The First Line of Defence With Cisco Umbrella

Digitization, the application of digital technology in all aspects of human society, is based on innovations such as cloud and software as a service, mobility, guest Wi-Fi, and IOT. These innovations are happening at the point of employee customer interaction. Cisco Umbrella DNS security helps to protect your network no matter where your employees are accessing your network from.

Not coincidentally, the branch is where 80% of customer facing employees and customers are served, and that number is increasing. With the increase in users, there’s an exponential increase in number of devices and applications. For example, research shows an approximate 73% growth in the number of mobile devices from 2014 to 2018, leading to 20% to 50% increase in enterprise bandwidth per year through 2018.

The proliferation of users, devices, and applications at the branch has led to three major security challenges. The increased number of users has led to an increased threat surface. According to recent Google Research, 89% of consumers use smartphones while shopping in stores. The increase in the number of devices has led to increased threat sophistication, as each update and refresh of a device leads to new attack methods and new capabilities to exploit.

The increase in applications has increased the complexity of mitigation as bandwidth usage is heightened and time to resolve attacks significantly increases. The branch is becoming the centre of focus for digitisation, but it is also becoming the centre of focus for advanced targeted threats. 30% of such threats specifically target branch offices as an entry point.

Another change at the branch that has led to security challenges is the increased use of direct internet access, or DIA. To meet the increasing demands of bandwidth at the branch, enterprises are enabling DIA, which, with certain Internet-bound traffic or public cloud traffic from the branch, can be routed directly to the internet. DIA helps reduce IT spending, ensure better application experiences, and provide guest Wi-Fi at the branch. However, traditional network and web security in the headquarters are unable to protect the direct-to-internet traffic, and organisations have limited visibility and control for sensitive data and applications in the cloud.

Cisco Umbrella provides solutions for these challenges. Umbrella is a subscription-based model and the fastest and easiest way to protect all your view users in minutes. Because it is delivered from the cloud, there is no hardware to install or software to manually update.

Umbrella provides the first line of defence against the threats on the internet, protecting against malware, phishing, and command and control callbacks wherever your users go. It protects your remote employees even when they are off the VPN. Umbrella provides complete visibility into internet activity across all locations, devices, and users, and blocks threats before they ever reach your network or endpoints. Threats come from malicious domains and IP addresses, so Umbrella blocks requests to malicious domains and IP addresses before a connection is ever established.

By applying statistical models to real time and historical data, Umbrella’s predictive intelligence can even predict which domains are probably malicious. Umbrella uses the domain name system, DNS, a foundation component of the internet, as one of the main mechanisms to get traffic to the cloud platform, and then uses it to enforce security, too. Let’s take a closer look at how this works.

Malware often uses command and control callbacks to communicate with the attacker for instructions or to ex-filtrate data. Cisco-conducted research found that 91% of command and control callbacks rely on DNS. So by using Cisco Umbrella, which provides DNS level protection, you have the ability to block the vast majority of those command and control callbacks.

The Umbrella cloud will verify the reputation of the target site and respond with a resolution. Because it is based on DNS operations, Umbrella can block command and control callback even from devices that are already infected. The use of DNS operations also helps provide secure, direct internet access from the branch. Regardless of the DNS configuration on endpoint browsers, all branch traffic, whether from employees, guest users, or BYOD devices, can be forwarded to the Umbrella cloud for DNS.

Let’s take a closer look at how the Umbrella brand solution works. Let’s say a user is trying to browse a website. The first thing that happens the DNS name resolution for the target site, such as www.xyz.com.

When the Umbrella DNS resolver receives the packet, it checks the reputation of the target domain requested by the user and it checks for any policy that exists for the tag. If the policy permits and the domain’s reputation is good, Umbrella responds to the DNS query with the original IP address of the target site.

If the target site is not allowed due to a bad reputation, Umbrella simply respond to the DNS query with a block of the server’s IP address. Although there are several Umbrella DNS security packages that offer various levels of protection, all are easy and fast to deploy. Optionally, you can configure a bypass list to bypass internal domains.

Cisco Umbrella DNS security makes it easy to configure and ensure compliance for web access. Extensive reporting and monitoring capabilities allow you to search through the logs on various parameters such as websites, categories, and network devices.

While DNS-based domain filtering provides the first level of defence against malware and other threats, additional Umbrella features are coming in the near future to provide more advanced capabilities. These capabilities include proxying the suspicious sites’ traffic to Umbrella for deep packet inspection, application visibility and control, content scanning, and advanced file inspection using AMP, all the while providing a single dashboard to manage policy and monitor user activities.