Cisco Umbrella is the first line of defence against threats on the internet. Because Umbrella is delivered from the cloud, it is the easiest way to protect all of your users, both on and off the network, in minutes.
Content filtering or security?
When people think of content filtering, they think of blocking things like:
- Social media
This can put people off – some businesses don’t feel they should be restricting their staff from a little downtime. For other customers this can be crucial – Social media can be a source of data exfiltration so if there are regulatory requirements for protecting your data this can help.
Content filtering is also a security mechanism though – swap out the above list for:
- Command and Control Callbacks
Now you have a list that every organisation should want to protect themselves from.
How does DNS content filtering work?
DNS is like the address book of the Internet. Computers use numbers, not names, so if you want to go to alwaysnetworks.co.uk, the computer translates that to a number by asking the Domain Name Service.
Cisco have a research team called Talos. It is one of the largest commercial threat intelligence teams in the world, comprised of world-class researchers, analysts and engineers.
These people (and systems!) analyse Internet traffic all day every day, and all the intelligence they gather feeds in to Cisco Umbrella to make sure it has the most up to date and comprehensive database.
Every time you make a DNS request – your computer needs to look up a name to an IP (and this happens thousands of times per day) – Cisco Umbrella checks what you’re asking for against the Talos intelligence and decides if it should be allowed by the policy you have configured. This policy has 3 main components:
- Security Settings – this is the security side of Cisco Umbrella, and has a number of options including:
- Command and Control Callbacks
- Newly seen domains (often used in attacks)
- Content Categories – this is the content filtering, you can choose what is acceptable for your organisation from 100 categories, including things like:
- Photo Sharing
- Social Networking
- Destination Lists – these are your overrides, you have a manual block list and a manual allow list for things you want to get specific about.
When we say it can be deployed in minutes, it really can be as simple as that. To protect your network, you simply change your DNS settings to point to the OpenDNS servers, and configure your public IP in the Umbrella cloud.
If you have local DNS servers, that’s no problem – in fact it’s even easier, you just change the upstream recursion servers.
With today’s very agile and mobile workforce, this isn’t enough though. People will often be working off site: from home, customer locations, cafe’s. That’s why there are multiple client options.
There is lots of detail in the deployment guide. Here are the highlights.
The Cisco Umbrella Roaming Client
The first option is the Cisco Umbrella Roaming Client. This is available for Windows or macOS. It’s simple to install and set up – it literally takes a few minutes. After it’s installed, that’s it – your machine is protected wherever it goes. There are also options for deploying it centrally using multiple software distribution systems which are great for larger scale deployments.
The AnyConnect Umbrella Roaming Security Module
Another option, for clients who already use Cisco AnyConnect, is simply to add a profile to AnyConnect. This will allow AnyConnect to secure your device regardless of whether it is on the VPN or not.
Apple Mobile Devices
Apple support has been around for a long time. It is deployed through an MDM (Mobile Device Management) tool, using the Cisco Security Connector app. Once installed, it protects your mobile device by ensuring all DNS requests go through the Umbrella cloud.
Android Mobile Devices
Most recently, support has been added for Cisco Umbrella on Android devices. Again, this is deployed via an MDM, but this time uses the Cisco AnyConnect Android app (you don’t need an AnyConnect license to use it though). It can be configured to only protect the “work profile”, or the whole device – depending on your requirements. We have tested this deployment using Microsoft InTune and Meraki Systems Manager, and both work really well.
The Cisco Umbrella Chromebook client Extension and App can be used to protect Chromebooks too in the same manner.
By putting an Umbrella API key in, Umbrella can also be integrated in multiple network devices, such as Cisco Meraki, ISR 4k’s, ISR 1100’s, Wireless LAN Controllers, Viptella, RV Series Routers, Catalyst 9k’s and ASA’s. With so many simple deployment options, it really is easy to get going and simple to protect your users.
Want to give it a go?
Always Networks are a Cisco certified Cloud and Managed Services Provider with plenty of experience with Umbrella. We can arrange for you to have a no-obligation 21 day free trial, and we’ll walk you through the set up so that your users can quite literally be protected in minutes. Contact us today to get going!