CISCO UMBRELLA. Discharge. CISCO security in the cloud.

CISCO UMBRELLA. Discharge. CISCO security in the cloud.

Cisco Umbrella is the answer to your cloud security challenges.

Cisco Umbrella Helps Protect Internet Access of its users, whether they connect from their headquarters, branches or the user is roaming.

Your systems will be safe anytime, anywhere thanks to protection against malicious Internet addresses.

Umbrella acts as a security layer for Internet access, offering deep inspection and control to support security compliance and provide effective threat protection. Backed by Cisco Talos , one of the world’s largest threat intelligence teams , Cisco Umbrella presents them with threats for better investigation and response. Delivered from the cloud with 100% uptime, Cisco Umbrella offers up-to-date visibility to protect users anywhere.

Cisco Umbrella is security that adapts to the way we work today:

Protection for Remote Users and Roaming: Your users work from many locations and devices. They no longer need the VPN to get the job done – they use cloud applications, many of which have not been vetted by IT. What if you had a quick and easy way to protect users and enforce acceptable usage policies?

Protection against Cyber Threats : Threats continue to increase in sophistication, and the costs of cybercrime continue to rise. But attackers often reuse the same infrastructure in multiple attacks, leaving cyber fingerprints. What if you could use those fingerprints to discover attacks before they are launched?

As a cybersecurity officer, your goal is to reduce the time to detect and defend against malware. But with all your security devices, is your network more secure? Still flooded with infections? Your security team needs better intelligence, be fast, and have solutions that are flexible, integrated, and easy to implement and manage.

The evolution of CISCO UMBRELLA.

As a leading provider of recursive DNS services, CISCO has helped companies of all sizes and industries to connect to the Internet securely. CISCO has built a reputation for easy implementation and powerful protection no matter where users are.

To help organizations embrace direct access to the Internet, in addition to s DNS layer security and the interactive threat intelligence , Cisco Umbrella now includes functionality from:

  • secure web gateway
  • cloud firewall
  • cloud access security agent (CASB),
  • more integration with Cisco SD-WAN

Multiple security features in a single cloud security service

DNS layer security

Umbrella DNS Layer Security provides the fastest and easiest way to improve your security. It helps improve security visibility, detect compromised systems, and protect your users on and off the network by stopping threats on any port or protocol before they reach your network or endpoints.

Secure web gateway

Umbrella’s secure web gateway logs and inspects web traffic for complete visibility, URL and application controls, and protection against malware. Use IPsec tunnels, PAC files, or proxy chaining to forward traffic to our cloud-based proxy servers to enforce acceptable use policies and block advanced threats.


Umbrella’s firewall logs all activity and blocks unwanted traffic using IP, port, and protocol rules. To forward traffic, simply configure an IPsec tunnel from any network device. As new tunnels are created, policies are automatically applied for easy configuration and consistent enforcement throughout.

What CISCO UMBRELLA solution best suits your business?

From Solutel we recommend the DNS Security Advantage solution, to cover most of the needs of the profiles of the companies consulted.

DNS Security Essentials DNS SecurityAdvantage Secure InternetGateway (SIG) Essentials
For small businesses or as the first line of defense for businesses of any size For medium-sized companies or as the first line of defense for companies of any size For enterprises with Cisco SD-WAN and large enterprises with advanced security and web policy needs
Discharge By number of users
Security and Control
DNS Level Security
Block domains associated with phishing, malware, botnets, and other high-risk categories (crypto mining, newly viewed domains, etc.)
Block domains based on partner integrations (Splunk, Anomali and others) and custom lists using our application API
Block direct-to-IP traffic for C2 callbacks that bypass DNS ¹
Secure web gateway
Proxy web traffic for inspection Traffic associated with risky domains through selective proxy All web traffic
Decrypt and inspect SSL (HTTPS) traffic With selective proxy
Enable web filtering By domain or domain category By domain or domain category By domain, URL, or category
Create custom block / allow lists Of domains Of domains From URL
Block URLs based on Cisco Talos and third-party sources, and block files based on Cisco Advanced Malware Protection (AMP) AV engine and data With selective proxy
Use the Cisco Threat Grid cloud sandbox environment to analyze suspicious files (200 files / day)
Use retrospective security to identify previously benign files turned malicious
Cloud firewall
Create Layer 3 / Layer 4 policies to block specific IPs, ports, and protocols
Use IPSec tunnel termination
Cloud access security agent
Discover and block secondary IT (domain-based) with our application discovery report
Discover and Block Shadow IT (URL Based) with App Discovery Report
Create policies with granular controls (block uploads, attachments and posts) for selected applications
Umbrella Investigate
Access the Investigate web console to obtain information on interactive threats (5 logins)
Use the Investigate API to enrich other tools / systems with domain, URL, IP, and file threat intelligence (2,000 requests per day)
Integrate with Cisco Threat Response to aggregate threat activity across CiscoAMP, Threat Network, Email Security, NGFW, and Umbrella With app
API only
Deployment and management
Traffic forwarding
Forward external DNS traffic to:
• Network protection through Cisco (SD-WAN, Meraki MR, Integrated Services Router and Wireless LAN Controller) and third-party integrations (Cradlepoint, Aerohive and others)
• Off-network protection through AnyConnect, Umbrella roaming client, and Cisco Security Connector for iOS
Send outbound network traffic through IPSec tunnel, proxy chaining, or PAC files
User attribution
Create policies and view reports by:
• Network (IP output)
• Internal subnet ²
• Network device (including VLAN or SSID) ³
• mobile device
• Active Directory members (including specific users) ⁴
Create policies and view reports using SAML
Customize blocking pages and skip options
Use our multi-organization console to centrally manage decentralized organizations
Use our admin API to create, read, update and delete identities using proprietary internal tools
Reports and logs
Take advantage of real-time activity search and our reporting API to easily extract milestones
Choose North America or Europe for log storage
Use your Cisco or customer managed AWS S3 bucket to export and retain logs for as long as needed
Access domain request records in our user interface (30 days: detail, 1 year: summary)
Access full URL logs in our user interface (30 days: detail)
Access the firewall logs (IP, port and protocol) in our user interface (30 days: detail)
Enhanced – 24 x 7 technical + on-boarding Required Required
Premium – 24 x 7 technical + on-boarding + Technical Account Manager (TAM) Optional upgrade Optional upgrade
1 Requires Umbrella roaming client, Chromebook client, or roaming module for AnyConnect
2 Attribution of internal networks requires one of the following products a virtual appliance, Meraki MR, Cisco ISR, Cisco ASA / FTD or Cisco SD-WAN.
3 Requires integration of network devices with Cisco Integrated Services Router (ISR) or Cisco Wireless LAN Controller or Meraki MR
4 Active Directory (AD) policies and attributions require an Umbrella AD connector with Umbrella virtual appliance
o Umbrella roaming client o roaming module for AnyConnect
5 An Amazon account is not required when using the Cisco managed S3 bucket


Related news:

Share this post