The domain name system (DNS) is a foundational component of the internet — mapping names to IP addresses. When you click a link or type a URL, a DNS request initiates the process of connecting any device to the internet. For our cloud security platform, we use DNS as just one way to make connecting to the cloud not only simple and fast, but also secure.
We process billions of DNS requests from millions of users every day. Not only do we have data center locations around the world, but more importantly, we peer with the top internet service providers (ISPs) and content delivery networks (CDNs) to shorten the routes between every network in the world and our data centers — making your internet access even faster.
We scale to support tens of thousands of concurrent enterprises and block millions of concurrent threats. In fact, we enforce 7 million unique malicious destinations at any given time. No appliance could scale to deliver this same efficacy.
When you connect to a cloud security platform, performance is critical. It cannot break or slow down your internet connection. To ensure reliability, we use Anycast routing— every data center announces the same IP address so that requests are transparently sent to the fastest available with automated failover. With Umbrella, you’ll never experience downtime for maintenance and you don’t need static routes to a primary and backup datacenters.
Umbrella won’t add latency compared to your current provider. In fact, many customers see a boost in internet speed. Our peering partnerships with ISPs and CDNs provide shortcuts between every network. And Umbrella stores the responses to 80 million users’ daily requests, and for most safe destinations, responds back immediately.
Do you use DNS or DHCP servers in your network? Just add 188.8.131.52 in one of the settings, and every device on that network is protected. What about laptops connecting off network? If you use Cisco AnyConnect, simply enable the Umbrella roaming security module for protection anywhere — even when the VPN is off. If not, we have an agent that works with any VPN — proven in over a million deployments. And by performing everything in the cloud, there is no hardware to install, and no software to manually update.
To start, Umbrella determines which customer the internet request belongs to, and which policy to enforce. Next, we determine if the destination — domain request and IP response — is (A) malicious, unwanted, or blacklisted; (B) safe or whitelisted; or (C) risky, meaning it hosts both malicious and safe content.
For type A destinations, we route the connection to a block page. For B, we route the connection as normal. And for C, we route the connection through our cloud-based proxy for deeper inspection. All requests are logged globally and immediately visible for your security teams to take action.
Traditionally, blocking web content at the URL level requires proxying all connections — which adds complexity and negatively impacts performance. With Umbrella, safe connections are allowed and malicious requests are blocked at the DNS-layer. Only requests to risky domains, which contain both malicious and legitimate content, are routed for deeper URL and file inspection. With Umbrella’s intelligent proxy, users don’t experience any slow or broken internet access.
One fear that IT has with the cloud is a loss of customization and control. Umbrella is an open platform that integrates with your in-house tools and third party solutions. Using our API, you can send local intelligence to Umbrella and enforce it globally in minutes. Additionally, you can query our threat intelligence using the Cisco Umbrella Investigate API and enrich security event data in your SIEM or other systems.
Take a few minutes to experience our 14-day trial of Umbrella