Solution Briefs

Trusting Selective Inspection

Issue link: https://learn-umbrella.cisco.com/i/819588

Contents of this Issue

Navigation

Page 0 of 1

Cisco Umbrella Internet request Cisco WSA Web request Cisco ESA Message request #1 Inspect the request Statistical models and black/white-lists Sender reputation and black/white-lists 1 Reject Malicious senders Mail transfer All other senders Accept Trusted senders Block Malicious destinations Web proxy Risky destinations Allow All other destinations #2 Inspect the header HTTP request URL reputation and blacklists 1 HTTP request URL reputation and black/white-lists 1 Block Blacklist or low score Scan All others Block Blacklist or low score Scan All other Allow Whitelist or high score SMTP connection HTTP response HTTP response #3 Inspect the content File reputation and AV signatures File reputation and AV signatures Spam filtering File reputation and AV signatures Block Allow 2 Block Allow 2 Block Allow 2 When it comes to the Cisco Umbrella intelligent proxy, what the proxy does not do is just as important as what it does. Unlike a traditional secure web gateway, Umbrella does not proxy everything — saving administrators from complexity and end-users from added latency. The Umbrella machine learning and statistical models weed out malicious and safe connections, and Umbrella proxies only those that are risky. Umbrella optimizes the protection-to- performance ratio directly in the cloud using live threat intelligence to make the best- informed decision. While this may seem radically different from web and email gateways, many steps in the process are in fact very much the same. Like Umbrella, the Cisco Web Security Appliance (WSA) and Email Security Appliance (ESA) use Cisco's industry-leading intelligence for selective inspection. Risky domains Risky domains are sites that contain both safe and known malicious content. These domains are often associated with a web server or site that have the possibility of hosting malware. Trusting selective inspection S O LU T I O N B R I E F © 2017 Cisco and/or its affiliates. All rights reserved.

Articles in this issue

Links on this page

view archives of Solution Briefs - Trusting Selective Inspection