In today's digital landscape, securing your organization's internet access and cloud app usage is paramount. It's not just about blocking the obvious threats; it's about creating a robust, unified defense that adapts to the ever-evolving cyber world. Cisco Umbrella aims to do just that, acting as a secure gateway to the internet, consolidating multiple security functions into one powerful platform.
Think of it like this: instead of juggling separate tools for web filtering, firewall rules, and cloud app control, Umbrella brings them all together. This unified approach, backed by Cisco Talos – one of the largest threat intelligence teams globally – means you get deep inspection and control, all delivered from the cloud with impressive uptime. It's designed to protect users wherever they are, whether they're in the office, at a branch location, or working remotely.
So, how do you choose the right Umbrella package? It really boils down to your organization's size, needs, and existing infrastructure.
DNS Security Essentials: The First Line of Defense
For smaller businesses, or as an initial layer of protection for any size company, DNS Security Essentials is a solid starting point. Its core strength lies in blocking domains associated with malicious activities – think phishing attempts, malware distribution, and botnets. It can also block domains based on custom lists or partner integrations, and even prevent direct-to-IP traffic that tries to bypass DNS security. It's about stopping threats at the very first step of an internet request.
DNS Security Advantage: Enhanced Control
Stepping up, DNS Security Advantage offers more robust capabilities. It builds upon the Essentials package by adding the ability to block domains based on categories (like risky or newly seen domains) and provides traffic inspection for domains flagged as risky through selective proxying. This means you get a more granular view and control over the types of websites your users can access.
Secure Internet Gateway (SIG) Essentials: Comprehensive Web Security
This package is ideal for companies that are already leveraging Cisco SD-WAN for direct internet access at their branches, or for larger organizations with more complex security and acceptable use policy enforcement needs. SIG Essentials goes beyond DNS-level protection. It includes a secure web gateway that proxies web traffic for inspection, allowing for SSL decryption, web filtering, and the creation of custom block/allow lists. It can also block files based on antivirus engines and advanced malware protection data, and even utilize Cisco's Threat Grid cloud sandbox to analyze suspicious files. Retrospective security is another key feature here, meaning it can identify files that were initially deemed safe but later turned out to be malicious.
Beyond the Core Packages: Additional Security Controls
Regardless of the package you choose, several security controls are consistently available, though their depth might vary. These include:
- Cloud-Delivered Firewall: This allows for layer 3/layer 4 policies to block specific IPs, ports, and protocols. For more advanced needs, a Layer 7 Cloud Firewall is also an option.
- Cloud Access Security Broker (CASB): This helps discover and block shadow IT – those unsanctioned cloud applications – by analyzing domain and URL usage. You can also create granular policies for specific apps, like blocking uploads or attachments.
- User Attribution: The ability to create policies and view reports based on various identifiers like network egress IP, internal subnets, network devices, roaming devices, and even Active Directory group membership is crucial for targeted enforcement and troubleshooting.
- Reporting and Logs: Access to real-time activity search and reporting APIs is essential for investigation and compliance. Depending on the package, you can access DNS request logs, full URL logs, and firewall logs, with options for log storage in North America or Europe, or even export to your own AWS S3 bucket.
Ultimately, selecting the right Cisco Umbrella package is about aligning its capabilities with your organization's specific security posture, compliance requirements, and operational needs. It's about building a layered defense that's both effective and manageable.
