In todays’ world, users are able to work from anywhere across the globe and this includes remote, home, or while on travel. Cisco Umbrella secures your apps, data, and users wherever they are.
Cisco Umbrella is a cloud-delivered security platform that leverages DNS as the first point of inspection to provide the first line of defense against threats on the internet wherever users go. Cisco Umbrella is deployed enterprise-wide in minutes and gives your corporate IT team the threat intelligence and context they need to block threats before they become attacks.
Some for its feature include:
- See and block threats
- Reduce alerts and gain context into high-priority threats
- Deploy in minutes to protect all devices and locations
- Integration within your network and existing security portfolio
For the remainder of this post, I will provide an overview of the service while covering some of its features. As a customer of this service, you can manage the settings from the web using this link and then logging in with your credentials using the interface below.
Moving forward, I have blocked out certain parts of the various images to avoid including any sensitive information.
After a successful login, you’re presented with the Cisco Umbrella Overview page. Along the left-hand side, options to choose from include Overview, Deployments, Policies, Reporting, and Admin. For this post, we focus our attention to the Policies page.
On the Policies page, IT administrators can adjust the policies to meet the requirements of their respective organization and this includes Security, Content, and Applications. Additionally, websites can be whitelisted (permitted) or blacklisted (blocked) under Destination Lists permitted the Cisco Umbrella client is installed on the corporate workstation (Windows or Mac).
The Security settings page allows the IT administrator to customize each of the settings listed below. They include Malware, Newly Seen Domains, Command and Control Callbacks, Phishing Attacks, Dynamic DNS, Potentially Harmful Domains, DNS Tunneling VPN, and Cryptomining. Each category includes a definition and the settings are enabled or disabled using the Edit button, meaning none of the settings for any of the categories can be modified any further at this point.
Next is the Contents page. Access to sites will be based on category with High being the most restrictive (essentially blocking most suspicious sites) and Low (only blocking pornograpgy). Most organizations will use the Custom option so they can specify the categories they choose because some sites may be considered suspicious when in fact they could be legitimate. Using the Custom options provide more granular control over the settings and categories.
Application settings permits IT administrators to block or permit applications for users in your organizations that have the Cisco Umbrella client installed on their workstations. To give you an example, you can block games like Steam on corporate devices.
Moving forward and the following settings are the most heavily used on a daily basis are the Destination Lists, which permit IT administrators to Whitelist (permit) or Blacklist (deny) websites from being accessed or not.
If a website is deemed safe and used for business related reasons, it can be whitelisted (permitted). This can be done by selecting Edit under Destination Lists, then select Global Allow list, and finally Edit List. Enter the domain to whitelist, click Add, and then Save.
If a website is deemed unsafe and should not be used for business related reasons, it can be blacklisted (blocked). This can be done by selecting Edit under Destination Lists, then select Global Block list, and finally Edit List. Enter the domain to blacklist, click Add, and then Save.
I hope you find this post useful and informative. I welcome any feedback and my next Cisco Umbrella related post will include a step-by-step guide on how to install the client on a client workstation.