Cisco Cloud Security: Cisco Umbrella (Open DNS)

Today I am going to talk about one of the other acquisition done by Cisco and that acquisition is Open DNS. Now Cisco changes its name to Cisco Umbrella and indeed it is one of the best acquisition by cisco in terms of the cloud based recursive DNS security.

Before I started with the Cisco Umbrella or so called Open DNS, I would like to tell you guys that we have our own youtube channel for various network videos that can further help you guys to study further. 

What is Open DNS or Cisco Umbrella ?

Open DNS or so called Cisco Umbrella is a cloud security platform that provides the first line of defense against threats on the Internet wherever users go. By analyzing and learning from Internet activity patterns, Umbrella automatically uncovers attacker infrastructure staged for current and emerging threats. It also proactively blocks malicious requests before they reach a customer’s network or endpoints. 

Fig 1.1- Cisco Umbrella- A recursive DNS with Security

With Umbrella, you prevent devices from connecting to malicious sites in the first place, before a malware file is downloaded or an IP connection is even established. You can also stop phishing and malware infections earlier, identify already infected devices faster.

What is the purpose of Cisco Umbrella (Open DNS) ?

Cisco Umbrella's function is to Gathering intelligence on advanced attacks that target your network is vital, but you need a way to easily enforce that intelligence. Umbrella blocks new threats beyond the network perimeter—everywhere your employees work. Because Umbrella is built into the foundation of the Internet and delivered from the cloud, it provides complete visibility into Internet activity across all locations and users.

Through integration partnerships, Umbrella extends and enforces the local intelligence from your existing security stack to protect your employees, whether they’re working on or off the corporate network. Most security integrations involve custom development and many hours of professional services. Not with Umbrella. In minutes, your local intelligence about malicious domains is extended to protect users beyond your perimeter.

Fig 1.2- DNS internet Queries with VA appliance

What are the benefits of Cisco Umbrella ?

Umbrella blocks connections to malicious destinations at the DNS and IP layers. More than 7 million malicious destinations are enforced at any given time at the DNS layer—without adding any latency. Using Cisco Talos web reputation and other third party feeds, Umbrella blocks malicious URLs at the HTTP/S layer. Using anti-virus engines and AMP file reputation, Umbrella blocks attempts to download files from risky sites. AMP analyses more than 1.1 million malware samples daily, providing a massive repository in the cloud for Umbrella to check against.

Umbrella resolves over 100 billion DNS requests every day and correlates this data with over 11 billion historical events. Using a combination of machine learning and human intelligence, this data is analyzed to identify patterns, detect anomalies, and create statistical models to automatically uncover attacker infrastructure being staged for the next threat.

Deployment on the network is as simple as changing a configuration on your DNS or DHCP servers to point external DNS requests to the Umbrella global network IP addresses. Protect every device that comes into your network, including unmanaged and Internet of Things (IoT) devices. Off-network protection for laptops is simple too—either deploy a lightweight client that redirects external DNS requests to Umbrella or use our integration with Cisco Any Connect Agent.

Features of Cisco Umbrella

• View activity for top identities (devices, networks, others), destinations (domains, IPs, among others), and categories
• Compare global versus local traffic
• View usage of all cloud services across the organization, including email, file sharing, SaaS services
• Direct Internet activity to Umbrella global network IP address from any DNS server, router, gateway, or Wi-Fi access point
• Customers of the Cisco AnyConnect Mobility Client can enable Umbrella protection with no new agent required
• Lightweight client for Windows and Mac computers that enables Umbrella security and policy-based protection to be enforced regardless of network
• Technical partnership with network device providers (commonly routers) that enable customers to provision Umbrella security for all Internet traffic by checking a box in the device interface
• Integrated with Cisco 4000 Series ISRs  and Cisco Wireless LAN Controllers

Cisco Umbrella Packages

• Cisco Umbrella Professional
• Cisco Umbrella Insights 
• Cisco Umbrella Platform
• Cisco Umbrella Branch
• Cisco Umbrella Roaming
• Cisco Umbrella WLAN