CISCO UMBRELLA. Licensing. CISCO security in the cloud.

Cisco Umbrella is the answer to your cloud security challenges. Cisco Umbrella helps protect your users' Internet access whether they are connecting from your head office, branch offices or roaming. Your systems will be secure anytime, anywhere thanks to protection against malicious Internet addresses. Umbrella acts as a security layer for Internet access and offers deep inspection and control to support security compliance and provide effective protection against threats. Backed by Cisco Talos, one of the world's largest threat intelligence teams, Cisco Umbrella presents threats for better investigation and response. Delivered from the cloud with 100% uptime, Cisco Umbrella provides visibility to protect users anywhere in an up-to-the-minute manner.

Cisco Umbrella is security that adapts to the way we work today:

Protection for Remote and Roaming Users: Your users work from many locations and devices. They no longer need VPN to get the job done: they use cloud applications, many of which have not been vetted by IT. What if you had a quick and easy way to protect users and enforce acceptable use policies? Cyber Threat Protection: Threats continue to increase in sophistication, and the costs of cybercrime continue to rise. But attackers often reuse the same infrastructure in multiple attacks, leaving cyber fingerprints. What if you could use those fingerprints to discover attacks before they are launched? As a cybersecurity manager, your goal is to reduce the time to detect and defend against malware. But with all your security devices, is your network more secure? Are you still flooded with infections? Your security team needs better intelligence, to be fast and to have solutions that are flexible, integrated and easy to deploy and manage.

The evolution of CISCO UMBRELLA.

As a leading provider of recursive DNS services, CISCO has helped businesses of all sizes and industries securely connect to the Internet. CISCO has built a reputation for easy deployment and powerful protection no matter where users are located. To help organizations embrace direct Internet access, in addition toDNS layer security and interactive threat intelligence, Cisco Umbrella now includes the functionality from:
  • secure web gateway
  • firewall in the cloud
  • Cloud Access Security Broker (CASB),
  • further integration with Cisco SD-WAN

Multiple security features in a single cloud security service

DNS layer security

Umbrella DNS Layer Security provides the fastest and easiest way to improve your security. It helps improve security visibility, detect compromised systems and protect your users on and off the network by stopping threats on any port or protocol before they reach your network or endpoints.

Secure web gateway

Umbrella's secure web gateway logs and inspects web traffic for full visibility, URL and application controls, and malware protection. Use IPsec tunnels, PAC files or proxy chaining to forward traffic to our cloud-based proxy servers to enforce acceptable use policies and block advanced threats.


The Umbrella firewall logs all activity and blocks unwanted traffic by IP, port and protocol rules. To forward traffic, simply set up an IPsec tunnel from any network device. As new tunnels are created, policies are automatically applied for easy configuration and consistent application across the board.

Which CISCO UMBRELLA solution best suits your business?

