One of the most challenging hurdles to implementing new security infrastructure in any organisation is integrating it into your existing IT environment. You need to examine your existing security systems and network infrastructure, design how it will fit into the new platform, and then manage the change process for deployment and hope it all goes well. That’s why I am such a big fan of Cisco Umbrella.
Implementing Cisco Umbrella involves simply changing the Domain Name System (DNS) servers your organisation uses to lookup internet requests to Cisco Umbrella’s DNS servers. Being a cloud-delivered security solution, there is very little to configure or install internally. But don’t think that provides a lacking solution.
With 65 million daily users from over 160 countries, Cisco’s global network handles more than 100 Billion DNS requests daily from a diverse user base. This massive and diverse dataset allows Cisco access to insights like no other security company.
Cisco umbrella applies statistical models to the dataset to discover patterns and detect anomalies. It can also predict where future attacks might appear by identifying related domains and IPs that are associated with malware.
It also uses WHOIS data to determine malicious domains registered with the same contact information to categorise and score possible threats based on their association with known bad domains and IP’s. Cisco Umbrella then blocks access to these sites by intercepting the DNS query response to “protect all”. However, one of the best features is that it also can be applied to your remote devices.
It really does get an organisation up and running with another very thorough layer of security that requires minimal effort. This video provides a great high level overview on the solution.
If you don’t have Cisco Umbrella running in your organisation already, you should really consider Cisco’s risk free trial, which will have you up and running in a couple of minutes.