Simple, effective cloud-delivered security
Exploding SaaS usage. Proliferating remote locations. Swelling ranks of roaming workers. It’s the new normal. It challenges how organizations work and how they secure users, devices and remote locations. How can a cloud security service, featuring a cloud-delivered firewall, help you reduce complexity and improve your security?
Umbrella’s cloud-delivered firewall
Organizations are embracing direct internet access (DIA) instead of backhauling traffic to the data center. Today organizations seek a cloud-native security service as a simple-to-manage and scalable alternative to costly refresh cycles and maintenance headaches. Firewall in the cloud is now an essential element of a cloud-delivered security service. It helps you to improve security efficacy, and ensure consistent enforcement everywhere.
Intelligent traffic routing in the cloud
Security is not one size fits all. Cisco Umbrella intelligently steers different traffic types to the appropriate function to achieve an ideal balance of security efficacy, user performance, and management simplicity. Outbound traffic is sent to Umbrella via a single IPSec tunnel where the secure web gateway secures web traffic, DNS-layer security inspects and blocks DNS requests, and the cloud-delivered firewall secures non-web /non-DNS traffic.
Deepen inspection and control without performance issues
Step up your security. With Umbrella cloud-delivered firewall you gain better visibility and control for outbound internet traffic across all ports and protocols with layer 3/4 firewall, as well as application visibility and control with layer 7 firewall. Both provide better protection without any performance degradation.
Forward traffic to the cloud-delivered firewall by simply configuring an IPSec tunnel from any network device. As new tunnels are created, automatically apply security policies for easy setup, consistent enforcement, and protection against malware infections, phishing attacks, unacceptable use, and more.
Application visibility and control
With layer 7 application visibility and control, Umbrella recognizes non-web applications and takes appropriate action to block/allow them. Signature-based detection identifies 2,800 applications, and that number will rapidly expand. This complements application visibility and control in the Umbrella secure web gateway for web traffic flowing on 80/443 ports.
For example, an organization may choose not to allow Microsoft Teams (formerly Skype), an app that uses various ports and protocols. Umbrella’s secure web gateway blocks MS Team’s web traffic over ports 80/443 while its cloud-delivered firewall blocks MS Team’s voice and video traffic.
KCA Deutag moves firewall from network edge to the cloud
KCA Deutag, a distributed oil and gas services company, relies on Cisco Umbrella to consolidate security services across the globe. Learn how Cisco Umbrella cloud-delivered firewall helped them apply consistent rule sets to all of their sites form a centralized console, providing KCA Deutag with a quicker way to deploy.
Increase operational efficiency, performance, and redundancy
Say goodbye to complexity and hello to increased operational efficiency, with unified policy management reporting, and automatic redundancy.
Umbrella’s innovative use of Anycast routing enables the Umbrella infrastructure to execute planned updates, additions, and removals — even taking down an entire data center — with minimal impact to users at no extra cost. In the rare instance of an unplanned interruption, it performs automatic data center failover with no loss of redundancy protection.
Cisco Umbrella
Umbrella combines multiple security capabilities in a single, cloud-native service to offer powerful security that is easy to deploy and manage — all backed by the power of Cisco Talos threat intelligence.
You can quickly deploy Umbrella across thousands of devices with a few simple clicks. Your users will be protected against threats like malware, ransomware, and botnets with no added latency.
Only Umbrella optimizes inspection to automatically send traffic to specialized services for industry-leading security efficacy.