By 2021, Gartner predicts the average company will have 25% of its corporate data traffic bypassing the network perimeter. 25 percent! So, a quarter of the time, enterprise users will be opening themselves (and the business) to serious risk, meaning the traditional approach of “secure the perimeter” is likely to fail, opening the door for malware, ransomware and other malicious attacks.
So, what is an IT professional to do to get a good night’s sleep? Well, it’s time to think beyond the perimeter...
Expanding Security to the Great Outdoors
So, how do you protect your mobile workforce from anywhere they access the Internet? Let’s talk Cisco Umbrella.
Cisco Umbrella is a cloud-based gateway, based on technology from OpenDNS and other acquisitions (i.e., CloudLock), as well as existing Cisco security services that together secure business access to resources outside the perimeter, even when users are not using a VPN. As a Secure Internet Gateway, Umbrella provides the first line of defense against threats on the Internet wherever users go. The key comes down to visibility into any activity in all locations and on all user devices, and blocks threats before they ever reach the corporate network.
But how does it work?
When a user clicks a link or types a URL, a DNS request is initiated which maps domain names to IP addresses, and that begins the process of connecting a device to the Internet. Using this process, Umbrella uses intelligence to determine if the request is safe, malicious or risky. Safe requests are routed on, and malicious requests are blocked. If there’s a questionable request, it is routed to a cloud-based proxy for deeper inspection to see if it’s malicious. Attempted file downloads from those questionable sites are also examined using anti-virus engines and Cisco Advanced Malware Protection (AMP). Once it’s determined to be safe or malicious, the connection is allowed or blocked.
Another cool Umbrella feature is that because it’s constantly analyzing Internet activity and resolving billions of requests from around the world, which it then stores in a massive database, it’s also learning as it goes. This means it can proactively block requests to destinations it’s already learned are malicious, keeping users safe from phishing and malware infections before it happens, which means IT can sleep knowing their users afar are protected.
But, any experienced IT professional is going to ask, does Umbrella integrate with my existing security tools? Yep! Integration with your existing security stack (i.e., security appliances, intelligence platforms and cloud access security broker controls) is part of the solution. Log data regarding Internet activity is pushed to your SIEM or log management systems via an API, enabling Umbrella to block malicious domains as an extension of your current security tools.
Next question any IT professional is going to ask: How complex is it to set up? Since Umbrella’s delivered via the cloud, there is no hardware to install or update, and provisioning is done in minutes on all on-network devices (including BYOD and IoT), and you can use your existing Cisco footprint — AnyConnect, Integrated Services Router (ISR) 4K Series, and Wireless LAN Controller 5520 and 8540 — to quickly provision thousands of network egresses and roaming laptops.
So, if you’re looking for a solution that will keep your users safe outside the perimeter in the big, scary world of malicious sites, consider what Umbrella can do for you. You can’t control everyone on the outside, but you can sleep better knowing that they’re protected, and in turn, so are you.