Up-level cybersecurity with Cisco Umbrella SIG
The Cisco Umbrella Secure Internet Gateway (SIG) Essentials package offers proven security functionality through a broad set of features that would normally be sold individually — namely, a cloud-delivered firewall, DNS-layer security, a secure web gateway (SWG), a cloud access security broker (CASB), and advanced threat intelligence.
By combining all these into a single cloud-delivered service and dashboard, Cisco Umbrella SIG delivers the advanced protection modern organizations need — with less effort and fewer resources required.
New challenges with decentralized networks
Today’s hybridized working environment, paired with other factors such as high cloud application usage, has facilitated a shift for security teams. With these shifts, centralized security policy enforcement diminishes, and the risk of successful cyberthreats increases. Many organizations use separate points solutions to handle these escalating threats, but this approach can be difficult to integrate and manage.
This is where SASE – secure access service edge – can be a game-changer. SASE is the convergence of several disparate security technologies into a single cloud-delivered platform, simplifying deployment and management of threat prevention.
Top three reasons companies look for a SIG product
Major components of Umbrella
By enforcing security at the DNS and IP layers, Umbrella blocks requests to malicious and unwanted destinations before a connection is even established — stopping threats over any port or protocol before they reach your network or endpoints.
- The visibility needed to protect internet access across all network devices, office locations, and roaming users
- Detailed reporting for DNS activity by type of security threat or web content and the action taken
- Ability to retain logs of all activity as long as needed
- Fast rollout to thousands of locations and users to provide immediate return on investment
This level of protection is enough for some locations and users, yet others need additional visibility and control to meet compliance regulations and further reduce risk.
Secure web gateway (full proxy)
Umbrella includes a cloud-based full proxy that can log and inspect all of your web traffic for greater transparency, control, and protection. IPsec tunnels, PAC files and proxy chaining can be used to forward traffic for full visibility, URL and application-level controls, and advanced threat protection.
- Content filtering by category or specific URLs to block destinations that violate policies or compliance regulations
- The ability to efficiently scan all uploaded and downloaded files for malware and other threats using the Cisco Secure Endpoint (formerly Cisco AMP) engine and third-party resources
- Cisco Secure Malware Analytics (formerly Threat Grid) rapidly analyzes suspicious files (unlimited samples)
- File type blocking (e.g., block download of .exe files)
- Full or selective SSL decryption to further protect your organization from hidden attacks and time-consuming infections
- Granular app controls to block specific user activities in select apps (e.g., file uploads to Dropbox, attachments to Gmail, post/shares on Facebook)
- Detailed reporting with full URL addresses, network identity, allow or block actions, plus the external IP address
Data loss prevention (DLP)
Cisco Umbrella data loss prevention analyzes sensitive data in-line to provide visibility and control over sensitive data leaving your organization.
- Easy enablement as part of Umbrella secure web gateway
- 80+ built-in content classifiers including PII, PCI, and PHI
- Customizable built-in content classifiers with threshold and proximity to tune and reduce false positives
- User-defined dictionaries with custom phrases (such as project code names)
- Detection and reporting on sensitive data usage and drill-down reports to help identify misuse
- Inspection of cloud app and web traffic content and enforcement of data policies
Cloud-delivered firewall (CDFW)
The Umbrella cloud-delivered firewall provides visibility and control for traffic that originated from requests going to the internet, across all ports and protocols.
- Deployment, management and reporting through the Umbrella single, unified dashboard
- Customizable policies (IP, port, protocol, application and IPS policies)
- Layer 3 / 4 firewall to log all activity and block unwanted traffic using IP, port, and protocol rules
- Layer 7 application visibility and control to identify thousands of applications and block/allow them
- Intrusion prevention system (IPS)* to examine network traffic flows and prevent vulnerability exploits with an added layer of threat prevention using SNORT 3 technology and signature-based detection.
- Detection and blocking of vulnerability exploitation
Cloud access security broker (CASB)
Umbrella helps expose shadow IT by detecting and reporting on cloud applications in use across your environment. Insights can help manage cloud adoption, reduce risk and block the use of offensive or inappropriate cloud applications.
- Reports on vendor category, application name, and volume of activity for each discovered app
- App details and risk information such as web reputation score, financial viability, and relevant compliance certifications
- Cloud malware detection to detect and remove malware from cloud-based file storage applications and ensure that applications remain malware-free.
- Ability to block/allow specific apps
- Tenant restrictions to control the instance(s) of SaaS applications that all users or specific groups/individuals can access
Remote browser isolation (RBI)
Available as an optional add-on
By isolating web traffic from the user device and the threat, Umbrella remote browser isolation (RBI) delivers an extra layer of protection to the Umbrella secure web gateway so that users can safely access risky websites.
- Isolation of web traffic between user device and browser-based threats
- No performance impact on end users
- Protection from zero-day threats
- Granular controls for different risk profiles
- Rapid deployment without changing existing browser configuration
- On-demand scale to easily protect additional users on all devices, browsers, and operating systems
SIG Essentials and SASE
SIG Essentials delivers a simple, secure, and scalable approach to SASE. With this package, you can effectively reduce complexity, cut risk exposure, and improve network performance — all with a single cloud-delivered service.
SIG Essentials and SD-WAN
SIG Essentials can be seamlessly integrated within your existing SD-WAN implementation to deliver a unique combination of performance, security, and flexibility. It makes life easier for your cybersecurity team while delighting your customers.
Cisco Umbrella SIG Essentials: Key features
- Block domains associated with phishing, malware, botnets, and ransomware
- Identify compromised systems using real-time security activity reports
- Prevent web and non-web callbacks from compromised systems
- Enable web filtering using over 85 domain categories
- Create customized block and allow lists
Consolidate your security stack
With the lack of centralized workforces and the explosion of SaaS usage, organizations are looking for solutions that can scale to an evolving workplace. These shifts have diminished the enforcement of centralized security policies, leading to increased risk of successful attacks.
Cisco Umbrella SIG Essentials can keep your organization protected from bad actors while requiring fewer resources in doing so.
The Cisco Umbrella SIG Essentials package
The Cisco Umbrella SIG Essentials package offers a broad set of security functions that would previously require separate firewall, web gateway, threat intelligence, and cloud access security broker (CASB) solutions. By combining these functionalities into a single cloud-delivered service and dashboard, Umbrella provides higher security efficacy with less effort and fewer resources.
More than 100 million global users are establishing secure and reliable internet connections every day, powered by Cisco Umbrella. In fact, post-deployment, 78% of customers see value in a week or less, and over half of customers reduced malware by 50% or higher.
Ready to get started?