• Skip to primary navigation
  • Skip to main content
  • Skip to footer

Cisco Umbrella

Enterprise network security

  • Contact Sales
  • Login
    • Umbrella Login
    • Cloudlock Login
  • Search
Search
  • Why Us
    • Why Cisco Umbrella
      • Why Try Umbrella
      • Why DNS Security
      • Why Umbrella SASE
      • Our Customers
      • Customer Stories
      • Why Cisco Security
    • Fast Reliable Cloud
      • Global Cloud Architecture
      • Cloud Network Status
      • Global Cloud Network Activity
    • Unmatched Intelligence
      • A New Approach to Cybersecurity
      • Interactive Intelligence
      • Cyber Attack Prevention
      • Umbrella and Cisco Talos Threat Intelligence
    • Extensive Integrations
      • IT Security Integrations
      • Hardware Integrations
      • Meraki Integration
      • Cisco Security for Chromebook
  • Products
    • Cisco Umbrella Products
      • Cisco Umbrella Cloud Security Service
      • Recursive DNS Services
      • Cisco Umbrella SIG
      • Umbrella Investigate
      • What’s New
    • Product Packages
      • Cisco Umbrella and Cisco Secure Access Packages
      • – DNS Security Essentials Package
      • – DNS Security Advantage Package
      • – SIG Essentials Package
      • – SIG Advantage Package
      • Umbrella Support Packages
      • Cisco Umbrella for Government Packages
    • Functionality
      • DNS-Layer Security
      • Secure Web Gateway
      • Cloud Access Security Broker (CASB)
      • Cloud Data Loss Prevention (DLP)
      • Cloud-Delivered Firewall
      • Cloud Malware Protection
      • Remote Browser Isolation (RBI)
    • Man on a laptop with headphones on. He is attending a Cisco Umbrella Live Demo
  • Solutions
    • SASE & SSE Solutions
      • Your SSE journey with Cisco
      • Cisco Umbrella SASE
      • Secure Access Service Edge (SASE)
      • What is SASE
    • Functionality Solutions
      • Web Content Filtering
      • Secure Direct Internet Access
      • Shadow IT Discovery & App Blocking
      • Fast Incident Response
      • Unified Threat Management
      • Protect Mobile Users
      • Securing Remote and Roaming Users
      • Umbrella and Duo Layered Protection
    • Network Solutions
      • Guest Wi-Fi Security
      • SD-WAN Security
      • Off-Network Endpoint Security
    • Industry Solutions
      • Government and Public Sector Cybersecurity
      • Financial Services Security
        • – FTC Safeguards Rule Compliance 2023
      • Cybersecurity for Manufacturing
      • Higher Education Security
      • K-12 Schools Security
      • Healthcare, Retail and Hospitality Security
      • Enterprise Cloud Security
      • Small Business Cybersecurity
  • Resources
    • Content Library
      • Top Resources
      • Research Reports
      • Case Studies
      • Videos
      • Datasheets
      • eBooks
      • Solution Briefs
      • Cybersecurity Webinars
    • International Documents
      • Deutsch/German
      • Español/Spanish
      • Français/French
      • Italiano/Italian
      • 日本語/Japanese
    • Security Definitions
      • What is DNS Security
      • What is a Secure Web Gateway
      • What is a Cloud Access Security Broker (CASB)
      • What is Security Service Edge (SSE)
      • What is Secure Access Service Edge (SASE)
      • Cyber Threat Categories and Definitions
    • For Customers
      • Support
      • Customer Success Webinars
      • Free Trial Quick Start Guide
      • Free Trial Help and Tips
  • Trends & Threats
    • Market Trends
      • Generative AI Cybersecurity Risks and Rewards
      • Hybrid Workforce
      • Rise of Remote Workers
      • Secure Internet Gateway (SIG)
    • Security Threats
      • How to Stop Phishing Attacks
      • Malware Detection and Protection
      • Ransomware is on the Rise
      • Cryptomining Malware Protection
      • Cybersecurity Threat Landscape
      • Global Cyber Threat Intelligence
    •  
    • Woman connecting confidently to any device anywhere
  • Partners
    • Channel Partners
      • Partner Program
      • Become a Partner
    • Service Providers
      • Secure Connectivity
      • Managed Security for MSSPs
      • Managed IT for MSPs
    •  
    • Person looking down at laptop. They are connecting and working securely
  • Blog
    • News & Product Posts
      • Latest Posts
      • Products & Services
      • Customer Focus
      • Feature Spotlight
    • Cybersecurity Posts
      • Security
      • Threats
      • Cybersecurity Threat Spotlight
      • Research
    •  
    • Register for a webinar - with illustration of connecting securely to the cloud
  • Contact Us
  • Umbrella Login
  • Cloudlock Login
  • Free Trial
Clearing search keywords
Government

Cisco Umbrella Now Integrates With Protective DNS

Author avatar of Michael SikillianMichael Sikillian
Updated — August 29, 2023 • 2 minute read
View blog >

U.S. Government customers can now leverage Cisco to meet the mandate for CISA’s Protective DNS with enhanced protection for on-premises and roaming client users.

