CISCO UMBRELLA. Licensing. CISCO security in the cloud.
Cisco Umbrella is the answer to your cloud security challenges.
Cisco Umbrella helps protect your users' Internet access whether they are connecting from your head office, branch offices or roaming.
Your systems will be secure anytime, anywhere thanks to protection against malicious Internet addresses.
Umbrella acts as a security layer for Internet access and offers deep inspection and control to support security compliance and provide effective protection against threats. Backed by Cisco Talos, one of the world's largest threat intelligence teams, Cisco Umbrella presents threats for better investigation and response. Delivered from the cloud with 100% uptime, Cisco Umbrella provides visibility to protect users anywhere in an up-to-the-minute manner.
Cisco Umbrella is security that adapts to the way we work today:
Protection for Remote and Roaming Users: Your users work from many locations and devices. They no longer need VPN to get the job done: they use cloud applications, many of which have not been vetted by IT. What if you had a quick and easy way to protect users and enforce acceptable use policies? Cyber Threat Protection: Threats continue to increase in sophistication, and the costs of cybercrime continue to rise. But attackers often reuse the same infrastructure in multiple attacks, leaving cyber fingerprints. What if you could use those fingerprints to discover attacks before they are launched? As a cybersecurity manager, your goal is to reduce the time to detect and defend against malware. But with all your security devices, is your network more secure? Are you still flooded with infections? Your security team needs better intelligence, to be fast and to have solutions that are flexible, integrated and easy to deploy and manage.The evolution of CISCO UMBRELLA.
As a leading provider of recursive DNS services, CISCO has helped businesses of all sizes and industries securely connect to the Internet. CISCO has built a reputation for easy deployment and powerful protection no matter where users are located. To help organizations embrace direct Internet access, in addition toDNS layer security and interactive threat intelligence, Cisco Umbrella now includes the functionality from:- secure web gateway
- firewall in the cloud
- Cloud Access Security Broker (CASB),
- further integration with Cisco SD-WAN
Multiple security features in a single cloud security service
DNS layer security
Umbrella DNS Layer Security provides the fastest and easiest way to improve your security. It helps improve security visibility, detect compromised systems and protect your users on and off the network by stopping threats on any port or protocol before they reach your network or endpoints.Secure web gateway
Umbrella's secure web gateway logs and inspects web traffic for full visibility, URL and application controls, and malware protection. Use IPsec tunnels, PAC files or proxy chaining to forward traffic to our cloud-based proxy servers to enforce acceptable use policies and block advanced threats.
Firewall
The Umbrella firewall logs all activity and blocks unwanted traffic by IP, port and protocol rules. To forward traffic, simply set up an IPsec tunnel from any network device. As new tunnels are created, policies are automatically applied for easy configuration and consistent application across the board.
Which CISCO UMBRELLA solution best suits your business?
From Solutel we recommend the DNS Advantage solution, to cover most of the needs of the company profiles consulted.| DNS Essentials | DNS Advantage | GIS Essentials | SIG Advantage | |
| Block threats at the DNS layer across your enterprise in minutes without added latency | Get DNS protection plus additional web security and threat insights to speed up investigations | Deploy advanced security functions and simplify management with the most effective security in the industry | Unlock the highest levels of protection and control with advanced security functions like layer 7 firewall with IPS, DLP, and more |
|
| Licensing | By # of covered users | By # of covered users | By # of covered users | By # of covered users |
| Security & Controls | ||||
| DNS-layer security | ||||
| Block direct-to-IP traffic for C2 callbacks that bypass DNS 1 | ● | ● | ● | |
| Block domains for malware, phishing, botnet, and other high risk | ● | ● | ● | ● |
| Block domains from Cisco SecureX, direct integrations (Splunk, Anomali, & others) and custom lists using enforcement API |
● | ● | ● | ● |
| Secure web gateway (SWG) | ||||
