Immediately Convert Your Threat Intelligence into Global Threat Prevention
Hours or days can go by before you manually configure appliance- or agent-based defenses to take action on newly aggregated threat intelligence. Cisco Umbrella enables you to complete the last necessary step to operationalize your threat intelligence. By leveraging Cisco Umbrella APIs, you can create up to 10 custom integrations between your custom in-house systems and our cloud-delivered network security service—Cisco Umbrella. Each integration allows your custom scripts to automatically add or remove domains in a separate security category. You can enforce different policies on each security category.
By enforcing security at the DNS layer, Umbrella uses the Internet’s existing infrastructure to keep malware, botnets/C2, and phishing from compromising systems and exfiltrating data over any port, protocol, or app. Blocking Internet activity attributed to your domains on any device—on or off the network—reduces the time between detection and prevention to seconds. If any devices are requesting suspicious domains, you gain global visibility instantly and can store logs indefinitely for incident response.
Using our APIs and unique view of the Internet, Investigate can also enrich your threat intelligence with real-time context about suspicious domains, IPs, and ASNs. You can add our risk scores to your IOCs across a number of attacker infrastructure attributes. For example, you can script different actions for domains based on Umbrella detecting that they use fast flux networks (FFNs) or were created by domain generation algorithms (DGAs).