The first line of defense with Cisco Umbrella

Digitization, the application of digital technology in all aspects of human society, is based on innovations such as cloud and software as a service, mobility, guest Wi-Fi, and IOT. These innovations are happening at the point of employee customer interaction.

Not coincidentally, the branch is where 80% of customer facing employees and customers are served, and that number is increasing. With the increase in users, there’s an exponential increase in number of devices and applications. For example, research shows anapproximate 73% growth in the number of mobile devices from 2014 to 2018, leading to 20% to 50% increase in enterprise bandwidthper year through 2018.

The proliferation of users, devices, and applications at the branch has led to three major security challenges. The increased number ofusers has led to an increased threat surface. According to recent Google Research, 89% of consumers use smart phones while shoppingin stores. The increase in number of devices has led to an increased threat sophistication, as each update and refresh of a device leadsto new attack methods and new capabilities to exploit.

The increase in applications has increased the complexity of mitigation as bandwidth usage is heightened and time to resolve attacks significantly increases. The branch is becoming the center of focus for digitisation, but it is also becoming the center of focus for advanced targeted threats. 30% of such threats specifically target branch offices as an entry point.

Another change at the branch that has led to security challenges is the increased use of direct internet access, or DIA. To meet theincreasing demands of bandwidth at the branch, enterprises are enabling DIA, which, with certain internet-bound traffic or public cloud traffic from the branch, can be routed directly to the internet. DIA helps reduce IT spending, ensure better application experiences, and provide guest Wi-Fi at the branch. However, traditional network and web security in the headquarters are unable to protect the direct-to-internet traffic, and organizations have limited visibility and control for sensitive data and applications in the cloud.

Cisco Umbrella provides solutions for these challenges. Umbrella is a subscription-based model and the fastest and easiest way to protect all your view users in minutes. Because it is delivered from the cloud, there is no hardware to install or software to manually update.

Cisco UmbrellaUmbrella provides the first line of defense against the threats on the internet, protecting against malware, phishing, and command and control callbacks wherever your users go. It protects your remote employees even when they are off the VPN. Umbrella provides complete visibility into internet activity across all locations, devices, and users, and blocks threats before they ever reach your network or endpoints. Threats come from malicious domains and IP addresses, so Umbrella blocks requests to malicious domains and IP addresses before a connection is ever established.

By applying statistical models to real time and historical data, Umbrella’s predictive intelligence can even predict which domains are probably malicious. Umbrella uses the domain name system, DNS, a foundational component of the internet, as one of the main mechanisms to get traffic to the cloud platform, and then uses it to enforce security, too. Let’s take a closer look at how this works.

Malware often uses command and control callbacks to communicate with the attacker for instructions or to exfiltrate data. Cisco-conducted research found that 91% of command and control callbacks rely on DNS. So by using Cisco Umbrella, which provides DNS level protection, you have the ability to block the vast majority of those command and control callbacks.

The Umbrella cloud will verify the reputation of the target site and respond with a resolution. Because itis based on DNS operations, Umbrella can block command and control callback even from devices that are already infected.

The use of DNS operations also helps provide secure, direct internet access from the branch. Regardless of the DNS configuration onendpoint browsers, all branch traffic, whether from employees, guest users, or BYOD devices, can be forwarded to the Umbrella cloud for DNS.

Let’s take a closer look at how the Umbrella brand solution works. Let’s say a user is trying to browse a website. The first thing that happens the DNS name resolution for the target site, such as www.xyz.com.

When the Umbrella DNS resolver receives the packet, it checks the reputation of the target domain requested by the user and it checks for any policy that exists for the tag. If the policy permits and the domain’s reputation is good, Umbrella responds to the DNS query withthe original IP address of the target site.

If the target site is not allowed by the m or due to a bad reputation, Umbrella simply respond to the DNS query with a block of the server’s IP address.

Although there are several Umbrella packages that offer various levels of protection, all are easy and fast to deploy. Optionally, you can configure a bypass list to bypass internal domains.

Cisco Umbrella makes it easy to configure and ensure compliance for web access. Extensive reporting and monitoring capabilities allowyou to search through the logs on various parameters such as websites, categories, and network devices.

While DNS-based domain filtering provides the first level of defense against malware and other threats, additional Umbrella features are coming in the near future to provide more advanced capabilities. These capabilities include proxying the suspicious sites’ traffic to Umbrella for deep packet inspection, application visibility and control, content scanning, and advanced file inspection using AMP, all the while providing a single dashboard to manage policy and monitor user activities.

 

Spread costs of all Cisco solutions over 3 years at 0% interest

Benefit sooner from Cisco cutting-edge technology and pay for it in predictable monthly payments with easylease 0% financing.

  • Combine hardware, software, services and third-party equipment on one contract
  • No upfront payment necessary
  • Easy to calculate: simply take the total price of your solution and divide it by 36
  • Release funds to reinvest in other business priorities
  • Limited between €1,000 and €250,000 overall deal size (or equivalent in local currency)

 

If you are interested in Cisco Umbrella contact us, one of our Architects will be able to assist you and go over your requirements.