IT Security Teams Gain Threat Intelligence
Umbrella also lets agencies leverage threat intelligence from Cisco Talos, one of the largest commercial threat intelligence teams in the world. With Talos, Umbrella is able to block a huge array of malicious domains and IPs, plus links and files being used in attacks.
Incident response is another way Umbrella can help agencies bolster network security. Immediate access to actionable intelligence is key to fast incident response, which can lag when security teams don’t have enough information.
Umbrella eliminates this problem by categorizing and retaining all internet activity. This capability simplifies the investigations process IT security teams often undertake to determine attack vectors and create vulnerability maps.
The Umbrella Investigate console provides the context that properly prioritizes incidents, leading to faster incident response times. As a result, security operations centers improve their ability to detect and remediate threats faster, particularly through the added use of Cisco Threat Response. This further automates integrations across Cisco security products and aggregates Umbrella intelligence with other sources.
With technology like Cisco Umbrella, agencies can mitigate those threats by adding layers of security to protect both office workers and telecommuters.
Agencies Get a Tool to Defeat Phishing Attacks
Cisco Umbrella is a cloud-native platform that enforces security at the DNS and IP layers built into the foundation of the internet. As a result, Umbrella is able to block requests made to malware, ransomware, phishing, botnet and malicious command-and-control servers.
The block happens well before a connection is even established by the user device. This can help agencies stop threats over any port or protocol before they reach agency networks or endpoints.
Paired with Cisco’s selective proxy, agencies will receive deeper inspection of URLs and files looking for risky domains, while anti-virus engines and Cisco Advanced Malware Protection shut down threats. Umbrella even blocks direct IP connections from command-and-control callbacks for roaming users.
Umbrella also provides visibility into sanctioned and unsanctioned cloud services across an enterprise. This lets agencies uncover new services that are being activated and gain insights into who is using them. This can help identify potential risks and block specific applications easily. Umbrella also has a highly resilient network environment that boasts 100 percent uptime since 2006.
Last but not least, features such as Anycast routing let any of Cisco’s 30 or more data centers across the globe provide security services using a single IP address, so that requests are transparent and sent to the nearest, fastest data center.
This also provides strong and automatic failover as Umbrella collaborates with more than 900 of the world’s top internet service providers along with content delivery networks and Software as a Service platforms.
All of that equates to a critical speed boost for network defenders looking to enhance their efforts discovering and remediating threats either on normal days or when a crisis begins to stress operations.
Cisco Umbrella
Product Type: Software as a Service
On-network: Connects to any network device
Off-network: For laptops using Windows, macOS, Chrome; Apple devices iOS 11.3 or higher
Recommended Topology: Cisco AnyConnect, Cisco routers (ISR 1000, 4000 series), Cisco Wireless LAN Controllers and Meraki MR/MX