| Proxy web traffic for inspection | Traffic associated with risky domains via selective proxy | All web traffic | All web traffic | |
| Decrypt and inspect SSL (HTTPS) traffic | With selective proxy | ● | ● | |
| Enable web filtering | By domain or domain category | By domain or domain category | By domain, URL, or category | By domain, URL, or category |
| Create custom block/allow lists | Of domains | Of domains | Of URLs | Of URLs |
| Block URLs based on Cisco Talos and other third party feeds, and block files based on AV engine and Cisco Advanced Malware Protection (AMP) data | With selective proxy | ● | ● | |
| Use retrospective security to identify previously- benign files that became malicious | ● | ● | ||
| DNS Essentials | DNS Advantage | GIS Essentials | SIG Advantage | |
| Security & Controls | ||||
| Remote browser isolation (RBI) | ||||
| Provide safe access to risky sites | Isolate Risky optional add-on | Isolate Risky optional add-on | ||
| Provide safe access to web apps | Isolate Web Apps optional add-on | Isolate Web Apps optional add-on | ||
| Provide safe access to any web destination | Isolate Any optional add-on | Isolate Any optional add-on | ||
| Cloud-delivered firewall | ||||
| Create layer 3/layer 4 policies to block specific IPs, ports, and protocols | ● | ● | ||
| Deepen protection for outbound traffic using application layer 7 policies with intrusion prevention system (IPS) | Optional add-on | ● | ||
| Use IPSec tunnel termination | ● | ● | ||
| Data loss prevention (DLP) | ||||
| Enable inline inspection of web and cloud app traffic for sensitive data | Optional add-on | ● | ||
| Cloud access security broker (CASB) | ||||
| Discover and block shadow IT with App Discovery report | By domain | By domain | By URL | By URL |
| Create policies with advanced app controls at the activity level (uploads, attachments, and posts) or tenant controls (corporate vs. personal) | ● | ● | ||
| Cloud malware detection | ||||
| Scan and remove malware from cloud-based file storage apps | 2 applications | All supported applications | ||
| DNS Essentials | DNS Advantage | GIS Essentials | SIG Advantage | |
| Security & Controls | ||||
| Umbrella Investigate | ||||
| Access Investigate's web console for interactive threat intel 6 | 5 logins | 5 logins | 5 logins | |
| Use the Investigate On-demand Enrichment API to enrich other tools/systems with domain, URL, IP, and file threat intelligence (2,000 requests/day) 6 | ● | ● | ● | |
| Integrate with SecureX to aggregate activity across Cisco and 3rd party products | Reporting & enforcement APIs | All APIs | All APIs | All APIs |
| Uncover malicious domains, IPs, ASNs and files to get the most complete view of an attackers' infrastructure, tactics, and techniques | ● | ● | ● | |
| Secure Malware Analytics | ||||
| Use Cisco Secure Malware Analytics Cloud (formerly Threat Grid) sandbox on suspicious files | 500 samples/day; simple verdict | Unlimited samples; detailed inspection | ||
| Secure Malware Analytics console access | 3 user | |||
| Interact with malware samples in glovebox | ● | |||
| Advanced search (samples, artifacts, registry, URLs, etc.) | ● | |||
| Traffic forwarding | ||||
| Forward external DNS for: - On-network protection via Cisco (SD-WAN, Meraki, ISR, & AnyConnect WLAN Controller) and third-party integrations (Cradlepoint, Aerohive, & others) - Off-network AnyConnect via Umbrella roaming client or Cisco Security Connector iOS app |
● | ● | ● | ● |
| Cisco AnyConnect client (license included) to deploy Umbrella module to forward traffic | ● | ● | ● | ● |
| Send outbound network traffic via IPsec tunnel, proxy chaining, or PAC files | ● | ● | ||
| DNS Essentials | DNS Advantage | GIS Essentials | SIG Advantage | |
| Security & Controls | ||||
| User attribution | ||||
| Create policies and view reports by network (egress IP), internal subnet 2 , network device (including VLAN & SSID) 3 , roaming device, and Active Directory group (including specific users) 4 | ● | ● | ● | ● |
| Create policies and view reports using SAML | ● | ● | ||
| Management | ||||
| Customize block pages and bypass options | ● | ● | ● | ● |
| Use our multi-org console to centrally manage decentralized orgs | ● | ● | ● | ● |
| Use our management API to create, read, update, and delete identities for child orgs | ● | ● | ● | ● |
| Reporting & logs | ||||
| Leverage real-time activity search and our reporting API to easily extract key events | ● | ● | ● | ● |
| Choose North America or Europe log storage | ● | ● | ● | ● |
