Cisco Umbrella uses big data analytics and machine learning to automate protection against known and emergent threats.
Other security players build reputation systems and behavioral analysis sandboxes to detect “unknown” threats, so we are often asked, “What makes your threat intelligence solution different?” First, we built a global network that is integrated at the internet’s underlying DNS and BGP layers. It’s capable of acquiring live data from any device and network, over any port, protocol or app — so even advanced threats cannot hide. It also sees which IP networks are associated with one another — so we can learn how threats are related. Second, our global network handles more than 100B DNS requests daily from a diverse user base — a cross-section large enough to identify global patterns in security activity. Third, we analyze this massive, diverse data set using statistical and machine learning models to uncover where attacks are staged on the internet instead of waiting until an attack targets a customer.
Just as nations maintain surveillance over their adversaries, Umbrella monitors usage of the Internet. Every second, we acquire over two million malicious and non-malicious internet events. We automatically link the events to known threats. And correlate the events with associated DNS infrastructures and IP networks. Most importantly, we do this continuously, so we see new relationships forming between domains, IPs and attackers’ infrastructures before an emergent threat happens.
For example, one algorithm we pioneered analyzes the frequency at which domains co-occur seconds apart from one another. We surface this intelligence in our Investigate user interface to enable customers to investigate future attacks.
Our threat intelligence powers our cloud security platform — Cisco Umbrella. Our service provides threat protection like no other because it knows which DNS infrastructures and IP networks will distribute malware, control botnets, or phish login credentials — before your organization is attacked. And the same benefit of having a global network capable of acquiring data over any internet connection, means that most advanced threats cannot route around Umbrella.
In addition to threat protection, our intelligence makes our service faster and easier to use. Our intelligent proxy provides deeper inspection at the URL-level only for risky domains that need deeper inspection.
Similar to Amazon learning from shoppers’ purchase patterns to make suggestions, or Pandora learning from music listening patterns to play songs, Umbrella is always learning from new internet events to prevent advanced attacks. Unlike static reputation systems, our statistical and machine learning models are always classifying and adapting to live activity. And unlike reactive sandboxes, we do not need to collect a sample of an attack. We built a security research team that is comprised of data scientists, infrastructure engineers, and threat researchers with an unconventional focus. Rather than reverse engineering malware, they focus on building machine learning systems that can automatically classify and score domains and IPs.
Take a few minutes to experience our 14-day trial of Umbrella