Today, employees work from many locations, across multiple devices, and they are increasingly using public cloud services. To manage this rapidly shifting environment, organizations are using a plethora of point solutions to deal with specific cloud security challenges or new threats. This often results in too many tools and an overwhelming integration and management burden on security staff. In this changing security landscape, organizations need to:
- Mitigate remediation costs and breach damage.
- Reduce the time it takes to detect and contain threats.
- Increase visibility into internet activity across all locations and users.
- Gain visibility into cloud applications used across the business.
InfoSoft Systems is pleased to offer Cisco Umbrella, a leading provider of network security and recursive DNS services that enables the world to connect to the internet with confidence on any device. The proposed Umbrella provides secure internet access and cloud application controls for all office locations, branch offices and users, including remote or telecommuters.
Cisco Umbrella Advantage
Unlike disparate security tools, Umbrella has multiple security services integrated into a single cloud service. Umbrella acts as a secure onramp to the internet, delivers deep inspection and control to support compliance, and provides the most effective protection against threats for users anywhere they connect. Cisco Umbrella stands out in several ways
Umbrella covers a broad set of security functions that until now required separate SWG, firewall, DNS-layer security, CASB, and threat intelligence solutions. Enabling these from a single, unified service and user interface significantly reduces the time, money, and resources required for deployment, configuration, and management tasks. End users gain better performance and administrators can enforce a common set of security policies, no matter where their users go. Cloud delivery eliminates lengthy hardware installations and manual software updates.
- Integrations to amplify protection
- Broadest set of cloud security functionality in a single user interface
- Deepest, most interactive threat intelligence
- Unbeatable performance and reliability
- Most efficient security
- Easiest to deploy and manage
- Centralized management
- Reduce the time to detect and contain threats
- Increase visibility into internet activity across all locations and users
- Gain visibility into cloud applications used across the business
- Mitigate remediation costs and breach damage
Cisco Umbrella DNS-Layer Security solution delivers the first line of defense for threats on the internet by preventing devices from connecting to malicious sites. The offered DNS Security Essentials and DNS Security Advantage both reduce the chance of malware getting to your network or endpoints. Both products use DNS as the primary mechanism to deliver traffic to Cisco’s cloud service and enforce security. DNS is a foundational component of the internet, mapping domain names to IP addresses. When you click a link or type a URL, a DNS request initiates the process of connecting any device to the internet.
Umbrella can help you address the attack continuum.
- Before an attack: Before a connection is established or a malicious file is downloaded from the internet, there’s a DNS request. The proposed solution receives this request and uses Cisco’s intelligence to block threats at the earliest point. Using Cisco’s predictive intelligence, the proposed Umbrella uncovers and proactively blocks domains and IPs before they’re even used in attacks.
- During an attack: Let’s say a user receives a file that is not yet known to be malicious. As a result, it can run on the endpoint. As the program tries to connect to the attacker’s server to exfiltrate data, the proposed Umbrella stops and contains the C2 callback.
- After an attack: Respond quickly to critical incidents by using the Umbrella Investigate Console, available in DNS Security Advantage. The Umbrella Investigate Console can search up-to-the-minute threat data and historical context about domains, IPs, and file hashes.
Cisco Umbrella Components
The top-line summary below introduces key components that are seamlessly integrated in a single, cloud-delivered security service.
This is the first line of defense against threats because DNS resolution is the first step in internet access. DNS requests precede the IP connection, enabling DNS resolvers to log requested domains over any port or protocol. Umbrella blocks requests to malicious and unwanted destinations before a connection is even established — stopping threats before they reach your network or endpoints.
Umbrella offers a cloud-based full proxy that can log and inspect all your web traffic for greater transparency, control, and protection. IPsec tunnels, proxy auto-configuration (PAC) files, and proxy chaining can be used to forward traffic to Umbrella for full visibility, URL and application level controls, and advanced threat protection (ATP).
Umbrella exposes shadow IT by providing the ability to detect and report on cloud applications in use across your environment. It automatically generates reports on the application name, vendor, category, risk, and volume of activity for each discovered application. This insight enables better management of cloud adoption, risk reduction, and the ability to block the use of offensive or inappropriate cloud applications in the work environment.
Umbrella’s firewall logs all activity and blocks unwanted traffic using IP, port, and protocol rules. To forward traffic, simply configure an IPsec tunnel from any network device. As new tunnels are created, security policies can be applied automatically for easy setup and consistent enforcement throughout your environment. Layer 7, non-web app visibility and control is also available.
Our unique view of the internet enables us to uncover malicious domains, IPs, and URLs before they are used in attacks, and helps analysts to accelerate investigations. Not only does this threat intelligence power Umbrella, we give you access to the data. Umbrella Investigate provides real-time access to all of Umbrella’s threat intelligence about domains, IPs, and malware across the internet via a web console or API.
With the Umbrella and Cisco SD-WAN integration, you can easily deploy Umbrella across your network and gain powerful cloud-delivered security to protect against threats on the internet and when accessing the cloud. Our integrated approach can efficiently protect your branch users, connected devices, and application usage from all DIA breakouts.