Over the past 12 months, Cisco has embarked on a journey to take Umbrella to a new level.
DNS has always been at the heart of everything – from the recursive DNS service (OpenDNS) in 2006 to its entry into the enterprise security space in 2012 with the release of Umbrella. Security enforcement at the DNS level was brand new at the time, people began to see how valuable it was to have an overview of all Internet activity anywhere, and the incredibly effective way to block threats at the earliest possible moment. Add the fact that it comes from the cloud and can be deployed across the organisations in minutes … you can begin to see the appeal it has.
As more applications and infrastructures were being moved to the cloud and more people started working outside the network (and “forgetting” to turn their annoying VPN on) and having more direct Internet access in remote offices, Cisco learned more about their customers about what they needed in a security service. It was not just about DNS layer security – they needed more. Cisco Umbrella is now delivering much more than just DNS security.
Umbrella is now offering a secure web gateway, a cloud-powered firewall, and a Cloud Access Security Broker (CASB) -in addition to Investigate’s DNS security and threat information-in a single integrated cloud console. All this is available in Cisco’s new Umbrella package: Secure Internet Gateway Essentials. https://re-solution.co.uk/security-umbrella
By unifying multiple security services in the cloud, Umbrella now offers customers more flexibility, better visibility, and consistent enforcement wherever users work. The goal is simple: simplifying your security processes and reducing complexity will reduce risk and accelerate secure cloud adoption.
Here are some examples of innovations with Cisco Umbrella.
No more security silos
It can be an overwhelming undertaking to help your business transition to the cloud and secure direct Internet access. It requires skill and a considerable amount of resources. How many office locations do you need to back up? We have heard loud and clear that it is not sustainable for you to create a separate security stack at each location. By moving these core security services into a single cloud solution, you can consistently deploy the right level of security throughout your organisation. And you have the flexibility to deploy it as needed – you are not forced to proxy or deploy in a specific way. For example, with DNS you can start anywhere for fast protection and use additional security services (secure web gateway, firewall, CASB, etc.) wherever you need them.
Well-known technology, a brand new approach
IPSec tunnels have always existed. Cisco has decided to do something different based on customer feedback. Cisco has developed a new technology for IPSec tunnels that minimises downtime and eliminates the need for a patent-pending approach to secondary tunnels using anycast technology for automated failover. A single IPsec tunnel can be provisioned to send traffic from any network device, including SD-WAN, to Umbrella. This integrated approach, combined with anycast routing, can effectively protect branch office users, connected devices, and applications with 100% business availability from all Internet breaches.
Real-time detection of DNS tunnelling
Although Cisco has been a leader in DNS security for years, constant innovation is key. Understanding attackers’ tactics and adjusting Umbrella fast is crucial – DNA tunnelling is an example. DNS tunnelling uses the DNS protocol to detect non-DNS traffic (i.e. HTTP) over port 53. There are valid reasons why you are using DNS tunnelling, but attackers have used it for data exfiltration and callbacks of commands and controls. To better detect and stop this, Cisco extended Umbrella with advanced detection, real-time heuristics, signature and detection of encrypted data.
Deeper web control, subsequent alerts on malicious files
Umbrella’s new secure web gateway (full proxy) provides complete visibility, control and protection of web traffic with features such as URL-level content filtering, application blocking or app functionality, HTTPS decryption (either for selected sites or for all). File inspection with Cisco AMP (Advanced Malware Protection) and being able to run unknown files in a sandboxing environment through Cisco Threat Grid.
If you would like to learn more about Cisco Umbrella or to take up a free trial then get in touch below.