May 14 2020

Review: Cisco Umbrella Helps Defeat Cyberthreats at Home

The software provides a first line of defense against internet threats for government workers in the office or working remotely.

Threats continue to increase in frequency and sophistication, particularly against state and local agencies. And when government workers connect to networks remotely, agencies must ensure consistent security for all users. It is the duty of IT leaders to bolster existing IT security capabilities. 

One major tool all agencies can leverage to increase network security is a cloud-based platform that safeguards agency users from malicious and nefarious websites as they navigate throughout the internet. The Cisco Umbrella is touted as a first line of defense for such a purpose, and my testing revealed it does a phenomenal job helping users avoid internet threats. It also can assist agencies in pinpointing compromised systems using real-time security and activity reports. 

Users Get Actionable Security Intelligence

Cisco Umbrella’s real-time security and activity reports are one of the surprising aspects of the software. They drive visibility as well as actionable intelligence — a big help if users bypass virtual private networks when working from home — and can help agencies avoid creating a network security blind spot.

Umbrella also lets agencies leverage threat intelligence from Cisco Talos, one of the largest commercial threat intelligence teams in the world, with more than 300 researchers. With Talos, Umbrella is able to block a huge array of malicious domains, nefarious IPs, and links and files being used in attacks. Talos processes large volumes of global internet activity in combination with statistical and machine learning models to identify new attacks and proactively protect users on the internet. 

Respond to Priority Security Alerts

Incident response is another way Cisco Umbrella can help agencies bolster network security. Immediate access to actionable intelligence is key to fast incident response, which can lag when security teams don’t have enough information. Umbrella eliminates this problem by categorizing and retaining all internet activity. This capability simplifies the investigations process IT security teams often have to undertake to determine attack vectors and create vulnerability maps.

The Umbrella Investigate console provides the context that properly prioritizes incidents, ultimately leading to faster incident response times. As a result, security operations centers improve their ability to detect and remediate threats faster, particularly through the added use of Cisco Threat Response, which further automates integrations across Cisco security products and aggregates Umbrella intelligence with other sources.

With technology like Cisco Umbrella, agencies can mitigate those threats by adding additional layers of security to protect both office workers and those telecommuting from home

Cisco Umbrella

Agencies Get a Tool to Defeats Phishing Attacks

Cyberattacks are ever-increasing, with phishing emails and spam campaigns hitting almost every inbox. Phishing mail is especially insidious, as it’s designed to trick users into disclosing sensitive, personal information or organizational details. Whenever state and local agencies increase teleworking, the threat becomes even more prominent. 

Cisco Umbrella is a cloud-native platform that enforces security at the DNS and IP layers built into the foundation of the internet. As a result, Umbrella is able to block requests made to malware, ransomware, phishing, botnet and malicious command-and-control servers. The block happens well before a connection is even established by the user device. This can help agencies stop threats over any port or protocol before it reaches agency networks or endpoints. 

Paired with Cisco’s selective proxy, agencies will receive deeper inspection of URLs and files looking for risky domains, while anti-virus engines and Cisco Advanced Malware Protection shut down threats. Umbrella even blocks direct IP connections from command-and-control callbacks for roaming users.

Umbrella also provides visibility into sanctioned and unsanctioned cloud services across an enterprise. This lets agencies uncover new services that are being activated and gain insights into who is using them. This can help identify potential risks and block specific applications easily. Umbrella also has a highly resilient network environment that boasts 100 percent uptime since 2006. 

Last but not least, features such as Anycast routing let any of Cisco’s 30 or more data centers across the globe provide security services using a single IP address, so that requests are transparent and sent to the nearest, fastest data center. This also provides strong and automatic failover as Umbrella collaborates with over 900 of the world’s top internet service providers along with content delivery networks and Software as a Service platforms. 

All of that equates to a critical speed boost for network defenders looking to enhance their efforts discovering and remediating threats on either normal days or whenever a crisis begins to stress operations.

Cisco Umbrella 

Product Type: SaaS 
On-network: Connects to any network device
Off-network: Available for laptops that use Windows, macOS, Chrome, Apple devices running iOS 11.3 or higher
Recommended Topology: Cisco AnyConnect, Cisco routers (ISR 1K, 4K series), Cisco Wireless LAN Controllers and Meraki MR/MX

Who_I_am/Getty Images