| Use customer AWS S3 bucket to export and retain logs as long as needed, or a Cisco-managed S3 bucket to export and retain logs for 30 days 5 | ● | ● | ● | ● |
| Access domain request logs in our user interface (30 day-detail, 1yr-summary) | ● | ● | ● | ● |
| Access full URL logging and firewall logging in our user interface (30 days-detail) | ● | ● | ||
| DNS Essentials | DNS Advantage | GIS Essentials | SIG Advantage | |
| Security & Controls | ||||
| SecureX | ||||
| Optional no-charge product ID that initiates email notification regarding SecureX access and customer experience onboarding help 7 | ● | ● | ● | ● |
| Cisco Talos Incident Response (CTIR) | ||||
| Global incident response capability and proactive services: Service Level Objective of up to 4 hours by phone, 40 hours per year (Small) | Optional add-on | Optional add-on | Optional add-on | Optional add-on |
| Global incident response capability and proactive services: Service Level Objective of up to 4 hours by phone, 80 hours per year (Medium) | Optional add-on | Optional add-on | Optional add-on | Optional add-on |
| Global incident response capability and proactive services: Service Level Objective of up to 4 hours by phone, 120 hours per year (Large) | Optional add-on | Optional add-on | Optional add-on | Optional add-on |
| Support | ||||
| Enhanced - 24x7 technical + on-boarding | Required | Required | Required | Required |
| Premium - 24x7 technical, on-boarding, +Technical Account Manager (TAM) |
Optional add-on | Optional add-on | Optional add-on | Optional add-on |
| 1. Requires endpoint footprint (Umbrella roaming client, Chromebook client, or AnyConnect roaming module) 2. Internal IP attribution requires network footprint (our virtual appliance, not available in Professional package) or Meraki MR integration Cisco ISR integration, or Cisco ASA integration 3. Requires network device integration with Cisco Integrated Services Router (ISR) or Cisco Wireless LAN Controller 4. Active Directory (AD) policies and attribution requires Umbrella AD connector with network footprint (Umbrella virtual appliance) or endpoint footprint (Umbrella roaming client or AnyConnect roaming module) 5. No Amazon account required when using the Cisco-managed S3 bucket 6. MSSPs can purchase (and use): Investigate Console (licensed per analyst) Investigate Integration API (licensed per analyst) MSSPs cannot purchase the Investigate API Tier 1, 2, or 3 End customers can purchase Investigate Console (licensed per analyst) Investigate Integration API (licensed per analyst) Investigate API (Tier 1, 2, 3) (licensed per site) 7. SecureX is available with all Umbrella packages |
||||
| © 2022 Cisco and/or its affiliates. All rights reserved. Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this URL: www.cisco.com/go/trademarks. Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. 919338632 06/22 | ||||
Share this post
Publications
related
Cybersecurity
User protection Don’t let it keep you awake at night!
In today's hyper-connected world, we need a proactive and dynamic zero-trust security approach that adapts to the evolving threat landscape and the increasing complexity of modern IT environments without slowing down your organizational innovation. The user protection suite that Solutel provides, as an expert in cybersecurity solutions, protects against all...
Cybersecurity
Why is observability important in cybersecurity? Splunk and CISCO
In today's hyper-connected world, data is everywhere and all organizations rely on it to manage their business and make critical decisions every day. Factor in the acceleration and adoption of generative AI, expanding threat surfaces and multiple cloud environments, and you create a level of complexity unlike anything organizations have faced....
Cybersecurity
Cisco XDR helps quickly detect advanced cyberthreats and automate response
With unique visibility across the network and endpoints, Cisco XDR Extended Detection and Response simplifies security operations and prioritizes and corrects incidents more efficiently. San Francisco (RSA Conference), April 25, 2023. - Cisco has presented during the RSA event its new Extended Detection and Response (XDR) solution and advanced features for...
Cybersecurity
Cisco Secure Firewall 3100 series
The 3100 Series firewalls are designed to make hybrid work and zero trust practical. They support more remote users and increase VPN performance. Clustering and the flexibility of high port density allow the firewall to grow with you, ensuring a solid return on investment. The Cisco Secure Firewall 3100 Series is...