Protective DNS is offered by the U.S. Cybersecurity and Infrastructure Security Agency (CISA) to detect and prevent cyberattacks targeting Federal civilian executive branch agencies (FCEB). U.S. Federal Civilian agencies must integrate with Protective DNS as part of the Department of Homeland Security’s mandate under Title 6 of the United States Code (USC) 663: Federal Intrusion Detection and Prevention System. It also aligns with DNS-related requirements and guidance contained in OMB M-21- 31 and M-22-09.

Many U.S. Government agencies use Cisco Umbrella, our cloud-delivered security solution, for DNS-layer security, Secure Web Gateway, Cloud-delivered Firewall, and CASB/DLP.

We are happy to announce that Cisco Umbrella now integrates directly with CISA Protective DNS. Developed in collaboration with CISA and Federal agencies, Umbrella supports both on-premises customers through our Virtual Appliance and mobile users running Windows, Mac, iPhone, and Android running the Cisco Secure Client. Umbrella customers benefit from Cisco’s industry-leading security that enhances and extends the benefits of Protective DNS while ensuring customers meet the Protective DNS mandate.

What are the benefits of the Umbrella integration with Protective DNS?

The dual-protection model brings the following benefits in addition to single-stage Protective DNS Integration:

  • User-level granularity: Umbrella can identify DNS traffic from individual users, both when they are on-premises and roaming. By itself, Protective DNS can only enable policies per on-premises network. Umbrella maintains that capability and extends it to allow fine-grained policies based on groups and individuals.
  • Policy Creation: User-level granularity enables security personnel to create policies and pinpoint the source of suspicious behavior to the exact user and device anywhere in the world, enhancing Protective DNS beyond the capability to identify suspect behavior on individual on-premises networks.
  • Seamless Mobile Deployment: Every device running Cisco Secure Client (which includes Cisco AnyConnect VPN) can be integrated with Umbrella, leveraging our Protective DNS integration without having to install a separate endpoint package. Protective DNS alone does not directly support mobile devices, which are required to be protected per the DHS mandate.

How does this help the customer enhance security?

Cisco Umbrella simplifies the deployment, management, and response to protecting on-premises and mobile devices through granular user-based policies and reporting for security, content, and application control. With threat intelligence backed by Cisco Talos, and features like resolver-native, machine learning-based, and real-time DNS Tunneling protection, Umbrella provides an integrated security platform.

Umbrella provides the security of encrypted DNS using DoH, DoT, and DNSCrypt without added latency or the operational complexity of a VPN tunnel. Umbrella serves over 620 billion DNS requests per day to more than 38,000 Enterprise customers, and leverages experience of operating at scale to provide 100% business uptime since 2006.

How does the Cisco Umbrella-Protective DNS Integration work?

Umbrella’s approach to meet the CISA requirement uses a purpose-built integration mechanism that secures customer DNS traffic using the inspection capabilities of both Umbrella and Protective DNS.

A graphic illustrating the Umbrella and Protective DNS integration

How does the customer access the Integration?

The integration with Protective DNS is a configuration option that is set both within the customer’s Protective DNS configuration and Umbrella’s cloud-based management. It is available at no charge for customers of Cisco Umbrella (both DNS and SIG offerings).

Umbrella customers benefit from Cisco’s industry-leading security that enhances and extends the benefits of Protective DNS while ensuring customers meet the Protective DNS mandate.

Post this quote

Suggested Blogs

  • Cisco Umbrella for Government: DNS Security Integrated With CISA Protective DNS August 29, 2024 4 minute read
  • Cisco Umbrella for Government: Enabling Advanced Public Sector Cybersecurity May 15, 2023 4 minute read

Share this blog

FacebookTweetLinkedIn
Subscribe to the Cisco Umbrella blog Subscribe

Follow Us

Facebook X LinkedIn Youtube

Footer Sections

What we make

  • Cloud Security Service
  • DNS-Layer Network Security
  • Secure Web Gateway
  • Security Packages

Who we are

  • Global Cloud Architecture
  • Cloud Network Status
  • Cloud Network Activity
  • OpenDNS is now Umbrella
  • Cisco Umbrella Blog

Learn more

  • Webinars
  • Careers
  • Support
  • Cisco Umbrella Live Demo
  • Contact Sales
Umbrella by Cisco
208.67.222.222+208.67.220.220
2620:119:35::35+2620:119:53::53
Sign up for a Free Trial
  • Cisco Online Privacy Statement
  • Terms of Service
  • Sitemap

© 2025 Cisco Umbrella