Cisco Umbrella cloud service shapes security for cloud, mobile resources

Cisco’s Umbrella service brings together several the company’s acquired technologies and its own to protect resources


In these days of always-on, but zero trust enterprise applications, concerns over how to keep the bad guys out 24-7 is a huge IT challenge.

In an attempt to address such anxieties Cisco today announced Umbrella, a secure, cloud-based gateway, based on technology from OpenDNS and other technologies it acquired such as CloudLock as well as existing Cisco security services that together ultimately promises to offer secure business access to resources even when users are not using the safety of a VPN.

+More on Network World: Cisco amps-up Tetration platform with better security, reduced footprint, AWS cloud option+

Cisco bought Internet security service provider OpenDNS for $635 million in cash in 2015. OpenDNS offers a cloud service that prevents customers from connecting to dangerous Internet IP addresses, such as those known to be associated with criminal activity, botnets and malicious downloads. Cisco has used the Umbrella name for its services in the past.

Organizations are struggling to protect themselves in the current environment, wrote Brian Roddy, Cisco’s engineering executive, Cloud Security in announcing Umbrella. “Most rely heavily on virtual private network (VPN) usage. But according to IDG, 82% of mobile workers admit that they don't always use the VPN. Others depend on premise secure web gateway solutions and an array of associated agents, creating complexity and latency,” Roddy stated. “The unprecedented growth of SaaS apps looks set to continue with Gartner predicting that SaaS usage will increase 70% by 2018. Because of this, more branch offices are connecting directly to the internet, bypassing protections offered by the corporate network. This new way of working, while great for productivity and flexibility, means that a large population of users aren't protected by traditional network and web security controls offered on the corporate network. It also leaves organizations without visibility into threats targeting a significant portion of their enterprise.”

Cisco describes Umbrella as a cloud-delivered secure internet gateway, that stops current and emergent threats over all ports and protocols. It blocks access to malicious domains, URLs, IPs, and files before a connection is ever established or a file downloaded.

+More on Network World: Cisco Talos: Spam at levels not seen since 2010+

“By performing everything in the cloud, there is no hardware to install, and no software to manually update. Organizations can provide protection for all devices in minutes and leverage their existing Cisco investments -- including AnyConnect client, Integrated Services Router 4K Series, and wireless LAN controllers -- to easily point Internet traffic to Umbrella whether on or off the corporate network,” Roddy stated.

According to Cisco, Umbrella:

  • Provides the visibility needed to protect Internet access across all devices on a network, all office locations, and roaming users. By combining Umbrella with Cisco Cloudlock's Cloud Access Security Broker technology, Cisco lets organizations identify which SaaS apps are being used and enforce policies to block risky or inappropriate apps.
  • Can stop attacks before they launch: Umbrella resolves over 100 billion internet requests every day and correlates this live data with over 11 billion historical events. This is analyzed to identify patterns, detect anomalies, and create models to uncover attacker infrastructure being staged for the next threat.
  • Uses existing Cisco Security tools including machine learning to uncover known and emergent threats, blocking connections to malicious destinations at the DNS and IP layers; For example, Cisco Talos threat intelligence to block malicious URLs at the HTTP/S layer; and Cisco Advanced Malware Protection (AMP) detects malicious files and block them in the cloud. Cisco garnered AMP technologies from its $2.7 billion purchase of Sourcefire in 2013.
  • Can integrate with existing systems, including security appliances, intelligence platforms or feeds, and custom, in-house tools which lets users extend protection for devices and locations beyond the perimeter.

Copyright © 2017 IDG Communications, Inc.

The 10 most powerful companies in enterprise networking 2022