Cisco Umbrella – How Cloud Security is the way forward.
With more and more business starting to normalise working from home, it’s essential to have a multi-layered security solution in order to prevent any attacks or intrusions. It’s easier for criminals to attack home networks that business networks as most people do not have a home security solution to protect themselves.
First launched as a DNS provider, Umbrella has evolved over the years as the leading Cloud security provider on the market; with tons of applications to help keep you and your business, here’s exactly what it can do for you during the current pandemic.
Umbrella uses DNS to stop any threat to come in through any ports or protocols. By stopping Malware earlier you’re able to connect to your network in a safer manner, being pro-active towards threats is key in order to protect you and your business. This is also very effective against direct IP attacks.
By also enabling its Web security proxy, you’re able to help you staff and yourself not land on malicious websites that have for goal to steal your data. Umbrella routes any risky domains to a proxy in order to scan the website further and inspect any file that might compromise your business.
Some of the many benefits of having a DNS-layered security solution are:
Reduced malware and threat alerts:
By catching threats at the earliest point, Umbrella reduces your total amount of alerts and in the process reduces your chance to get an attack.
Improved Internet performance:
Umbrella has one of the most resilient networks on the market, with an impressive record of 100% uptime for businesses since 2006. Their datacentres use Anycast, so all connections you are requesting are always sent to the fastest available centre.
Proactivity towards threats:
Umbrella logs all your DNS activity in order to simplify any investigations if needed. Umbrella Investigate will give you context to prioritize incidents and speed up responses and Cisco Threat Response will automate insights across all Cisco products for quick answers.
Secure Web Gateway.
With most of the attacks coming from the web, it’s essential to protect your business and your users web traffic wherever they may be, including working from home on their laptop; in order to protect your users you must log your web traffic to maintain compliance and enabling investigations if needed. And all the above needs to be done all while not hurting your user’s performance or altering already complex networks and security infrastructures.
Secure Web Gateway (SWG) is a cloud-native service that can proxy all your web traffic for a more comprehensive level of visibility and control. It’ll enable you to log all usage, even from people working from home, protect against viruses and malware, and simplify any investigations you may need to do.
Here are the key features of SWG:
- Full URL logging/reporting: Better visibility of trends and faster investigations which lowers your remediation costs.
- Anti-virus and anti-malware file inspection and blocking: Thorough anti-virus and anti-malware scanning to reduce the number of successful attacks.
- SSL Decryption (full/selective): Ability to decrypt and inspect encrypted web traffic and block hidden attacks to lower the number of infections.
- Content control (URL filtering, acceptable use enforcement): Easily enforce acceptable use policies and block harmful URLs to ensure compliance and protect against malicious destinations.
- File sandboxing and retrospective alerts: Discover hidden threats and evasive malware that is used in advanced attacks to avoid breaches.
- Application visibility and control: Reduce risk from Shadow IT apps though visibility blocking and granular activity controls.
- Automated tunnel failover: Faster deployment and simplified management of tunnels.
Cloud based Firewall.
The Umbrella cloud-delivered firewall will give you visibility and control of your outbound internet traffic over all ports and protocols. It’ll log all the activity going out and blocks any of the unwanted traffic using IP, port and protocol rules as well as via application visibility and control. You can forward any traffic to the cloud to be inspected by the firewall by setting up an IPSec tunnel from any of your network devices.
With visibility and control, Umbrella will recognize any non-web applications and take appropriate action to block/allow them to go through. The cloud delivered firewall employs signature detection to identify and block 2800 applications already listed and more get added on a regular basis.
Here’s examples of what the cloud-delivered firewall can block:
- Block Shadow IT over non-web ports: It can block or allow any SaaS app from MS Teams, WebEx or Google Hangouts etc..
- Block insecure applications on non-standard ports: Stop remote virtual terminal connections into other networks (example: Telnet or Stop a file transfer)
- Block unsanctioned traffic over non-web ports: This would stop any unapproved traffic such as peer-to-peer traffic (TOR or BitTorrent for example)
Threat intelligence is one of the main strengths of Cisco umbrella, due to their vast knowledge and their unique vu of what’s happening on the web they can directly update what would be a potential attack and let you know what might try to attack you.
With it’s unique and complete vu of the relationships and evolution of internet domains, IPs and files, Umbrella Investigate is the all in one application to see what’s going on and helping to pinpoint attackers’ infrastructures and predict any future threats.
Investigate will show you potential risks and details on how it will be a risk, it’ll show you 3 metrics to pinpoint them:
- Risk Score: Access reliable threat scoring with rich visibility into what contributes to the score so you can sort threats out quicker.
- DNS request patters: See real time views of DNS requests to a particular domain; a sudden spike in traffic may indicate malicious intent.
- Passive DNS: Get deeper context on the domain with a snapshot of key event and tagged security categories for the pas 5 years.
Integration with SD-WAN.
Cisco SD-WAN is a cloud-delivered WAN architecture for secure multi-cloud transformation and updates; connect any user to your application and update them in real time. Integrated with Cisco Umbrella you will be able to enable direct internet access (DIA), from the branch for your users.
Integrating both systems will enable you simply infuse an effective cloud security solution throughout your SD-WAN network so you can protect your branch offices and roaming users.
Security and Visibility.
As more and more companies are opting for a working from home policy, and even more employees are using it, it’s key to protect you and your company.
Getting Cisco Umbrella will not only protect you, it will prevent any breaches from happening by analysing trends and any incidents that happened; It’ll also analyse what your staff are browsing all while not impacting any performance, the objective being keeping them safe.
If you want to put your mind at ease thanks to Umbrella, don’t hesitate to contact us, we’ll be happy to help you out.