Product Review: Cisco Umbrella

Vendor: Cisco Systems and Insight Enterprises

ProductCisco Umbrella


Intelligent security is a requirement in today’s market. As businesses become more mobile with employees working from an increasing number of locations outside of the office, enterprise security faces a new challenge. Companies need protection for employees on pubic wifi networks as well as those wired into the private network. It’s predicted that 25% of user activity will come from outside the network by 2021. Together with Insight Enterprises, Cisco Systems looks to solve this problem Cisco Umbrella, the industry’s first secure internet gateway to the cloud.

Umbrella’s uses domain name servers (DNS) as its security platform to protect users from potential threats. When a DNS request is made, Umbrella takes the request and determines whether or not the destination address is safe. Based on Umbrella’s analysis, users are directed to the desired web address (safe request), blocked (malicious request), or sent to a cloud-based proxy page for additional research (risky request). After additional information is analyzed by the system, risky requests are either allowed or blocked. Umbrella enforces security measures and catalogs incidents so reports can be viewed and analyzed at any time.


Figure 1. Cisco Umbrella generates security reports for all devices monitored by Umbrella.

Cisco Umbrella’s Product Marketing Manager, Meg Diaz, describes four key, overarching features of Umbrella: its deployment ease, proactive and preventative intelligence, integration with existing intelligence, and capabilities as a DNS provider. Because of Umbrella’s used of DNS to enforce security measures, it can be deployed in a matter of minutes across an entire enterprise. Since everything is performed on the cloud, there’s no hardware to install or software to manually update – ever.

Umbrella’s intelligence comes from its familiarity with DNS and IP addresses. Based on traffic pattern and security information across different addresses, Umbrella creates its own map of the internet, making note of safe, unsafe, and suspicious addresses (using the Investigate feature pictured in Figure 2). Umbrella learned patterns so that it can detect anomalies or suspicious IP addresses based on its model. This information comes from enterprise users as well as other information Umbrella has access to, so this mapping can actually proactively prevent users from visiting suspicious domains. Umbrella can also integrate with  on-premises intelligence to make the most of existing security measures coupled with Umbrella.


Figure 2. Umbrella’s Investigate feature learning and analyzing information from a suspicious address.

Finally, by choosing Umbrella, customers are choosing the second-fastest DNS provider worldwide. Umbrella becomes a recursive DNS provider while also adding security on top of this process. Customers ultimately benefit from faster and safer internet access.

Click here to watch a brief demo video of Umbrella.

Key Features and Benefits:

  • Visibility and protection everywhere
  • Intelligent analysis to detect attacks sooner
  • Open platform integration
  • Reduction in remediation costs and malware damage
  • Additional support from Insight results in an average of 30% increased productivity and 35% improved collaboration

Other DNS providers that compete with Umbrella’s DNS services include Google and Dyn. Neither provider compete’s with Umbrella’s security capabilities coupled with DNS services.

You can connect with Cisco’s security division at one of their many upcoming events. Upcoming events include Gartner Security and Risk Management 2017 (June 12-16) in San Diego, California and Cisco Live US 2017 (June 25-29) in Las Vegas, Nevada. A full list of upcoming events can be found on Cisco’s events page.


Additional Resources:

List up to 4 resources here