• Skip to primary navigation
  • Skip to main content
  • Skip to footer

Cisco Umbrella

Enterprise network security

  • Contact Sales
  • Login
    • Umbrella Login
    • Cloudlock Login
  • Search
Search
  • Why Us
    • Why Cisco Umbrella
      • Why Try Umbrella
      • Why DNS Security
      • Why Umbrella SASE
      • Our Customers
      • Customer Stories
      • Why Cisco Security
    • Fast Reliable Cloud
      • Global Cloud Architecture
      • Cloud Network Status
      • Global Cloud Network Activity
    • Unmatched Intelligence
      • A New Approach to Cybersecurity
      • Interactive Intelligence
      • Cyber Attack Prevention
      • Umbrella and Cisco Talos Threat Intelligence
    • Extensive Integrations
      • IT Security Integrations
      • Hardware Integrations
      • Meraki Integration
      • Cisco Security for Chromebook
  • Products
    • Cisco Umbrella Products
      • Cisco Umbrella Cloud Security Service
      • Recursive DNS Services
      • Cisco Umbrella SIG
      • Umbrella Investigate
      • What’s New
    • Product Packages
      • Cisco Umbrella and Cisco Secure Access Packages
      • – DNS Security Essentials Package
      • – DNS Security Advantage Package
      • – SIG Essentials Package
      • – SIG Advantage Package
      • Umbrella Support Packages
      • Cisco Umbrella for Government Packages
    • Functionality
      • DNS-Layer Security
      • Secure Web Gateway
      • Cloud Access Security Broker (CASB)
      • Cloud Data Loss Prevention (DLP)
      • Cloud-Delivered Firewall
      • Cloud Malware Protection
      • Remote Browser Isolation (RBI)
    • Man on a laptop with headphones on. He is attending a Cisco Umbrella Live Demo
  • Solutions
    • SASE & SSE Solutions
      • Your SSE journey with Cisco
      • Cisco Umbrella SASE
      • Secure Access Service Edge (SASE)
      • What is SASE
    • Functionality Solutions
      • Web Content Filtering
      • Secure Direct Internet Access
      • Shadow IT Discovery & App Blocking
      • Fast Incident Response
      • Unified Threat Management
      • Protect Mobile Users
      • Securing Remote and Roaming Users
      • Umbrella and Duo Layered Protection
    • Network Solutions
      • Guest Wi-Fi Security
      • SD-WAN Security
      • Off-Network Endpoint Security
    • Industry Solutions
      • Government and Public Sector Cybersecurity
      • Financial Services Security
        • – FTC Safeguards Rule Compliance 2023
      • Cybersecurity for Manufacturing
      • Higher Education Security
      • K-12 Schools Security
      • Healthcare, Retail and Hospitality Security
      • Enterprise Cloud Security
      • Small Business Cybersecurity
  • Resources
    • Content Library
      • Top Resources
      • Research Reports
      • Case Studies
      • Videos
      • Datasheets
      • eBooks
      • Solution Briefs
      • Cybersecurity Webinars
    • International Documents
      • Deutsch/German
      • Español/Spanish
      • Français/French
      • Italiano/Italian
      • 日本語/Japanese
    • Security Definitions
      • What is DNS Security
      • What is a Secure Web Gateway
      • What is a Cloud Access Security Broker (CASB)
      • What is Security Service Edge (SSE)
      • What is Secure Access Service Edge (SASE)
      • Cyber Threat Categories and Definitions
    • For Customers
      • Support
      • Customer Success Webinars
      • Free Trial Quick Start Guide
      • Free Trial Help and Tips
  • Trends & Threats
    • Market Trends
      • Generative AI Cybersecurity Risks and Rewards
      • Hybrid Workforce
      • Rise of Remote Workers
      • Secure Internet Gateway (SIG)
    • Security Threats
      • How to Stop Phishing Attacks
      • Malware Detection and Protection
      • Ransomware is on the Rise
      • Cryptomining Malware Protection
      • Cybersecurity Threat Landscape
      • Global Cyber Threat Intelligence
    •  
    • Woman connecting confidently to any device anywhere
  • Partners
    • Channel Partners
      • Partner Program
      • Become a Partner
    • Service Providers
      • Secure Connectivity
      • Managed Security for MSSPs
      • Managed IT for MSPs
    •  
    • Person looking down at laptop. They are connecting and working securely
  • Blog
    • News & Product Posts
      • Latest Posts
      • Products & Services
      • Customer Focus
      • Feature Spotlight
    • Cybersecurity Posts
      • Security
      • Threats
      • Cybersecurity Threat Spotlight
      • Research
    •  
    • Register for a webinar - with illustration of connecting securely to the cloud
  • Contact Us
  • Umbrella Login
  • Cloudlock Login
  • Free Trial
Clearing search keywords
Security

