Cisco Umbrella: the first line of defence against cyberattacks

The modern business world has changed dramatically in the wake of the pandemic. Many companies have moved to a remote working format. While this is convenient for employees, it also creates new risks, as home offices often do not have the same level of cyber protection as corporate networks. In addition, as technology evolves, cyberattacks are becoming more complex and insidious. Organisations need advanced security solutions to protect against them.

Today, enterprise security doesn't start in the office, it starts at the user's first interaction with the Internet. Cisco Umbrella is an advanced cloud security solution that takes a layered approach to protection. It provides DNS filtering, blocks phishing attempts and malicious websites, and protects against zero-day attacks, creating a robust cyber defence in the cloud.

Modern cyber threats and their evolution

Cybercrime has evolved significantly today. Whereas companies used to deal mainly with ordinary viruses, they now face more complex threats, such as malware, ransomware, denial-of-service attacks (DDoS), phishing campaigns, and zero-day exploits that exploit unknown vulnerabilities in systems. Modern hackers are no longer limited to simple methods - they are actively using artificial intelligence to automate attacks, social engineering techniques to deceive users, and special mechanisms to help bypass traditional antivirus solutions. All of this means that companies need more than just basic threat protection - they need modern, multi-layered approaches that can withstand new, sophisticated threats.

Why traditional antivirus solutions do not provide complete protection

Antivirus software usually works by looking for known threats - it uses signatures, which are the 'fingerprints' of viruses and malware that have been detected before. The problem is that new, unknown threats can easily evade this protection because their signatures are simply not yet in the databases. In addition, many organisations still rely on outdated VPN solutions to provide secure access to corporate resources. However, such systems often create network bottlenecks that slow down operations and cannot provide reliable protection in today's environment where employees work in hybrid or distributed environments (i.e. from different locations, devices and networks). That's why organisations need a more modern cyber defence strategy that is proactive, flexible and cloud-based, enabling them to respond quickly to new threats rather than waiting for them to appear in antivirus databases.

Cisco Umbrella as an effective tool to prevent cyber threats at the DNS level

Cisco Umbrella is a state-of-the-art DNS-layer security solution that blocks suspicious Internet traffic before it even connects, acting as a first line of defence and minimising risk to the organisation. But its capabilities don't stop there. Cisco Umbrella is much more than DNS protection. It combines multiple functions in a single cloud service: a secure web gateway, a firewall, a Cloud Access Security Broker (CASB), and integration with Cisco SD-WAN. This enables organisations to confidently deliver secure direct Internet access to employees wherever they work - in the office, at home, or in remote locations. Simple deployment, strong security, and interactive threat intelligence make Cisco Umbrella a trusted choice for organisations of all sizes and industries.

How does Cisco Umbrella work?

• DNS Filtering as the First Layer of Defence. Cisco Umbrella uses DNS-layer security - protection at the DNS lookup level - to stop threats before a computer or device makes an insecure connection. This means suspicious domains, IP addresses, and cloud applications are blocked at the outset, providing a first line of defence. This approach reduces malware infections and offloads other defences. And with Cisco's global infrastructure, Umbrella not only protects Internet connections but also speeds them up.

• Artificial Intelligence and Threat Analysis. Cisco Umbrella goes beyond simple filtering. More than 300 Cisco Talos experts, along with powerful statistical models and machine learning algorithms, analyse millions of queries every day. This helps identify new and unknown threats, including zero-day attacks, phishing, and botnets. In addition, the Umbrella Investigate console provides advanced threat context to speed incident investigation.

• Deeper verification through proxies. If Umbrella detects that a request is potentially risky, it redirects it to a selective proxy. This allows deeper analysis of a URL or file without impacting network performance.

• Integration with Other Cisco Solutions. Umbrella integrates seamlessly with other Cisco products, including SecureX, Firepower, Meraki, and SD-WAN. This creates a unified security ecosystem where all components share data and coordinate threat response.

• Secure Remote Workers and Mobile Devices. Cisco Umbrella works inside and outside the corporate network. Even if an employee turns off the VPN or works from a mobile phone in a coffee shop, Umbrella or integration with Cisco Secure Client provides protection. Special apps and extensions for Android and iOS prevent users from accessing malicious sites, even over the mobile Internet or public Wi-Fi.

• Quick deployment without complications. Another benefit is the ease of deployment. Cisco Umbrella requires no special hardware or complex software. Simply redirect DNS requests from devices or the network to Umbrella, and protection is activated. This allows organisations to quickly implement a new level of security without incurring unnecessary operational costs.

Key features of Cisco Umbrella

DNS Security

Provides multi-layered protection at the DNS layer by blocking access to malicious domains, IP addresses, URLs, and cloud applications before a connection is made, significantly reducing the risk of infection. Cisco Umbrella leverages the Internet infrastructure to stop threats in their tracks - across all ports and protocols - by preventing malware downloads, phishing, botnets, and command-and-control connections.

