What Cisco Umbrella package should I consider?
Let’s talk Cisco Umbrella and the various packages on offer…
“Umbrella package” is a very broad term but essentially Cisco offer five variants of the same product, each with it’s own particular set of benefits, and each suited to specific business needs.
On top of the Cisco product, Ironshare offer a number of additional services.
Let’s take a look at each option, its pros and cons, and how much it costs, and then see if we can narrow it down a bit so that you make the right choice for your company.
First up, we have the Cisco Umbrella ‘Roaming’ package.
This is the basic network security package that only protects employees classed as roaming users who are not regularly connected to your network (i.e. it won’t provide any protection for internal non-roaming staff connected to the office network). It provides reporting on which websites are being accessed but does not enable you to block access to specific sites. The protection for this package is provided through the Cisco Anyconnect Roaming Security or Umbrella Roaming Clients.
You might want to purchase this if you want to know what sites your roaming employees are accessing, and also if you feel those same users lack security protection when away from the office.
This package does require existing Cisco Firewalls (ASA or NGFW) with Cisco AnyConnect Client software or alternatively the Umbrella Roaming Client software.
It would be particularly useful for those employees that are often on the road like sales people, and would support and protect them when they connect remotely, even if they do not use your company VPN (Virtual Private Network).
Next, we have the ‘Branch’ package.
This package is targeted at companies that are medium sized or above, where branch or remote offices become more relevant. Security enforcement in these areas is difficult and there is often a lack of visibility of what the users are accessing, and whether local security controls are truly in operation.
Cisco Umbrella can be deployed very quickly and protect these branch offices (and their guests) from Malware, BotNet and Phishing attacks. Protection is only offered whilst users are on the branch or remote office network (i.e. it doesn’t work if they go out on the road, or work from home). Content filtering can be applied if required – for example you might want to prevent users from accessing social media, gambling or other such sites when they are in work.
The Branch package is used by integrating Umbrella with your existing Cisco ISR 4000 devices, this is achieved by simply upgrading the software and establishing a secure connection to Cisco Umbrella.
It’s a good layer of basic threat protection that is pretty much ‘set and forget’ for the IT professionals that support it.
The Cisco Umbrella ‘WLAN’ package
Provides protection specifically for devices that connect to the internet using your Wi-Fi network. Umbrella WLAN integrates with a broad range of Wireless LAN Controllers and Access Points, including Cisco, Cradlepoint, Aruba, Aerohive and other WLAN products.
The Umbrella WLAN package brings the benefits of visibility and policy control, for each public IP address and WLAN appliance configured.
The Cisco Umbrella ‘Professional’ package
Offers basic functionality both on-and-off your network and is ideally suited to retail and hospitality, healthcare, higher education and other industries that have a very widespread and decentralised operation.
It can be deployed to companies of any size, and can replace existing web filters and also secure your users wherever they go. It’s a nice level of consistent security for companies and organisations that have many different networked sites and also where Guest Wi-Fi is prevalent.
The Umbrella ‘Insights’ package
Contains all of the benefits from the other packages we’ve discussed, and more. It’s ideal for companies that not only want to prevent security breaches, they also want to take action and proactively seek out recognised threats within the company.
For instance, an employee’s PC might have become infected with a virus from a memory stick or an email attachment, and it could be attempting to send company information out to a malicious website. Umbrella would not only prevent that external contact being made, but it would also be able to help pinpoint the PC that needs further investigation e.g. a virus may need to be removed.
Companies interested in this proactive ‘clean up’ approach may recognise they have weaknesses within their current business security arrangement, or they might have other complications such as a decentralised network or a Bring Your Own Device (BYOD) policy.
Insights provides a layer of consistent security around the network perimeter. For companies that know they are susceptible to cyber-attacks, it enforces that first layer of security, provides further assurance and helps to prevent security breaches in the future.
Finally, there is the Umbrella ‘Platform’ package.
This is for larger businesses that have a dedicated security team in-place, who are ready to take action in the event of a security breach. Global enterprises may well adopt the platform package, particularly if they have been impacted in the past, and have perhaps become aware that that they need more visibility around their estates security.
Once again Umbrella provides a layer of consistent security around the network perimeter, and can block threats that other products cannot see, often minimising remediation effort.
The platform package includes a few extra services over and above Insights – it can integrate with other partner products through an Application Programming Interface (API) but most interestingly it includes access to the ‘Investigate’ console, which is where security teams can delve into the background of threats that are emerging in the wider world, or that have surfaced within their own company.
The threat intelligence provided through Investigate, can quickly add a lot of background information to any security related findings and can help Security Incident Response Teams (SIRTs) to identify best steps for remediation.
Cisco Umbrella Packages Summary
You may be reading about Cisco Umbrella for the first time, and there’s lots to consider, so don’t worry if you’re still a bit confused about which product is best for your business.
The Ironshare way is to simplify security. We try and avoid jargon as much as possible, so let’s cut to the chase and underline what options we recommend to prospective customers – hopefully it helps!
In terms of the packages covered above Ironshare will be providing the following as our core offerings:
- Umbrella MSSP (Managed Security Service Provider based on Insights)
- Umbrella Insights
- Umbrella Platform
Option 1 – Ironshare supply you with the licenced product
Maybe you’re quite familiar with the product range. As Cisco partners we can provide any of the Umbrella packages as a licensed product – you can install within your environment, you can learn how to use Umbrella, and you can manage the day-to-day analysis and periodic reporting.
Option 2 – The Ironshare Managed Service for SMEs (Small and Medium sized businesses)
Whilst there is value throughout the entire Umbrella product range, at Ironshare our managed service is focused on the Cisco Umbrella Insights package. This ensures that your users are protected both on and off-network, and you can also control which websites they access both on-site within the office and externally when they are using your equipment in hotels, and at home.
The additional benefit of this being an externally managed service is that we do the lot… from the rapid installation (with a little help from your techies), to the ongoing daily management and the regular reporting that helps you understand what websites users are accessing, and where threats exist (for example, we can identify PCs that have may have become infected and are therefore automatically and consistently trying to access malicious websites throughout the day.)
If your IT or security personnel want visible access to anything behind the scenes within Umbrella, we can provide them a console access for this purpose, but generally, we take care of everything and report back our findings on a regular basis.
Option 3 – The Ironshare Enterprise Level Managed Service (Large businesses with 5000+ users)
For larger companies that have their own dedicated security team we usually recommend the ‘Platform’ package. It comes with a fully customisable and powerful backend interface, which your team can use to delve into any threats that Umbrella identifies, and it can also be a useful tool for internal security investigations.
We still offer a fully managed service, so can take the strain away from your team – feeding in detailed information to make their life easier. It’s more of a collaborative service, but let’s your staff focus on their normal daily jobs without having to adopt and learn new products.
Cisco Umbrella is a very simple and yet very powerful Cloud based platform that can be remotely deployed (within a day in some instances – depending on the complexity of your network). Once it’s in operation, it provides immediate predictive security, both on-and-off your network, as well as content filtering and white and black list features to give better control over user activity, and much more.
Ironshare provide a fully managed service, meaning that all you need to do is tell us what you want to know about, and when. We’ll then tailor the service to your needs and deliver management reporting and recommendations as often as requested.
Our service is applicable to companies of all shapes and size, meaning that even the smallest businesses can get a full enterprise service, and use our reports to easily identify problem PCs, or employee activity concerns.
If you’d like to get detailed pricing for any of these options, please click here to Contact Us.