Benefits
The following components are integrated seamlessly in a single, cloud-delivered platform:
• DNS-layer security: DNS requests precede the IP connection, enabling DNS resolvers to log requested domains over any port or protocol for all network devices, office locations, and roaming users. You can monitor DNS requests, as well as subsequent IP connections, to improve accuracy and detection of compromised systems, security visibility, and network protection. You can also block requests to malicious destinations before a connection is even established, thus stopping threats before they reach your network or endpoints. Figure 8-24 illustrates Cisco Umbrella DNS-layer security.
Figure 8-24 Cisco Umbrella DNS-layer security
• Secure web gateway: A cloud-based full (or selective) proxy that can log and inspect your web traffic, including uploaded and downloaded files, for greater transparency, control, and protection against malware and other hidden threats. You can view detailed reporting with full URL addresses, network identity, allow or block actions, plus external IP addresses. You can also create policies for content filtering by category or specific URLs to block destinations that violate policies or compliance regulations. Figure 8-25 illustrates Cisco Umbrella as a secure web gateway.
Figure 8-25 Secure web gateway
• Cloud-delivered firewall: All Internet activity is logged and unwanted traffic is blocked using customizable IP, port, and protocol rules. To forward traffic, simply configure an IPsec tunnel from any network device. As new tunnels are created, security policies can automatically be applied for better visibility and control of all Internet traffic, including easy setup and consistent enforcement throughout your environment. Figure 8-26 illustrates Cisco Umbrella as a cloud-delivered firewall.
Figure 8-26 Cloud-delivered firewall
• Cloud access security broker (CASB): You can detect and report on the cloud applications in use across your environment as well as automatically generate overview reports on the vendor, category, application name, and the volume of activity for each discovered app. Drill-down reports include web reputation score, financial viability, and relevant compliance certifications to enable better management of cloud adoption, reduce risk, and provide more control to block the use of offensive or inappropriate cloud applications in the work environment. Figure 8-27 illustrates Cisco Umbrella as a cloud access security broker.
Figure 8-27 Cloud access security broker
• Interactive threat intelligence access: Umbrella utilizes threat intelligence from Cisco Talos, one of the largest commercial threat intelligence teams in the world, to uncover and block a broad spectrum of malicious domains, IPs, URLs, and files used in attacks. Cisco feeds volumes of global Internet activity into a combination of statistical and machine learning models to identify new attacks staged on the Internet to help organizations respond to the rise in threats, incidents, and breaches. You can view unparalleled threat intelligence in Cisco’s web console or integrate with your existing security tools for faster remediation. Figure 8-28 illustrates Cisco Umbrella utilizing threat intelligence.
Figure 8-28 Threat intelligence
• SD-WAN integration: You can deploy across your network and gain powerful cloud-delivered security to protect against threats on the Internet and when accessing the cloud. You can also create flexible security policies based on the level of protection and visibility you need—all in the Umbrella dashboard. Cisco’s integrated approach can efficiently protect your branch users, connected devices, and application usage from all DIA breakouts.