: Inspect the content Cisco WSA Web request Cisco ESA Message request Statistical models and black/white-lists File reputation and AV signatures File reputation and AV signatures File reputation and AV signatures Span ltering URL reputation and blacklists 1 URL reputation 1 HTTP request SMTP connection HTTP response HTTP response Block Malicious destinations Web proxy Risky destinations Block Blacklist or low score Scan All other Block Allow 2 Block Allow 2 Block Allow 2 Block Blacklist or low score Allow Whitelist or high score Scan All other Allow All other destinations Sender reputation and black/white-lists 1 Reject Malicious senders Mail transfer All other senders Accept Trusted senders HTTP request

Articles in this issue

Links on this page

view archives of Solution Briefs - Trusting selective inspection - SB