Cisco Umbrella

DNS-Layer BDM

Name
Title
January 2023
Today’s new reality

Change leads to gaps in visibility and protection

• Apps, data (and more!) move to cloud
• Networks transform with SD-WAN
• Move to direct internet access
• More WFH workforce and users using personal
devices to access company information
• Complex, hard to manage security
Attackers aren’t sitting idly by...

© 2023 Cisco and/or its affiliates. All rights reserved. 2

Threats drive costly breaches

88% $9.44M
Average cost of data breach (in the USA)
Between 2020 and 2021, the number of
malicious web application requests
climbed, more than doubling the year-
over-year growth

Source: Statista 2022

© 2023 Cisco and/or its affiliates. All rights reserved. 3

Globally small business is under attack

61%
Of small businesses
62%
Of small business
experienced a cyber attack experienced a data breach

SMBs face same challenges as larger businesses

Source: Verizon 2022

© 2023 Cisco and/or its affiliates. All rights reserved. 4

287 days to contain a breach
Late detection
High impact

Early detection
Low impact
Industry average

212 days + 75 days

Detection time for Time to contain a
a breach breach

Time

Source: Blumira and IBM 2022

© 2023 Cisco and/or its affiliates. All rights reserved. 5

SMB security challenges

FUD (fear, uncertainty, doubt

43% of cyberattacks are aimed at small
businesses, but only 14% are prepared
to defend themselves

Vulnerable
Only 14% of SMBs rate their security
as ‘highly effective’

Knowledge
56% lack of resources and expertise

Source: The State of SMB Cyber Security in 2019 | ESG Market Dynamics Impacting Remote and Roaming User Security

© 2023 Cisco and/or its affiliates. All rights reserved. 6

The foundation for your security program

Why?
• Useful
• Cost-effective
• Simple to deploy
DNS security is an integral • Improves detection and
component of any holistic response times
security program

© 2023 Cisco and/or its affiliates. All rights reserved. 7

 DNS security is critical

“DNS traffic is another critical dataset to analyze. Yet,

most businesses do not have visibility into the billions
of DNS lookups and resolutions that occur daily on a
global basis.”
Christina Richmond
Managed DNS Security Services
Principal Analyst, ESG

© 2023 Cisco and/or its affiliates. All rights reserved. 8

Why is DNS useful for security?

‣ First step in connecting to the internet Internet

‣ Precedes file execution

and IP connection

‣ Used by nearly all devices Cisco.com 72.163.4.161

© 2023 Cisco and/or its affiliates. All rights reserved. 9

 Cisco Umbrella
Deploys in minutes
Learn See Block
Intelligence to see attacks Visibility to protect Stop threats before
before they launch access everywhere connections are made

© 2023 Cisco and/or its affiliates. All rights reserved. 10

Why Umbrella DNS-layer security Internet/
SaaS

Protect users everywhere in minutes

• Block domains associated with malware,
phishing, command and control callbacks
anywhere
< 5%
• Stop threats at the earliest point and contain
malware if already inside
• Accelerate threat response with an integrated Safe Blocked
security platform requests requests
Umbrella
• Amazing user experience — faster internet
access; only proxy risky domains

SD-WAN ON/OFF NETWORK DEVICES

© 2023 Cisco and/or its affiliates. All rights reserved. 11

Cisco Umbrella

Cisco Umbrella

Secure
DNS-layer Cloud-delivered Cloud access
web
security firewall (w/ IPS) security broker
gateway
SecureX
Integrated security
Interactive Data Cloud platform
Remote browser
threat Isolation loss malware
intelligence prevention detection

‣ Visit our website to learn more

www.umbrella.cisco.com/products
SD-WAN ON/OFF NETWORK DEVICES
Meraki MX
Viptela

© 2023 Cisco and/or its affiliates. All rights reserved. 12

 How Umbrella Helps: A Deeper Look

• DNS Security:  Cloud Access Security Broker (CASB):

• Precedes IP connection and file download – stops the threat before it hits
network / endpoint
• Blocks millions of malicious domains associated with phishing, crypto-mining,
malware, and other types of internet threats 
• Significantly reduces false positives that use valuable SOC resources
Secure Web Gateway (SWG):
• Anti-virus and advanced malware protection
• Decryption and sandboxing  Data Loss Prevention (DLP):
• Granular content and app activity controls
• Visibility into cloud apps in use
• App categorization, risk scoring, and blocking
• Tenant and specific activity controls for popular SaaS apps
Remote Browser Isolation (RBI):
• Isolate web traffic between user device and browser-based threats
• Extra layer of protection that allows users to safely access risky sites
• Gain visibility and control over sensitive data leaving the organization

