As threats become more sophisticated, organizations are responding by introducing layers of security that go beyond just securing your internet edge and deploying anti-virus on the desktops. A big challenge with this approach is managing the often disparate systems that make up these layers. Cisco has made huge strides to correct this with their software releases this year, but in reality, it still requires a trained team to monitor and manage these solutions. Leaner IT teams are desperately looking for an easy to manage tool with nice reporting that catches the vast majority of issues. After deploying and managing Cisco Umbrella (formerly OpenDNS) for customers and for LookingPoint internally, I really believe this is the tool that will get the most use and provide the highest overall value for your security dollar.
As the name "Umbrella" suggests, Cisco sees this as the over-arching layer that covers your entire organization. Being DNS based, Umbrella looks at every single DNS request made by every client and is able to give you an unprecedented level of insight and visibility into the web traffic of your users. If you were to use this just for URL/Content filtering it would already be a great value, providing the ability for administrators to whitelist/blacklist sites, block by category, etc.
Reporting on user activity is also incredibly easy. Here we can see that my Android phone has ran some updates from the Google Play store.
Searching for Security related events is just as easy. Since ransomware, bots and malware communicate with public internet sites once they have infected a machine, Umbrella is able to detect that transmission and proactively block it. Here we can see that a computer on our guest network had been attempting to contact a known malware site. Since Umbrella gets real-time updates from Cisco Talos and AMP, there is no waiting for new Security definition files to determine if this is Malware or not. Daily analysis of millions of malware samples and terabytes of data are used to automatically mark this as malicious and block it so the threat is fully contained.
This is what I mean by saying this might be your most used Security ‘layer’. While Next generation firewalls, IDS/IPS and others do a great job, this ability to tie specific users (AD integration) with devices (works on Windows, MAC, Android, iPhone, etc.), and then report on ALL traffic for all those devices in a single place is the holy grail of security.
The interface itself is extremely easy to navigate and takes next to no training to use. Identities are pulled in from an Active Directory Agent, a software agent installed on a device, or just by its internal IP address if those others aren’t implemented. Policies are then created that apply to those identities, which handles enforcement and notification. Finally, you can report on any of this using easy to use filters.
With so much insight into your environment, and real-time identification and blocking of malware, phishing, ransomware, etc., add in that it is a cloud managed product with a very small footprint and is so easy to maintain and manage, the question really becomes, why not use it? It just works…and it works well regardless of your network hardware vendor, user client preference, etc. Reach out to us to find out more about the various deployment strategies and to see how we can help you utilize this amazing tool!
Written By: Lee Jolly, LookingPoint, Inc. Systems Engineer VCP CCNP