• Skip to primary navigation
  • Skip to main content
  • Skip to footer

Cisco Umbrella

Enterprise network security

  • Free Trial
  • Contact us
  • Blog
  • Login
    • Umbrella Login
    • Cloudlock Login
  • Products
    • Product
      • Cisco Umbrella Cloud Security Service
      • Cisco Umbrella Investigate
      • Product Packages
      • Support Packages
    • Functionality
      • DNS-Layer Security
      • Secure Web Gateway
      • Cloud Access Security Broker (CASB)
      • Interactive Intelligence
      • Cloud-Delivered Firewall
    •  
    • Webinar signup
  • Solutions
    • By Need
      • Protect Mobile Users
      • Fast Incident Response
      • Web Content Filtering
      • Shadow IT Discovery & App Blocking
      • Unified Threat Enforcement
      • Reduce Security Infections
      • Secure Direct Internet Access
      • Securing Remote and Roaming Users
    • By Network
      • Protect Guest Wi-Fi
      • SD-WAN Security
      • Off-Network Endpoint Security
    • By Industry
      • Higher Education Security
      • K-12 Schools Security
      • Healthcare, Retail and Hospitality Security
      • Enterprise Cloud Security
      • Small Business Cybersecurity
      • Our Customers
      • Customer Stories
    • Ransomware Defense for Dummies book
  • Why Us
    • Fast Reliable Cloud
      • Cloud Security Infrastructure
      • Cloud Network Status
      • Cloud Network Activity
      • Recursive DNS Services
      • Top Reasons to Trial
      • Getting Started
    • Unmatched Intelligence
      • Cyber Attack Prevention
      • Interactive Intelligence
    • Extensive Integrations
      • IT Security Integrations
      • Hardware Integrations
      • Meraki Integration
      • Cisco SD-WAN
    • Navigation-dropdown-promo-free-trial_102820
  • Resources
    • Content Library
      • Top Resources
      • Analyst Reports
      • Case Studies
      • Customer Videos
      • Datasheets
      • eBooks
      • Infographics
      • Solution Briefs
    • International Documents
      • Deutsch/German
      • Español/Spanish
      • Français/French
      • Italiano/Italian
      • 日本語/Japanese
    • Cisco Umbrella Blog
      • Latest Posts
      • Security Posts
      • Research Posts
      • Threats Posts
      • Product Posts
      • Spotlight
    • For Customers
      • Support
      • Customer Success Hub
      • Umbrella Deployment Hub
      • Customer Success Webinars
      • What’s New
      • Cisco Umbrella Studio
  • Trends & Threats
    • Market Trends
      • Rise of Remote Workers
      • Secure Internet Gateway (SIG)
      • Secure Access Service Edge (SASE)
    • Security Threats
      • Ransomware
      • Cryptomining Malware Protection
      • Cybersecurity Threat Landscape
    •  
    • 2020 Cybersecurity trends
  • Partners
    • Channel Partners
      • Partner Program
      • Become a Partner
    • Service Providers
      • Secure Connectivity
      • Managed Security for MSSPs
      • Managed IT for MSPs
    •  
    • Become a partner
  • Free Trial Signup
  • Umbrella Login
  • Cloudlock Login
  • Contact Us
Security

What goes into the secure access service edge (SASE) solution

By Ken Howard
December 1, 2020

Share

Facebook0Tweet0LinkedIn0

One of the main reasons that the secure access service edge (SASE) is getting so much attention these days is that it combines several networking and security capabilities and functions normally carried in multiple, siloed point solutions into a single, fully integrated cloud-native platform. This allows organizations to overcome cost and performance issues, resulting in a more decentralized networking approach to optimize performance and increase security.

The challenge is that, like the blind men all trying to describe an elephant, it means different things to different people.

In this article, we’ll look at some of the commonly accepted elements of a SASE solution and also review the approach that Cisco is taking to securing access and the network edge. Following are the major elements of SASE:

  • Software-defined wide area networks (SD-WAN)
  • Domain name system (DNS) layer security
  • Secure web gateway (SWG)
  • Firewall as a service (FWaaS)
  • Cloud access security broker (CASB)
  • Zero Trust Network access

The Cisco approach to SASE

Cisco SD-WAN integration diagram

Cisco SD-WAN cloud-scale architecture is
simplicity for every size of organization

Software-defined wide area networks (SD-WAN)

Cisco’s approach to SASE leverages a cloud-scale SD-WAN architecture designed to meet the complex needs of modern WANs through three key areas:

  • Advanced application optimization that delivers a predictable application experience as the business application strategy evolves
  • Multilayered security that provides the flexibility to deploy the right security in the right place, either on-premises or cloud-delivered
  • Simplicity at enterprise scale, which enables end-to-end policy from the user to the application over thousands of sites

Cisco Umbrella multi-function cloud-native security

A foundational element of the Cisco SASE architecture, Cisco Umbrella helps businesses of all sizes embrace and secure direct Internet access (DIA), secure cloud applications, and extend protection to roaming users and branch offices. Cisco Umbrella blocks requests to malicious and unwanted destinations before a connection is even established — stopping threats over any port or protocol before they reach your network or endpoints.

