Skip to main content


Applications and data are everywhere. How protected are you?

CIO at a Gartner Event: "We used to have 2000 staff in two buildings we needed to secure, now we have 2002 locations that we need to secure.”

In a modern business environment, people interface with applications more often than with people, and performance expectations are high.

People are more reliant on applications and digital services to increase productivity and manage their businesses.

46% of organizations feel that half their revenue will be influenced by digital in 2020. The value of digital transformation for both society and industry could reach $100 trillion by 2025.

Source: ZDNet / The value of digital transformation for both society

Source: World Economic Forum

The evolving application landscape creates complexity, and data is being created everywhere.

A simple and intuitive experience often hides a complex architecture that enables an application’s experience.

  • Applications are evolving
    • Refactoring and cloud-native need modern architectures and capabilities
    • ML, AI, and analytics place new demands
  • Developers demand multicloud flexibility

    • Unprecedented application development speed and scale
    • IT complexity driven by inconsistent buying options
  • Workloads are more distributed
    • Require flexible placement, increased performance, and enhanced monitoring
    • Increased attack surfaces and blind spots

Cyber criminals are exploiting undefended gaps in security.

Traditional cyber threat protection strategies are out of step with the expanding perimeter and evolving threat landscape.

Security teams are spending 76% of their time defending the data center—the old perimeter.

Meanwhile, 81% of breaches are via weak or stolen passwords. 86% of malware is via web or email. Attackers are targeting the weakest links: the users and applications—the new perimeter.

It takes an average of 191 days for businesses to detect a security breach.

Source: /2017 Data Breach Investigations Report (DBIR),/Verizon

Only Cisco and our Ecosystem can deliver an agile yet secure infrastructure for today’s digital business…

…with a proven validated design that works together seamlessly, reducing operational overhead while providing agility to provision applications quickly and securely, regardless of data center location—public, private, or both (hybrid).

Cisco Umbrella at a glance.

In the past, desktops, business apps, and critical infrastructure were all located behind the firewall. Today, more and more is happening off-network. More roaming users. More corporate-owned laptops accessing the internet from other networks. More cloud apps, mean that users don’t need to be on the corporate network to get work done. And more branch offices connecting directly to the internet.

By 2021, Gartner predicts the average company will have 25% of its corporate data traffic bypassing the network perimeter. When a user is off-network, they are more vulnerable and the organization lacks visibility and protection. If you rely on perimeter security alone, you’re not fully protected. These gaps open the door for malware, ransomware, and other attacks.

The first line of defense

As a Secure Internet Gateway, Cisco Umbrella provides the first line of defense against threats on the internet wherever users go. Umbrella delivers complete visibility into internet activity across all locations, devices, and users, and blocks threats before they ever reach your network or endpoints. As a cloud-delivered, open platform, Umbrella integrates easily with your existing security stack and delivers live threat intelligence about current and emerging threats.

By analyzing and learning from internet activity patterns, Umbrella automatically uncovers attacker infrastructure staged for attacks, and proactively blocks requests to malicious destinations before a connection is even established — without adding any latency for users.

With Umbrella, you can stop phishing and malware infections earlier, identify already infected devices faster, and prevent data exfiltration.

Enforcement built into the foundation of the internet

The Domain Name System (DNS) is a foundational component of the internet — mapping domain names to IP addresses. When you click a link or type a URL, a DNS request initiates the process of connecting any device to the internet. Umbrella uses DNS as one of the main mechanisms to get traffic to our cloud platform, and then uses it to enforce security, too.

When Umbrella receives a DNS request, it uses intelligence to determine if the request is safe, malicious or risky — meaning the domain contains both malicious and legitimate content. Safe and malicious requests are routed as usual or blocked, respectively. Risky requests are routed to our cloud-based proxy for deeper inspection. The Umbrella proxy uses Cisco Talos web reputation and other third-party feeds to determine if a URL is malicious. Our proxy also inspects files attempted to be downloaded from those risky sites using anti-virus (AV) engines and Cisco Advanced Malware Protection (AMP). And, based on the outcome of this inspection, the connection is allowed or blocked.

Intelligence to stop attacks before they launch

The Umbrella global network, which is the network that our recursive DNS service is built on, resolves billions of internet requests from millions of users around the world every day. We analyze this massive amount of data to detect patterns and uncover attacker infrastructure.

We ingest all of that internet activity data from our global network in real-time into our massive graph database, and then continuously run statistical and machine learning models against it. This information is also constantly analyzed by the Umbrella security researchers and supplemented with intelligence from Cisco Talos. Using this combination of human intelligence and machine learning we identify malicious sites — whether it’s domains, IPs,
or URLs — all across the Internet.

Plays nice with others

Umbrella integrates with your existing security stack including security appliances, intelligence platforms, and cloud access security broker (CASB) controls. Umbrella can push log data about internet activity to your SIEM or log management systems, and using our enforcement API, you can programmatically send malicious domains to Umbrella for blocking. This allows you to amplify existing investments, and easily extend protection everywhere.

Enterprise-wide deployment in minutes

Umbrella is the fastest and easiest way to protect all of your users in minutes. Because it is delivered from the cloud, there is no hardware to install or software to manually update. You can provision all on-network devices — including BYOD and IoT — in minutes and use your existing Cisco footprint — AnyConnect, Integrated Services Router (ISR) 1K and 4K Series, and Wireless LAN Controller 5520 and 8540 — to quickly provision thousands of network egresses and roaming laptops. Additionally, with the Cisco Security Connector app, you can use the Umbrella extension to protect supervised iOS 11 devices

Next steps

Talk to a Cisco sales representative or partner about how Cisco Umbrella can help to protect your mobile, cloud-connected organization from advanced threats. Visit for a free 14 day trial of Umbrella. If your organization has 1000+ users, you’re qualified for the Umbrella Security Report, which provides a detailed post-trial analysis.

Subscribe to
ROCTEL's Tech Digest

Every month we craft our Tech Digest, for our nearly 10,000 VIP subscribers, from all over and across industries. Don’t worry it's not all about us, but about what we find interesting in global business; security and services that we believe might add value to our valued reader. So why not subscribe -- it's free and we only send it out once a month.

Let's talk

We would love to hear from you!