Umbrella's cloud-based architecture enables rapid deployment with no hardware or software updates, and improves network performance with anycast routing that routes requests to the fastest available data centres. Advanced features such as Intelligent Proxy for deeper inspection of high-risk domains and cloud application usage control provide complete visibility and flexible risk management.

In addition to protecting devices on the corporate network, Umbrella integrates with Cisco AnyConnect to protect remote laptops, mobile devices, and offices, even when the VPN is off. In addition, Umbrella uses advanced analytics, machine learning, and Cisco Talos to detect new attacks, and Umbrella Investigate provides deep context for rapid incident response.

Secure Web Gateway

Protects users outside the corporate network with in-depth analysis of HTTPS/HTTP traffic. Cisco Umbrella's Secure Web Gateway (SWG) is a cloud-based, full-featured proxy solution that provides complete visibility, in-depth inspection, and control of web traffic. SWG provides decryption, virus and malware scanning, sandboxing to analyse suspicious files, and content and application activity management.

This functionality is a key part of the Security Service Edge (SSE) architecture, which can be extended to the Secure Access Service Edge (SASE) over SD-WAN. This approach enables organisations to securely and efficiently connect hybrid and remote workplaces without complex on-premises setups.

Using a simple web-based interface, administrators can quickly configure access rules, perform content filtering and monitor web application usage, improving security and network performance. As enterprises move to direct access to the Internet and cloud proxies, Cisco Umbrella Security Gateway (SWG) is becoming a universal security solution for the modern enterprise.

Cloud-delivered firewall

Provides control and visibility of all traffic originating from client requests to the Internet, including all ports and protocols. The Cisco Umbrella Cloud-delivered Firewall combines the capabilities of a Layer 3/4 firewall (controlling IP, ports, and protocols), a Layer 7 firewall (detecting and managing approximately 2,800+ non-Web applications such as Microsoft Teams, WebEx, Google Hangouts), and a SNORT 3-based intrusion prevention system (IPS) that scans traffic for known vulnerabilities using more than 40,000 signatures from Cisco Talos.

A key feature is the ability to securely and efficiently route traffic through an IPSec tunnel without the need to install hardware solutions in each office or remote location. This is particularly important for organisations using Direct Internet Access (DIA) to improve productivity, as it provides centralised protection for roaming users and remote offices.

Main functions:

• Block unwanted traffic based on IP, port, protocol and application type.
• Advanced application control (Layer 7): Allows or blocks specific services, including video and voice traffic (e.g. block MS Teams video calls but allow WebEx).
• Intrusion Prevention System (IPS): Protects against malware, exploits, botnets, phishing, command centres and callbacks, ensuring compliance.
• Logging and auditing: All activity is recorded to analyse security events and demonstrate compliance.
• Scalability and Reliability: Cisco Umbrella's anycast architecture ensures high availability and automatic switching between data centres for planned and unplanned events.

Cloud-delivered firewall is a key element of Cisco Umbrella that works with other platform components (DNS-layer security, Secure Web Gateway, Cloud Access Security Broker, etc.) to enable enterprises to deliver comprehensive security from a single cloud platform. The role of this component will only increase in the future with the growth of mobile applications and non-web traffic.

Threat Intelligence

Provides real-time threat intelligence through integration with Cisco Talos, the world's leading cyber defence and threat intelligence centre. Cisco Talos is the largest non-governmental cyber threat intelligence organisation and provides Umbrella with powerful statistical models, machine learning algorithms, and large volumes of threat data.

Umbrella uses these insights to create a comprehensive view of threats, enabling it to more effectively detect malicious activity and predict future attacks. By integrating with Talos, Umbrella is able to respond immediately to new and emerging threats, blocking them at an early stage and ensuring that defences are continually updated.

Main possibilities:

• Real-time threat intelligence: powered by Talos analytics, Umbrella blocks malicious activity, improving the effectiveness of cyber defence.
• Constant updates: Talos regularly provides new signatures and updates for Cisco products, helping organisations stay ahead of attackers.
• Monitor 30 billion events daily: Talos blocks up to 270 million IP addresses and URLs daily, processing 2,000 malware samples per minute.
• Proactive protection: Using machine learning algorithms, Talos helps Umbrella anticipate threats and attack potentially dangerous traffic before it occurs.

Cisco Talos and Umbrella provide effective protection that can adapt to new threats in real time, enabling organisations to not only respond to current attacks but also prevent future incidents.

Zero Trust Network Access (ZTNA)

Enables you to implement the Zero Trust security model, where every request for resources is subject to mandatory authentication and authorisation, regardless of the location of the user or device. ZTNA is based on the principle of "trust no one by default", which means it eliminates any trust within the network by granting access only based on verified identity and context (e.g. device, location, time of request, device security status).

