The domain name system (DNS) is a foundational component of the internet — mapping names to IP addresses. When you click a link or type a URL, a DNS request initiates the process of connecting any device to the internet. For our cloud security platform, we use DNS as just one way to make connecting to the cloud not only simple and fast, but also secure.
We process billions of DNS requests from millions of users every day. Not only do we have data center locations around the world, but more importantly, we peer with the top internet service providers (ISPs) and content delivery networks (CDNs) to shorten the routes between every network in the world and our data centers — making your internet access even faster.
We scale to support tens of thousands of concurrent enterprises and block millions of concurrent threats. In fact, we enforce 7 million unique malicious destinations at any given time. No appliance could scale to deliver this same efficacy.
When you connect to a cloud security platform, performance is critical. It cannot break or slow down your internet connection. To ensure reliability, we use Anycast routing— every data center announces the same IP address so that requests are transparently sent to the fastest available with automated failover. With Umbrella, you’ll never experience downtime for maintenance and you don’t need static routes to a primary and backup datacenters.
Umbrella won’t add latency compared to your current provider. In fact, many customers see a boost in internet speed. Our peering partnerships with ISPs and CDNs provide shortcuts between every network. And Umbrella stores the responses to 90 million users’ daily requests, and for most safe destinations, responds back immediately.
By performing everything in the cloud, there is no hardware to install, and no software to manually update. Just add 188.8.131.52 in one setting within your DNS servers, and every device on your network is covered. Or use your existing Cisco footprint — SD-WAN, ISR 1K and 4K Series, Meraki MR, and WLAN, to quickly provision security across hundreds of network devices. What about off-network? If you use Cisco AnyConnect, simply enable the Umbrella security module. If not, we have an agent that works with any VPN. And you can use the Cisco Security Connector app for iOS devices.
To start, Umbrella determines which customer the internet request belongs to, and which policy to enforce. Next, we determine if the destination — domain request and IP response — is (A) malicious, unwanted, or blacklisted; (B) safe or whitelisted; or (C) risky, meaning it hosts both malicious and safe content.
For type A destinations, we route the connection to a block page. For B, we route the connection as normal. And for C, we route the connection through our cloud-based proxy for deeper inspection. All requests are logged globally and immediately visible for your security teams to take action.
Traditionally, blocking web content at the URL level requires proxying all connections — which adds complexity and negatively impacts performance. With Umbrella, safe connections are allowed and malicious requests are blocked at the DNS-layer. Only requests to risky domains, which contain both malicious and legitimate content, are routed for deeper URL and file inspection. With Umbrella’s intelligent proxy, users don’t experience any slow or broken internet access.
One fear that IT has with the cloud is a loss of customization and control. Umbrella is an open platform that integrates with your in-house tools and third party solutions. Using our API, you can send local intelligence to Umbrella and enforce it globally in minutes. Additionally, you can query our threat intelligence using the Cisco Umbrella Investigate API and enrich security event data in your SIEM or other systems.
Take a few minutes to experience our 14-day trial of UmbrellaStart your free trial