Threat Intelligence: Protection Anywhere

Cloud Data Management

Gathering intelligence on advanced attacks that hit your networks is vital, but it’s not enough. Cisco Umbrella gives you the power to block newly-detected threats beyond the network perimeter, everywhere your employees work. Security vendors such as Cisco, FireEye, and Check Point provide appliances to analyze and detect advanced malware and examine network traffic patterns to identify infected network security. 

While these appliances offer great visibility within your corporate network environment, they cannot block newly-detected threats for employees working off the corporate network. Through integration partnerships, Cisco Umbrella extends and enforces the local intelligence from your existing security stack to protect your employees, whether they’re working on or off the corporate network.

Most security integrations involve custom development and many hours of professional services. Not with Umbrella. In minutes, your local intelligence about malicious domains is extended beyond your perimeter.

Your Challenge: Not Every Employee Is Protected

Cisco Umbrella
Today, employees work from many locations, across multiple devices, and they are increasingly using public cloud services. Your organization’s intellectual property or customer information will inevitably be accessed from unmanaged network locations. Can you count on all your roaming employees to always turn on their VPN while they are using Salesforce or Box? Maybe not.

If VPNs are not always on, the only remaining defense from advanced attacks is traditional endpoint antivirus. Attackers increasingly target the weak link between roaming employees and the corporate network.

To close the gap, could we free the intelligence that advanced threat defenses gather and locally silo at the perimeter and extend it to all endpoints? Yes, but it might require a high level of effort. First, relying on manual processes is no longer effective.

Automation is critical to block newly-detected threats on endpoints. Second, it is very difficult to deploy a layer of security enforcement that prevents internet connections in real-time. Often, such inline blocking capabilities will slow down or disrupt internet connectivity and applications.

If this happens, employees will find a way around your security controls. Yet, if both web and non-web communications can be blocked, an attack’s initial malware infection and subsequent botnet callback can be stopped.

Our Solution: Enforce Our Partners’ Intelligence Everywhere

Cloud Storage

Our partners gather powerful real-time intelligence about newly-detected threats hitting your corporate network. Umbrella makes sure that intelligence protects your employees everywhere they work.

Cloud Security Platform:
Cisco Umbrella provides the first line of defense against threats on the internet wherever users go. The cloud based- delivered security service is powered by our global intelligence to automate protection against known and emergent threats.

Now, we have added an API designed for partners and practitioners. Umbrella’s API automatically validates and globally enforces local intelligence gathered from multiple sources (e.g. appliances, endpoints, feeds). The Umbrella API is available as part of the Umbrella Platform package.

Umbrella’s Partner Ecosystem:
Umbrella integrates with security controls from market leaders and innovative startups to ensure our customers get the most out of their existing security stack. These security controls offer advanced threat defenses (ATDs) including data management file analysis, network traffic analysis, endpoint behavioral analysis, and threat intelligence services. By leveraging Umbrella’s platform, joint customers extend and enforce the intelligence from these security controls globally, even when users are off the corporate network.

How It Works

Network Security

For roaming employees, if you use Cisco AnyConnect clients, then you can simply enable the roaming security module — without requiring another agent. Alternatively, you can deploy a lightweight and transparent agent on Windows or Mac laptops. The agent only redirects DNS requests.

• For managed networks, just change one IP address on routers, wireless access points, or DNS servers.
• All policies are enforced and stay up-to-date in the cloud.

• To enable partner integrations in minutes, just copy a few lines of information from Umbrella’s UI and paste it into the partner’s UI.
• For practitioners, create basic scripts using Umbrella’s documented API. 
• In both cases, our platform automatically extracts DNS attributes. 

Together, Umbrella and your local intelligence can deliver global protection against advanced attacks. Internet connectivity is secured on any device, and over any port, protocol or app without slowing employees down. Umbrella reports which specific devices or employees were protected. And additional security insights and investigative features allow security practitioners to determine whether the attack was targeted and if it is related to other known or advanced threats.

Stop phishing, malware, and ransomware earlier with Cisco Umbrella - Your first layer of defense against threats at branch offices.