In the last few years Cisco have made bold steps to accelerate and enhance innovation around its Security Portfolio, where security, cloud and software are all critical components in Cisco’s ongoing strategy. Cisco made a big step forward when in August 2015 they announced the completed acquisition of OpenDNS, a cloud security Software-as-a-Service (SaaS) platform which provides threat protection at the DNS layer.
OpenDNS the beginnings
OpenDNS was founded in 2006, starting life as a recursive DNS service whose goal was to provide faster and safer internet browsing for both home and business users. In 2012 OpenDNS extended their services in to Enterprise Business market with the release of the Umbrella service, a cloud delivered service which enforces security at the DNS layer, protecting users both on and off the corporate network. Enterprise customers were excited by the new Umbrella service, and the focus soon turned to how Umbrella made the decisions to categorise a domain or IP as malicious or safe, and whether this information could be made available to Umbrella customers. With increasing requests for this new requirement the OpenDNS team created a product based on their internal intelligence console which in 2013 launched as OpenDNS Investigate. In 2016, after completing the successful acquisition of OpenDNS, Cisco launched the re-branded service Cisco Umbrella.
What is Cisco Umbrella?
Cisco Umbrella is a Cloud driven Secure Internet Gateway that provides protection from Internet based threats, for users wherever they go. Umbrella’s global network processes billions of requests per day, analysing and learning internet activity to determine where attacks are being staged, so it can block requests to unwanted and malicious destinations before a connection is even established.
As a cloud-delivered service, Umbrella provides the visibility needed to protect internet access across all network devices, office locations, and roaming users. Internet activity is logged and categorized by the type of security threat or web content, and whether it was blocked or allowed.
- Cisco Umbrella includes the following security services:
- Prevents malware, ransomware or phishing attempts from malicious or fraudulent websites
- Prevents both web and non-web Botnet Command & Control call-backs from systems that are already compromised
- Protects roaming users and devices, regardless of their location and without the need to be connected to an office network or VPN.
- Inbuilt integration with Cisco AMP and Anti-virus engines provide file inspection capabilities.
- Enhanced visibility of real time security activity, to identify compromised systems and targeted attacks
- Enforces and complies with the organisation’s acceptable use policy, through the use of over 60 in built content categories, as well as custom defined white and black lists.
How does it work?
Cisco Umbrella uses DNS, the Domain Name System, to forward requests from your networks and users to the Umbrella DNS resolvers, preventing threats over any port or protocol, not just HTTP & HTTPS traffic. With the help of the roaming client even threats over direct IP connections can be stopped.
Using DNS we can make many threat discoveries, first off, all devices will send DNS requests to Cisco Umbrella, these request patterns will then be analysed to detect threats and anomalies, before a decision is made whether to permit or deny the traffic.
For example we can determine if a system is infected or compromised by the requests it is making. If we see that a device is sending requests to multiple known bad domains, it is likely that the device is compromised.
- A User makes a request to a website on the internet which results in a DNS request for the websites domain being sent to Umbrella.
- Umbrella analyses the request to determine whether the domain that the user is trying to access is malicious or safe. If the domain is deemed as safe, Umbrella responds with the IP address of the domain.
- The Users device then connects directly to the requested domain as normal.
- If Umbrella determines that the domain is unsafe to visit, Umbrella responds with the IP address of its Block page, preventing the User from ever connecting to the malicious domain. The same applies to already infected machines that might be trying to call back to these malicious domains.
The keys to Umbrella’s success is in its simplicity, and its ability to protect users regardless of where they are located. We see above that we can easily secure corporate users by redirecting DNS to Umbrella, but with the addition of the lightweight Umbrella Roaming Client, or the Cisco AnyConnect with Umbrella Roaming Security module, this protection can be extended to all users on or off the network. This applies to both home or remote users connecting through public Wi-Fi, without the need to connect to the corporate VPN.
In summary Cisco Umbrella provides:
- Fast and effective protection against threats such as Malware, Ransomware, Phishing & Command and Control call backs.
- Protects with no added performance impact.
- Protects when both on or off the network.
- Greatly enhances your visibility.
- Assists with identifying devices that may already be infected.
- And in most cases Umbrella can be protecting your network in around 30 mins.
For more information on Cisco Umbrella and how it can protect you, please refer to our Product & Service pages or get in touch with us using our Contact page.