Stop Phishing and Malware Infections Earlier
As a secure internet gateway, Cisco Umbrella provides the first line of defense against threats on the internet — anywhere users work. Umbrella delivers complete visibility into internet activity across all locations and endpoints. By analyzing and learning from internet activity patterns, Umbrella automatically uncovers an attacker’s infrastructures staged for attacks, and proactively blocks requests to malicious destinations before a connection is even established — without adding any latency for users.
Attacks have many phases. Before launching, the attacker needs to stage internet infrastructure to support each phase. Two early phases are to redirect or link to a malicious web domain or send a malicious email attachment. For the former, most attacks leverage exploit kits (e.g. Angler) as the first stage before dropping the final payload. Cisco Umbrella effectively blocks initial exploit and phishing domains.
Attacks that target organizations often leverage email attachments or direct payload downloads. Yet attacks with an objective to exfiltrate data, still must initiate a command & control callback. Because Umbrella is built into the foundation of the internet, it identifies where these domains and other internet infrastructures are staged, and blocks requests over any port or protocol, preventing both infiltration and exfiltration attempts.
Today’s security appliances and agents must wait until malware reaches the perimeter or endpoint before they can detect or prevent it. Umbrella is your first line of defense, stopping attacks earlier in the kill chain. By enforcing security at the DNS and IP layers, Umbrella stops threats before they ever reach your network or endpoints. By analyzing and learning from internet activity patterns, Umbrella automatically uncovers attacker infrastructure staged for current and emerging threats, and proactively blocks requests to malicious destinations before a connection is even established or a malicious file downloaded. Umbrella can also stop compromised systems from exfiltrating data via command & control (C2) callbacks to the attacker’s botnet infrastructure, over any port or protocol.
Unlike appliances, our cloud security platform protects devices both on and of the corporate network. Unlike agents, the DNS layer protection extends to every device connected to the network — even IoT. Umbrella truly is the easiest and fastest layer of security to deploy everywhere.
What is Cisco Umbrella?
To break it down, there are 3 core features of Umbrella. At any point you access the internet, requests will go to Umbrella first making it easy to block access to malicious sites before they even reach you. You can also enable content filtering to prevent people from visiting unwanted sites. The last core feature of Umbrella is command and control blocking. Say you had an already infected device that comes onto the network; Umbrella can prevent any callbacks that the malware might be making to the attacker.
Let’s take a closer look at Umbrella’s key features.
Security Categories: You can manage these through policies. Umbrella uses DNS filtering to protect your business before threats can even reach your network. DNS filtering sets up parameters through the Cisco Umbrella global network. If you were to request a website that’s detected as harmful, the web page can be blocked and directed elsewhere.
Content Categories: With over 60 content categories that cover millions of domains you can set lists to determine which sites can be accessed by which users. You can configure a policy for which content you want to filter.
“When enabled, Cisco Umbrella’s intelligent proxy intercepts and proxies requests for malicious files embedded within certain so-called “grey” domains. You enable and disable the intelligent proxy when first creating a policy and, once configured, from the Policy Summary page.” – Cisco Umbrella Documentation
Command and Control
Even if a device were to become infected off your network, Umbrella prevents it from communicating with the attacker’s servers.
Past those features, Cisco Umbrella includes advanced reporting features. With the ability to schedule and automate security reports, you’ll always be on top any problems that may appear.