What goes into the secure access service edge (SASE) solution

Author avatar of Ken HowardKen Howard
Updated — June 28, 2022 • 4 minute read
View blog >

One of the main reasons that the secure access service edge (SASE) is getting so much attention these days is that it combines several networking and security capabilities and functions normally carried in multiple, siloed point solutions into a single, fully integrated cloud-native platform. This allows organizations to overcome cost and performance issues, resulting in a more decentralized networking approach to optimize performance and increase security.

The challenge is that, like the blind men all trying to describe an elephant, it means different things to different people.

In this article, we’ll look at some of the commonly accepted elements of a SASE solution and also review the approach that Cisco is taking to securing access and the network edge. Following are the major elements of SASE:

  • Software-defined wide area networks (SD-WAN)
  • Domain name system (DNS) layer security
  • Secure web gateway (SWG)
  • Firewall as a service (FWaaS)
  • Cloud access security broker (CASB)
  • Zero Trust Network access

The Cisco approach to SASE

Cisco SASE Solution: Cisco SD-WAN integration diagram

Cisco SD-WAN cloud-scale architecture is
simplicity for every size of organization

Software-defined wide area networks (SD-WAN)

Cisco’s approach to SASE leverages a cloud-scale SD-WAN architecture designed to meet the complex needs of modern WANs through three key areas:

  • Advanced application optimization that delivers a predictable application experience as the business application strategy evolves
  • Multilayered security that provides the flexibility to deploy the right security in the right place, either on-premises or cloud-delivered
  • Simplicity at enterprise scale, which enables end-to-end policy from the user to the application over thousands of sites

Cisco Umbrella multi-function cloud-native security

A foundational element of the Cisco SASE architecture, Cisco Umbrella SASE security components helps businesses of all sizes embrace and secure direct Internet access (DIA), secure cloud applications, and extend protection to roaming users and branch offices. Cisco Umbrella blocks requests to malicious and unwanted destinations before a connection is even established — stopping threats over any port or protocol before they reach your network or endpoints.

Domain name system (DNS) layer security

DNS-layer security provides the visibility needed to protect Internet access by:

  • Logging and categorizing DNS activity by type of security threat or web content and the action taken
  • Covering thousands of locations and users in minutes

Other elements of the Cisco SASE solution include:

Secure web gateway (SWG)

Cisco Umbrella includes a secure web gateway (SWG) that uses a cloud-based proxy to log and inspect all your web traffic for greater transparency, control, and protection.

  • Real-time inspection of inbound files for malware and other threats
  • Advanced file sandboxing
  • Full or selective SSL decryption to further protect against hidden attacks
  • Blocking of specific user activities
  • Content filtering by category

Cloud-delivered firewall as a service

With Cisco Umbrella’s cloud-delivered firewall, all activity is logged, and unwanted traffic is blocked using IP, port, and protocol rules. Cisco Umbrella’s cloud-delivered firewall provides:

  • Visibility and control for Internet traffic across all ports and protocols
  • Customizable IP, port, and protocol policies in the Umbrella dashboard
  • Layer 7 application visibility and control

Cloud access security broker (CASB) functionality

Cisco Umbrella’s CASB exposes shadow IT by providing the capability to detect and report on the cloud applications that are in use across your environment. Umbrella App Discovery offers:

  • Extended visibility into cloud apps in use and traffic volume
  • App details and risk information
  • Capability to block/allow specific apps

Interactive threat intelligence

Cisco Umbrella analyzes 250 billion DNS requests daily, taken from Cisco’s global network into a massive graph database. It also continuously runs against statistical and machine learning models. This information is constantly analyzed by Umbrella security researchers and supplemented with intelligence from Cisco Talos to efficiently discover and block an extensive range of threats.