From Solutel we recommend the DNS Advantage solution, to cover most of the needs of the company profiles consulted.  
DNS Essentials DNS Advantage GIS Essentials SIG Advantage
Block threats at the DNS layer across your enterprise in minutes without added latency Get DNS protection plus additional web security and threat insights to speed up investigations Deploy advanced security functions and simplify management with the most effective security in the industry Unlock the highest levels of protection and control with advanced security functions
like layer 7 firewall with IPS, DLP, and more
Licensing By # of covered users By # of covered users By # of covered users By # of covered users
Security & Controls
DNS-layer security
Block direct-to-IP traffic for C2 callbacks that bypass DNS 1
Block domains for malware, phishing, botnet, and other high risk
Block domains from Cisco SecureX, direct integrations
(Splunk, Anomali, & others) and custom lists using enforcement API
Secure web gateway (SWG)
Proxy web traffic for inspection Traffic associated with risky domains via selective proxy All web traffic All web traffic
Decrypt and inspect SSL (HTTPS) traffic With selective proxy
Enable web filtering By domain or domain category By domain or domain category By domain, URL, or category By domain, URL, or category
Create custom block/allow lists Of domains Of domains Of URLs Of URLs
Block URLs based on Cisco Talos and other third party feeds, and block files based on AV engine and Cisco Advanced Malware Protection (AMP) data With selective proxy
Use retrospective security to identify previously- benign files that became malicious
DNS Essentials DNS Advantage GIS Essentials SIG Advantage
Security & Controls
Remote browser isolation (RBI)
Provide safe access to risky sites Isolate Risky optional add-on Isolate Risky optional add-on
Provide safe access to web apps Isolate Web Apps optional add-on Isolate Web Apps optional add-on
Provide safe access to any web destination Isolate Any optional add-on Isolate Any optional add-on
Cloud-delivered firewall
Create layer 3/layer 4 policies to block specific IPs, ports, and protocols
Deepen protection for outbound traffic using application layer 7 policies with intrusion prevention system (IPS) Optional add-on
Use IPSec tunnel termination
Data loss prevention (DLP)
Enable inline inspection of web and cloud app traffic for sensitive data Optional add-on
Cloud access security broker (CASB)
Discover and block shadow IT with App Discovery report By domain By domain By URL By URL
Create policies with advanced app controls at the activity level (uploads, attachments, and posts) or tenant controls (corporate vs. personal)
Cloud malware detection
Scan and remove malware from cloud-based file storage apps 2 applications All supported applications
  DNS Essentials DNS Advantage GIS Essentials SIG Advantage
Security & Controls
Umbrella Investigate
Access Investigate's web console for interactive threat intel 6 5 logins 5 logins 5 logins
Use the Investigate On-demand Enrichment API to enrich other tools/systems with domain, URL, IP, and file threat intelligence (2,000 requests/day) 6
Integrate with SecureX to aggregate activity across Cisco and 3rd party products Reporting & enforcement APIs All APIs All APIs All APIs
Uncover malicious domains, IPs, ASNs and files to get the most complete view of an attackers' infrastructure, tactics, and techniques
Secure Malware Analytics
Use Cisco Secure Malware Analytics Cloud (formerly Threat Grid) sandbox on suspicious files 500 samples/day; simple verdict Unlimited samples; detailed inspection
Secure Malware Analytics console access 3 user
Interact with malware samples in glovebox
Advanced search (samples, artifacts, registry, URLs, etc.)
Traffic forwarding
Forward external DNS for:
- On-network protection via Cisco (SD-WAN, Meraki, ISR, & AnyConnect WLAN Controller) and third-party integrations (Cradlepoint, Aerohive, & others)
- Off-network AnyConnect via Umbrella roaming
client or Cisco Security Connector iOS app
Cisco AnyConnect client (license included) to deploy Umbrella module to forward traffic
Send outbound network traffic via IPsec tunnel, proxy chaining, or PAC files
DNS Essentials DNS Advantage GIS Essentials SIG Advantage
Security & Controls
User attribution
Create policies and view reports by network (egress IP), internal subnet 2 , network device (including VLAN & SSID) 3 , roaming device, and Active Directory group (including specific users) 4
Create policies and view reports using SAML
Customize block pages and bypass options
Use our multi-org console to centrally manage decentralized orgs
Use our management API to create, read, update, and delete identities for child orgs
Reporting & logs
Leverage real-time activity search and our reporting API to easily extract key events
Choose North America or Europe log storage
Use customer AWS S3 bucket to export and retain logs as long as needed, or a Cisco-managed S3 bucket to export and retain logs for 30 days 5
Access domain request logs in our user interface (30 day-detail, 1yr-summary)
Access full URL logging and firewall logging in our user interface (30 days-detail)
DNS Essentials DNS Advantage GIS Essentials SIG Advantage
Security & Controls
Optional no-charge product ID that initiates email notification regarding SecureX access and customer experience onboarding help 7
Cisco Talos Incident Response (CTIR)
Global incident response capability and proactive services: Service Level Objective of up to 4 hours by phone, 40 hours per year (Small) Optional add-on Optional add-on Optional add-on Optional add-on
Global incident response capability and proactive services: Service Level Objective of up to 4 hours by phone, 80 hours per year (Medium) Optional add-on Optional add-on Optional add-on Optional add-on
Global incident response capability and proactive services: Service Level Objective of up to 4 hours by phone, 120 hours per year (Large) Optional add-on Optional add-on Optional add-on Optional add-on
Enhanced - 24x7 technical + on-boarding Required Required Required Required
Premium - 24x7 technical, on-boarding,
+Technical Account Manager (TAM)
Optional add-on Optional add-on Optional add-on Optional add-on
1. Requires endpoint footprint (Umbrella roaming client, Chromebook client, or AnyConnect roaming module)
2. Internal IP attribution requires network footprint (our virtual appliance, not available in Professional package) or Meraki MR integration Cisco ISR integration, or Cisco ASA integration
3. Requires network device integration with Cisco Integrated Services Router (ISR) or Cisco Wireless LAN Controller
4. Active Directory (AD) policies and attribution requires Umbrella AD connector with network footprint (Umbrella virtual appliance) or endpoint footprint (Umbrella roaming client or AnyConnect roaming module)
5. No Amazon account required when using the Cisco-managed S3 bucket
6. MSSPs can purchase (and use):
Investigate Console (licensed per analyst) Investigate Integration API (licensed per analyst)
MSSPs cannot purchase the Investigate API Tier 1, 2, or 3 End customers can purchase
Investigate Console (licensed per analyst) Investigate Integration API (licensed per analyst) Investigate API (Tier 1, 2, 3) (licensed per site)
7. SecureX is available with all Umbrella packages
© 2022 Cisco and/or its affiliates. All rights reserved. Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this URL: Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. 919338632 06/22

Share this post