Convert threat analysis & intelligence into global threat prevention.
Take faster action on newly discovered malicious domains by leveraging a turn-key integration between Cisco and Umbrella. Through security automation, dwell time is reduced from hours or days to only minutes. And by gaining Internet-wide visibility in real-time, you will discover more compromised systems.
Every minute, Cisco AMP Threat Grid discovers new malicious domains from every file you and others submit. These domains are the destination of command & control (C2) callbacks from compromised systems. And C2 callbacks are used to exfiltrate data to the attacker’s botnet infrastructure. So we can protect against breaches by simply taking action on this threat intelligence. But we let it lie dormant in Threat Grid because manually configuring appliance- and agent-based threat defenses is slow and impossible to keep up with. By leveraging our integration, malicious domains that have a very high Threat Grid confidence score and pass Umbrella’s false positive filters will be automatically added to our DNS-based service—Umbrella. Hours of data entry are gone!
In real-time, Umbrella will identify compromised systems based on any Internet activity destined to malicious Threat Grid domains. Response teams will know which malicious domains and files to further investigate based on “critical” (CEO’s laptop) vs. “minor” (public kiosk) systems compromised by “severe” (>90 score, APT) vs. “minor” ( malware.
DNS is used by every device on your network, so Umbrella protects any device. DNS precedes Web or non-Web C2 callbacks, so Umbrella logs or blocks Internet activity, including data exfiltration, over any port or protocol. And using lightweight and transparent clients to forward DNS, Umbrella protects compromised Windows or Mac-based systems on or off the corporate network.
Simply point DNS to our global network and paste your Threat Grid API key into Umbrella’s interface. The set up takes only minutes and the experience is transparent to your networks, devices, and users. Together, Cisco and Umbrella’s cloud-delivered, API-based services enforce security everywhere.