CDFW with IPS: Cloud Malware Detection:

• Layer 3 / 4 non-web traffic protection • Combine advanced sandboxing with threat intelligence into one unified solution
• Layer 7 non-web application visibility and control to protect organizations from malware

Predictive Intelligence: Cloud-Delivered and Roaming Protection:

• Stop new and emerging threats with insight into new infrastructure and • Secure all devices, locations, and users, even when off the VPN
connections to malicious groups, sites, files • Integration with Cisco Secure Client to provide an easy on-ramp to deep
protection from any unmanaged and managed iOS and Android device

© 2023 Cisco and/or its affiliates. All rights reserved. 13

How Umbrella Helps Malware
Secure users everywhere, on and off C2 Callbacks
the network Phishing
Cryptomining

Protect anywhere with integrations and

stand-alone clients:
• Roaming client for Windows, Mac, and
Google Chromebook 
• Always-on security with Cisco Secure
Client (formerly Cisco Secure
Mobility Client) integration
• Cisco Secure Connector for iOS app

© 2023 Cisco and/or its affiliates. All rights reserved.

• Umbrella Android client 14
Cisco Talos: the largest threat intelligence organization
on the planet
‣ 400+ full-time threat researchers and
We see more so you can block
data scientists
more and respond faster to
threats.
‣ 2 billion malware samples analyzed
daily

‣ 200+ new vulnerabilities discovered

each year

‣ 620 billion daily Internet requests from

24,000+ customers
© 2023 Cisco and/or its affiliates. All rights reserved. 15
Statistical and machine learning models

Massive & diverse data Security researchers Models

• >620B requests per day • Industry renown researchers
• Over 24K enterprise customers • Build models that can
automatically classify and
• From 190+ countries score domains and IPs
• Dozens of models
continuously analyze millions
of live events per second
• Automatically uncover
malware, ransomware,
and other threats

© 2023 Cisco and/or its affiliates. All rights reserved. 16

Enterprise-wide coverage in minutes
On-network coverage
• With one setting change
• Integrated with Cisco SD-WAN, Cisco ISR
1K and 4K series, Cisco Meraki MR and MX, and
Cisco WLAN controllers 
Off-network laptop coverage
• With Cisco Secure Client (formerly AnyConnect)
client integration
• Or with any VPN using lightweight Umbrella client

Any device Roaming / Branch • Or with Umbrella Chromebook client

on network mobile offices
Off-network mobile coverage (managed and
unmanaged devices)
• Cisco Security Connector (CSC for iOS)
• Cisco Umbrella Android Module
© 2023 Cisco and/or its affiliates. All rights reserved. 17
Umbrella Protection on Unmanaged Devices

• Deploy Cisco Umbrella on any

unmanaged, personal iOS and Android
devices
• Ideal for users who don’t want outside
management on their mobile devices but
still want to use their personal phone to
access corporate information
• As of April 2022, >
60% of online fraud occurs through mobile
devices
• No MDM license required
• Read the blog

© 2023 Cisco and/or its affiliates. All rights reserved. 18

 Two Distinct
Umbrella DNS Packages

© 2023 Cisco and/or its affiliates. All rights reserved. 19

 Overview
Cisco
Public

Cisco Umbrella: DNS Security Essentials

Simplifying security for any size business
77% of respondents saw value after deploying Cisco Umbrella within 1 week 1
The leader in DNS-layer security
 
Cisco Umbrella delivers the most secure, reliable, and fastest Internet experience to more than 100 million business and consumer users daily. As the leader in security, Umbrella provides
protection for Internet access across all devices, on and off the corporate network, and in all locations, enabling users to connect with confidence. We’ve built a reputation on easy
deployment and powerful protection anywhere users access the Internet.
 
Umbrella is a cloud-delivered security service built into the foundation of the internet. It enforces security at the DNS-layer and blocks requests to malicious domains before a connection is
even established — stopping threats over any port or protocol before they reach your network or endpoints. It also includes Umbrella’s APIs, log exporting, and identity-based policies,
enabling seamless integration with other security solutions. Cisco Umbrella DNS Security Essentials includes SecureX, a cloud-native, built-in platform experience that connects our Cisco
Secure portfolio with your infrastructure. It is integrated and open for simplicity, unified in one location for visibility, and maximizes operational efficiency with automated workflows.
 
Easily enforce content web filtering
 
With Umbrella, you can effectively manage your user’s Internet access using over 85+ category-based content filters. It’s simple to create custom allow/block lists, and block domains with
unwanted content. Umbrella gives you control over which sites can be accessed by your users.
 