Domain name system (DNS) layer security

DNS-layer security provides the visibility needed to protect Internet access by:

  • Logging and categorizing DNS activity by type of security threat or web content and the action taken
  • Covering thousands of locations and users in minutes

Other elements of the Cisco SASE solution include:

Secure web gateway (SWG)

Cisco Umbrella includes a secure web gateway (SWG) that uses a cloud-based proxy to log and inspect all your web traffic for greater transparency, control, and protection.

  • Real-time inspection of inbound files for malware and other threats
  • Advanced file sandboxing
  • Full or selective SSL decryption to further protect against hidden attacks
  • Blocking of specific user activities
  • Content filtering by category

Cloud-delivered firewall as a service

With Cisco Umbrella’s cloud-delivered firewall, all activity is logged, and unwanted traffic is blocked using IP, port, and protocol rules. Cisco Umbrella’s cloud-delivered firewall provides:

  • Visibility and control for Internet traffic across all ports and protocols
  • Customizable IP, port, and protocol policies in the Umbrella dashboard
  • Layer 7 application visibility and control

Cloud access security broker (CASB) functionality

Cisco Umbrella exposes shadow IT by providing the capability to detect and report on the cloud applications that are in use across your environment. Umbrella App Discovery offers:

  • Extended visibility into cloud apps in use and traffic volume
  • App details and risk information
  • Capability to block/allow specific apps

Interactive threat intelligence

Cisco Umbrella analyzes 250 billion DNS requests daily, taken from Cisco’s global network into a massive graph database. It also continuously runs against statistical and machine learning models. This information is constantly analyzed by Umbrella security researchers and supplemented with intelligence from Cisco Talos to efficiently discover and block an extensive range of threats.

Cisco’s unique view of the Internet enables Umbrella to uncover malicious domains, IPs, and URLs before they’re used in attacks, and helps analysts to accelerate investigations.

Umbrella and SD-WAN integration

With the Cisco Umbrella and Cisco SD-WAN integration, you can deploy Umbrella across your network and gain powerful cloud-delivered security to protect against threats on the Internet.

Umbrella offers the flexibility to create security policies based on the level of visibility and protection that you need — all from one dashboard.

Cisco SecureX

SecureX Dashboard

Cisco SecureX simplifies security with better visibility and automation

All of these capabilities won’t mean much if your team can’t quickly and easily access the information they need to understand what is happening, nor respond in a timely manner. That’s where the power of the Cisco SecureX platform comes in.

The goal of this integrated security portfolio is to deliver a consistent, simplified experience that unifies visibility, enables automation, and strengthens your security.

SecureX empowers your security operations center (SOC) teams with a single console for direct remediation, access to threat intelligence, and tools like casebook and incident manager. It overcomes many challenges by making threat investigations faster, simpler, and more effective.

Zero Trust with Cisco Duo

For organizations of all sizes that need to protect sensitive data at scale, Cisco Duo’s trusted access solution is a user-centric Zero Trust security platform. Duo’s multifactor authentication (MFA) lets you verify the identity of all users — before granting access to corporate applications. You can also ensure devices meet security standards, develop and manage access policies, and streamline remote access and single-sign-on (SSO) for enterprise applications.

Cisco Umbrella also feeds huge volumes of global internet activity into a combination of statistical and machine learning models to identify new attacks being staged on the Internet. Umbrella has a highly resilient cloud infrastructure that boasts close to 100 percent uptime since 2006. Using Anycast routing, any of Cisco’s 30-plus data centers across the globe are available using the same single IP address. As a result, your requests are transparently sent to the nearest, fastest data center and failover is automatic, resulting in superior speed, effective security, and excellent user experience.

So, you’ve just finished reading this blog. Why stop now? If you’re lucky – you’ll read our new ebook before anyone else at your company, and you’ll gain a reputation as a networking and security expert who can talk about SASE with the best of them. Who doesn’t love to be a hero?

Ready to get started on the journey? Click to download the ebook Secure Access Service Edge (SASE) for Dummies.

Previous Post:

Previous Article

Next Post:

Next Article

Follow Us

  • Twitter
  • Facebook
  • LinkedIn
  • YouTube

Footer Sections

What we make

  • Cloud Security Service
  • DNS-Layer Network Security
  • Secure Web Gateway
  • Security Packages

Who we are

  • Cisco Umbrella Blog
  • Cloud Network Status
  • Cloud Network Activity
  • OpenDNS is now Cisco Umbrella

Learn more

  • Events
  • Careers
  • Support
  • Cisco Umbrella Live Demo
  • Contact Sales
Umbrella by Cisco
208.67.222.222+208.67.220.220
2620:119:35::35+2620:119:53::53
Sign up for a Free Trial
  • Cisco Online Privacy Statement
  • Terms of Service
  • Sitemap

© 2021 Cisco Umbrella