Key features:

• Per-access control: Access is not granted to the entire network, but only to specific applications or resources according to policy.
• Reduce attack surface: restrict movement within the network, even if an account or device is compromised.
• Protect data, networks and applications: Comprehensive user and contextual auditing evaluates each request individually.
• Flexibility for remote and hybrid teams: secure access from anywhere without the need for a VPN, simplifying operations and reducing risk.

Zero Trust helps you build a modern cybersecurity architecture that meets the new challenges of cloud services, mobile users, and the growing number of attacks.

Compare Cisco Umbrella with other cybersecurity solutions

Who is Cisco Umbrella for?

• Small and medium-sized businesses (SMBs). With easy deployment, automatic updates, and minimal IT staffing requirements, Cisco Umbrella is ideal for businesses that want a strong level of protection without a large investment in complex solutions. It enables SMBs to quickly strengthen their cybersecurity by protecting both the office network and remote workers.
• Enterprises. Scalable to meet the needs of large organisations with thousands of users, Cisco Umbrella provides centralised control, monitoring, and management of access policies. Its cloud-based architecture makes it easy to integrate into multi-cloud and hybrid environments, cover complex network structures, and protect corporate assets around the world.
• Organisations with remote workers. Umbrella provides reliable protection for employees connecting from anywhere in the world, without the need to deploy a complex VPN infrastructure. It's an effective alternative to traditional security solutions, providing continuous monitoring, malicious traffic filtering and attack prevention, even when employees are using personal devices or home networks.
• Industry and institutions. Banking, education, healthcare, and government organisations can use Cisco Umbrella to meet regulatory requirements, improve data security, and reduce the risk of cyberattacks.

Real use cases

Frederick Health: Strengthening Cybersecurity and Patient Trust with Cisco SASE Solution

Frederick Health, a leading healthcare provider in Maryland, implemented a Secure Access Service Edge (SASE) approach with Cisco Umbrella, Secure Email, and SecureX to strengthen cybersecurity and access policy management. By moving to Direct Internet Access (DIA) with full proxy protection, the organisation was able to reduce the number of alerts from anti-virus and IPS solutions by more than 50%, gain full control over web traffic and individual applications (Layer 7 firewall), and ensure data protection under HIPAA requirements. This solution helped to reduce risk, improve the efficiency of threat management and increase patient confidence in the security of their personal information.

DiGi strengthens cyber defences for SMBs with Cisco Umbrella

Malaysian telecommunications operator DiGi Telecommunications has deployed Cisco Umbrella Mobile Protect to provide its micro, small, and medium-sized business customers with secure connectivity to the DiGi network. The cloud-based cybersecurity solution, which requires no software to be installed on users' devices, provides DiGi with continuous protection for mobile devices against malware, ransomware and phishing. The solution was quickly deployed and provides a secure and seamless experience for end users, enabling small businesses to protect their data without adding complexity.

Marriott: Securing Guest Networks with Cisco Umbrella

Marriott International, the world's largest hotel chain, has deployed Cisco Umbrella in nearly 5,000 hotels in the United States and Canada to block malicious websites and access to sensitive content on guest networks. Through a partnership with Cisco and the UK-based non-profit Internet Watch Foundation (IWF), Marriott is using DNS filtering, web filtering and SafeSearch to ensure guests do not visit illegal sites. The pilot, which began in six hotels, has been expanded across the network and is being rolled out globally. This solution helps Marriott to proactively protect human rights and prevent the re-victimisation of survivors of violence.

Basic setup steps:

1. Register and Create an Account in Cisco Umbrella Dashboard. To get started, you need to register for an account and log in to the Cisco Umbrella Dashboard, which gives you access to all the system's features and settings.
2. Configure DNS filtering policies. Create and configure DNS policies to filter traffic and protect against unwanted or malicious requests.
3. Integrate with Active Directory (optional). You can integrate Cisco Umbrella with Active Directory or other systems, such as Okta or Microsoft Entra ID, to manage identities and enforce access policies.
4. Deploy client agents to user devices. Install and configure Cisco Umbrella client agents on mobile devices and computers for roaming security.
5. Integrate with existing security solutions. Connect Cisco Umbrella to other security systems, such as Cisco Meraki, Firepower, SIEM, to create a single security control and monitoring hub.
6. Trial and evaluation. Cisco offers a free trial that allows organisations to test the effectiveness of the system in a real-world environment before deciding to deploy.

Conclusion

Cisco Umbrella is not just a DNS filtering tool, but a full cloud security platform that provides multi-layered protection: from malware, phishing, to the Zero Trust security model. It becomes the first line of defence in cybersecurity, protecting the corporate network, remote workers and endpoints.

If you are looking for an effective way to improve enterprise security, reduce DDoS attacks, and mitigate threats such as malware and ransomware, you should evaluate Cisco Umbrella today.

Contact our experts for a consultation or to set up an evaluation of Cisco Umbrella.