Improve performance
 
Umbrella has a highly resilient cloud infrastructure that boasts 99.9% uptime since 2006. Using Anycast routing, our 39+ data centers across the globe are available using the same single
IP address, so your requests are transparently sent to the nearest, fastest data center and failover is automatic. Umbrella peers with more than 1000 of the world’s top Internet service
providers (ISPs), content delivery networks (CDNs) and SaaS platforms to deliver superior speed and user satisfaction.

1. https://www.techvalidate.com/app/placements/117939/chart
© 2023 Cisco and/or its affiliates. All rights reserved. 20
© 2023 Cisco and/or its affiliates. All rights reserved.
 Overview
Cisco Public

Cisco Umbrella: DNS Security Advantage

Work anywhere, secure everywhere
The leader in DNS-layer security
Cisco Umbrella delivers the most secure, reliable, and fastest internet experience to more than 100 million business and
consumer users daily.
 
As the leader in security, Cisco Umbrella DNS Security Advantage provides protection for Internet access across all
devices, on and off the corporate network, and in all locations, enabling users to connect with confidence.
 
DNS Security Advantage allows customers get web inspection with our Selective Web Proxy, which analyzes risky
domains at the URLs and file level to determine if they should be blocked or not, thereby removing performance
impacts felt by traditional proxies. The Selective Web Proxy was built using a microservices architecture that
automatically scales for better performance. Users can check files attempted to be downloaded from risky sites
against antivirus engines and Secure Endpoint file reputation services.
Also included is Cisco Investigate where users get interactive access to all of Umbrella’s
threat intel to help with incident investigations and response. Investigate is a great
research tool that integrates with APIs to other security products (including Splunk,
QRadar) to get a better understanding of threats. It is great for customers with their own
Security Operations Center (SOC) team or Digital Forensics and Incident Response
(DFIR).

© 2023 Cisco and/or its affiliates. All rights reserved.

© 2023 Cisco and/or its affiliates. All rights reserved. 21
Umbrella Investigate (only available on DNS Security Advantage)
Rich threat intelligence for fast triage

• Gain deeper visibility into threats with the

most complete view of the internet Umbrella Investigate

• Speed up incident investigations and

Domains, IPs, ASNs, file hashes
response
Domains, IPs, ASNs, file hashes
• Discover and predict malicious API
domains and IPs
• Enrich data and alerts across your security
infrastructure with global intelligence

SecureX Investigate console SIEM, TIP

© 2023 Cisco and/or its affiliates. All rights reserved. 22

Large, global footprint

39+
data centers
worldwide

© 2023 Cisco and/or its affiliates. All rights reserved. 23

Reliable, fast global network
YVR DFW
208.67.222.222 208.67.222.222

99.9
%
business uptime
Anycast automatically re-
routes to next fastest
since 2006 available

© 2023 Cisco and/or its affiliates. All rights reserved. 24

Proven. Trusted. Results.

89%
said Umbrella helped reduce
malware infections

77%
saw value after deploying Cisco Umbrella
within 1 week
Sources: TechValidate of Cisco Umbrella customers

© 2023 Cisco and/or its affiliates. All rights reserved. 25

What sets Umbrella apart from competitors

Broadest coverage of Fastest and most reliable Easiest connect-to-cloud

malicious destinations and cloud infrastructure deployment
files

Most open platform for Most predictive intelligence

integration to stop threats earlier

© 2023 Cisco and/or its affiliates. All rights reserved. 26

 Case study
Texas A&M University
Highlights:
• Cut security alerts by 50%
• Shortened investigation time
• Extended protections to 183,500 users
“Umbrella was just really unbelievable across 11 campuses and nine state
at how easy it was to put in place and how government agencies using Cisco
Umbrella
effective it was. When we saw immediate
numbers starting to happen, that excites
me.”  
Danny Miller
CISO, Texas A&M University System

© 2023 Cisco and/or its affiliates. All rights reserved. 27

“Before, researching an IP or domain took an average
of 20 minutes and required multitasking with several
resources. With Cisco Umbrella Investigate, we have
a single place to go and can do the research in about
30 seconds.”
Global Financial Services Company
Senior Director, Cyber Security

© 2023 Cisco and/or its affiliates. All rights reserved. 28

Next steps

‣ Schedule demo
Click here
Cisco Umbrella
Protect users everywhere in minutes
‣ Sign up for free trial*
Click here

‣ Request a quote
Click here

*DNS-layer only

© 2023 Cisco and/or its affiliates. All rights reserved. 29

Questions?