Cloud Access Security Broker – Cisco Cloud Security

Cloud Access Security Broker

Umbrella exposes shadow IT by providing the ability to detect and report on cloud applications in use across your organization. For discovered apps, you can view details on the risk level and block or control usage to better manage cloud adoption and reduce risk. Figure 8-16 illustrates Cisco Cloudlock’s “shadow IT” visibility.


Figure 8-16 Cisco Cloudlock’s “shadow IT” visibility

Interactive Threat Intelligence

Our unique view of the Internet gives us unprecedented insight into malicious domains, IPs, and URLs. Available via a console and API, Umbrella Investigate provides real-time context on malware, phishing, botnets, trojans, and other threats, enabling faster incident investigation and response.

Integration with SD‑WAN

The Umbrella and Cisco SD‑WAN integration deploys easily across your network for powerful cloud security and protection against Internet threats. Cisco’s integrated approach secures cloud access and efficiently protects your branch users, connected devices, and app usage from all direct Internet access breakouts. The App Discovery dashboard and Umbrella’s logs can be used for visibility.

Leveraging Umbrella Log Files for Shadow IT Visibility

You can now use your DNS logs to discover the cloud apps your users are accessing because Cisco provides in-product integration between Umbrella and Cloudlock. The Umbrella user interface can now be configured to include both the Cloudlock App Discovery dashboard and drill down reports based on your existing Umbrella DNS activity.

Dashboard for Visibility and Trends

The dashboard shows the level of cloud service activity and risk in your organization. It also provides a summary by app category that is sorted by risk level. This gives insight into potential policy and compliance violations if employees use a new cloud service instead of an approved app. Figure 8-17 illustrates the Cisco Umbrella App Discovery dashboard.


Figure 8-17 Cisco Umbrella App Discovery dashboard

Overview and Trending Information

The App Discovery dashboard provides an overview of the number of app requests by date and risk level to show patterns and changes over time. The most recent set of discovered and unreviewed apps is highlighted for easy access, and a chart showing the number of apps in each major category is provided with a breakdown by risk level. These summary charts allow point-and-click access to more detailed information on the category or individual application to simplify common administrator tasks.

Application Details

Preset application-level reports provide a list of apps labeled either Unreviewed, Under Audit, Approved, or Not Approved. You can easily apply filters to create custom views that help you understand and track by category, usage, type, or status. Figure 8-18 shows an example of a Cisco Umbrella application-level report.


Figure 8-18 Cisco Umbrella application-level report

Leave a Comment