At the core of what enables Umbrella to stop advanced threats that no one else can is our ability to enforce security at the DNS layer. Browsers will not connect to malicious websites and malware will not connect to command & control servers because Umbrella will never return a malicious IP. Our intelligence on every domain and IP enables us to predict and prevent threats before they happen. But we know you don’t want us resolving every DNS request. On-premises servers or some sites have internal domain names that you want to resolve using your DNS servers. Our endpoint footprint is smart enough to know where to forward different DNS requests.
Basic DNS (circa 1980s) lacks detailed context for who or what originated a request. Plus, DNS lacks privacy for man-in-the-middle attacks. We’re using RFC-compliant extension mechanisms for DNS (aka. EDNS) to address your security needs. Using EDNS, we can embed unique device identifiers into each request. This identifier enables us to enforce the right policy for the right device no matter where it’s located. We’re also the first recursive DNS service to secure the “last mile” of DNS traffic between you and the ISP. Just as SSL turns HTTP web traffic into HTTPS, Umbrella turns regular DNS into encrypted DNS traffic. Possible eavesdropping is mitigated without any changes to domain names or how they work.