Cisco’s unique view of the Internet enables Umbrella to uncover malicious domains, IPs, and URLs before they’re used in attacks, and helps analysts to accelerate investigations.

Umbrella and SD-WAN integration

With the Cisco Umbrella and Cisco SD-WAN integration, you can deploy Umbrella across your network and gain powerful cloud-delivered security to protect against threats on the Internet.

Umbrella offers the flexibility to create security policies based on the level of visibility and protection that you need — all from one dashboard.

Cisco SecureX

SecureX Dashboard

Cisco SecureX simplifies security with better visibility and automation

All of these capabilities won’t mean much if your team can’t quickly and easily access the information they need to understand what is happening, nor respond in a timely manner. That’s where the power of the Cisco SecureX platform comes in.

The goal of this integrated security portfolio is to deliver a consistent, simplified experience that unifies visibility, enables automation, and strengthens your security.

SecureX empowers your security operations center (SOC) teams with a single console for direct remediation, access to threat intelligence, and tools like casebook and incident manager. It overcomes many challenges by making threat investigations faster, simpler, and more effective.

Zero Trust with Cisco Duo

For organizations of all sizes that need to protect sensitive data at scale, Cisco Duo’s trusted access solution is a user-centric Zero Trust security platform. Duo’s multifactor authentication (MFA) lets you verify the identity of all users — before granting access to corporate applications. You can also ensure devices meet security standards, develop and manage access policies, and streamline remote access and single-sign-on (SSO) for enterprise applications.

Cisco Umbrella also feeds huge volumes of global internet activity into a combination of statistical and machine learning models to identify new attacks being staged on the Internet. Umbrella has a highly resilient cloud infrastructure that boasts close to 100 percent uptime since 2006. Using Anycast routing, any of Cisco’s 30-plus data centers across the globe are available using the same single IP address. As a result, your requests are transparently sent to the nearest, fastest data center and failover is automatic, resulting in superior speed, effective security, and excellent user experience.

So, you’ve just finished reading this blog. Why stop now? If you’re lucky – you’ll read our new ebook before anyone else at your company, and you’ll gain a reputation as a networking and security expert who can talk about SASE with the best of them. Who doesn’t love to be a hero?

Ready to get started on the journey? Click to download the ebook Secure Access Service Edge (SASE) for Dummies.

Suggested Blogs

  • Cisco Umbrella Delivered Better Cybersecurity and 231% ROI February 21, 2023 2 minute read
  • Cisco Listed as a Representative Vendor in Gartner® Market Guide for Single-Vendor SASE January 26, 2023 3 minute read
  • How to Evaluate SSE Vendors: Questions to Ask, Pitfalls to Avoid June 23, 2022 5 minute read

Share this blog

FacebookTweetLinkedIn
Subscribe to the Cisco Umbrella blog Subscribe

Follow Us

Facebook X LinkedIn Youtube

Footer Sections

What we make

  • Cloud Security Service
  • DNS-Layer Network Security
  • Secure Web Gateway
  • Security Packages

Who we are

  • Global Cloud Architecture
  • Cloud Network Status
  • Cloud Network Activity
  • OpenDNS is now Umbrella
  • Cisco Umbrella Blog

Learn more

  • Webinars
  • Careers
  • Support
  • Cisco Umbrella Live Demo
  • Contact Sales
Umbrella by Cisco
208.67.222.222+208.67.220.220
2620:119:35::35+2620:119:53::53
Sign up for a Free Trial
  • Cisco Online Privacy Statement
  • Terms of Service
  • Sitemap

© 2025 Cisco Umbrella