As more security controls move to the cloud, a Secure Internet Gateway (SIG) provides a platform that future capabilities can be built upon. Cisco work with Cisilion to deploy Umbrella, a SIG that helps your business mitigate advanced threats and provide an end to end and holistic solution to secure your entire attack surface.
In short, there are 10 key areas to look at when choosing a SIG.
This is why you need to choose Cisco Umbrella:
1) Visibility and enforcement everywhere
Cisco Umbrella protects every device on your network – even mobile phones and Internet of Things (IoT) devices. You can utilise its integration with Cisco AnyConnect, the Cisco Security Connector app and also the Umbrella app.
2) Cloud-delivered security platform
There’s no hardware to deploy or software to maintain, and it can scale to meet the needs of any organisation. Umbrella uses DNS — a foundational component of how the internet works — as the main mechanism to get all internet requests to the cloud.
3) Protection against threats over all ports and protocols
By using DNS, Umbrella stops threats over all ports and protocols — not just web ports 80 and 443 like a traditional web proxy. The DNS request becomes the very first point at which Umbrella enforces security, by determining whether the domain or IP is legitimate or malicious.
4) Proxy-based inspection of web traffic and files
With the Umbrella intelligent proxy, only requests to risky domains – those hosting malicious and legitimate content – are proxied for deeper inspection, removing performance impacts felt by traditional proxies. Our proxy was built using a microservices architecture that automatically scales for better performance, and we check files against AV engines and Cisco Advanced Malware Protection file reputation services.
5) Open platform to integrate with your existing security stack
Umbrella was built with a bidirectional API to easily integrate with existing systems including security appliances, intelligence platforms or feeds, and custom, in-house tools. Using our API, you can send local intelligence into Umbrella and enforce it globally within minutes. You can also query our threat intelligence using the Cisco Umbrella Investigate API and enrich security event data in your SIEM or other systems.
6) Discovery and control for SaaS apps
Umbrella works directly with Cisco Cloudlock to provide visibility into and to control the use of sanctioned and unsanctioned SaaS apps. For example, Cloudlock helps control data usage for sanctioned apps, and Umbrella can uncover unsanctioned SaaS apps being used by employees and can be used to prevent access to those apps if needed. Together, Umbrella and Cloudlock protect your users, data, and infrastructure wherever they are.
7) Live threat intelligence
Umbrella sees the relationships between malware, URLs, domains, IPs, and networks across the internet. It analyses internet activity patterns from more than 150 billion DNS requests from 90 million users worldwide every day and automatically identifies infrastructure being staged for the next attack using a combination of statistical and machine learning models and human intelligence. Then, Umbrella proactively blocks your users from these threats before a connection is ever made or a file is ever downloaded.
8) Easy to deploy and manage
Deploying Umbrella is quick and painless. For Cisilion’s team of experts, it’s as simple as changing a configuration on your network to start pointing DNS to the Umbrella global network, so you can start protecting users enterprise-wide in minutes.
9) Non-intrusive to users
Umbrella is always on, always protecting, without action required from end users. They won’t experience slow or broken connections with Umbrella or memory impacts on their devices. In fact, many even see performance improvements when accessing the internet.
10) Fast, reliable cloud infrastructure
Umbrella is built on a global network of 27 datacenters co-located with the largest internet exchange points around the world and has maintained 100% uptime since launching in 2006. Umbrella uses Anycast routing — every data centre announces the same IP address, so requests are transparently sent to the fastest available with automated failover.