You just finished binge-watching season seven of Game of Thrones. Ah, here comes the post-GoT sadness. To ease your woes, you begin your search for a new series to start binging. You can usually tell if a series will be good or bad just from the title, poster, actors, and genre, but for some, you need a closer look at other info like a description, preview, and rating.
This is similar to Cisco Umbrella’s inspection! For most sites, Umbrella uses DNS-based intelligence and inspection to determine if good or bad. Then for a subset — the unknown or risky HTTP/HTTPS websites — Umbrella uses deeper inspection to determine if allowed or blocked. And, we’ve recently added two new features — file inspection and custom URL blocking — to provide you with even stronger protection! Unfortunately, these features can’t prevent you from watching a bad series –– don’t worry, GoT season 8 will be here before you know it.
Grab your popcorn, here’s a breakdown of the features:
File inspection is a feature that scans files attempted to be accessed from the web to see if they contain malicious code, and blocks them if they do. If we receive a request for a file that matches our 150+ supported file types – .PDF, .EXE and more – we check the hash against info provided by a partner anti-virus (AV) engine and Cisco Advanced Malware Protection (AMP) to determine to block or allow. Learn more here.
Custom URL blocking
You probably have access to threat intel on malicious URLs from other products, industry groups, and more. With Umbrella’s custom URL blocking, taking action on this info is easier and automated. You can add a single URL or upload a list of URLs to a block list, and automatically prevent your users from accessing these sites whether on or off the network. Learn more here.
Umbrella’s intelligent proxy
Most phishing, malware, ransomware, and other threats are hosted on domains that are classified as malicious. Yet some domains host both malicious and safe content — we consider these risky domains. If Umbrella receives a request for a risky domain, it is routed to our intelligent proxy for deeper inspection. Additionally, if Umbrella receives a request for a URL that is on a customer’s block list, it is also routed to our proxy and blocked. Learn more here.
Support for HTTPS traffic
We can scan both HTTP (e.g. clear text) websites and HTTPS (e.g. encrypted) websites. This is important because HTTPS websites represent almost half the internet! The Cisco Root CA is required to make decryption possible. Learn more here.
We have more exciting enhancements planned for our intelligent proxy — stay tuned to understand how Umbrella continues to deliver better protection for you. And best of luck finding your next series to watch!