Umbrella Integrations
Umbrella, while providing multiple levels of defense against Internet-based threats, is the center piece of a larger architecture for Internet security. Figure 8-29 illustrates Cisco Umbrella integrations.
Figure 8-29 Cisco Umbrella integrations
This section will explore the integrations that occur with other products in the Cisco portfolio and the role each plays in securing the business flows.
Backhauling Internet-bound traffic from remote sites is expensive and adds latency. Many organizations are upgrading their network infrastructure by adopting SD-WAN and enabling DIA. With the Umbrella and Cisco SD-WAN integration, you can simply and rapidly deploy Umbrella IPsec tunnels across your network and gain powerful cloud-delivered security to protect against threats on the Internet and secure cloud access. This market-leading automation makes it easy to deploy and manage the security environment over tens, hundreds, or even thousands of remote sites. Umbrella’s DNS security also can be deployed with a single configuration in the Cisco SD-WAN vManage dashboard. When you need additional security and more granular controls, Cisco’s integrated approach can efficiently protect your branch users, connected devices, and application usage at all DIA breakouts. Umbrella offers flexibility to create security policies based on the level of protection and visibility you need—all in the Umbrella dashboard. Figure 8-30 illustrates Cisco Umbrella integration with SD-WAN.
Figure 8-30 Cisco SD-WAN integration
The Cisco SecureX platform connects the breadth of Cisco’s integrated security portfolio and additional third-party tools for a consistent, simplified experience to unify visibility, enable automation, and strengthen security. It aggregates data from a multitude of Cisco and partner products for improved intelligence and faster response time. You can immediately visualize the threat and its organizational impact and get an at-a-glance verdict for the observables you are investigating through a visually intuitive relations graph. It enables you to triage, prioritize, track, and respond to high-fidelity alerts through the built-in Incident Manager. Then you can take rapid response actions across multiple security products, such as isolate hosts, block files and domains, and block IPs, all from one convenient interface. SecureX empowers your security operations center (SOC) teams with a single console for direct remediation, access to threat intelligence, and tools such as Casebook and Incident Manager. It overcomes many challenges by making threat investigations faster, simpler, and more effective. Figure 8-31 shows Cisco Umbrella integration with SecureX.
Figure 8-31 Cisco SecureX Integration
Umbrella is not an open proxy and therefore must trust the source forwarding web traffic to it. This can be accomplished by assigning either a network or tunnel identity to a web policy. Policies created in this fashion apply broadly to any web traffic originating from the network or tunnel. However, to create more granular policies for users or groups, Security Assertion Markup Language (SAML) should be implemented or AnyConnect should be installed on the devices. Identities obtained from SAML can be matched to users and groups that have been provisioned by manually importing a CSV file from Active Directory This can also be done automatically by using Active Directory–based provisioning with the Umbrella AD Connector. Duo Access Gateway acts as an identity provider (IdP), authenticating your users using existing on-premises or cloud-based directory credentials and prompting for two-factor authentication before permitting access to your service provider application. Figure 8-32 illustrates Cisco Umbrella integration with Duo.