Cisco · Software · YoctoIT tech page

Umbrella

DNS-layer security: the first defense against phishing and malware — activates in an hour, protects everywhere.

FOCUS · THE SIMPLEST DEFENSEThe DNS that says no: the malicious request blocked before the connection
YoctoIT material for clients and partners · Cisco, Meraki, Splunk, Duo and the other products mentioned are trademarks of Cisco Systems, Inc. o di sue affiliate.
01 · What it is

Cisco Umbrella, made clear.

Every attack begins with a DNS resolution: Umbrella intercepts it — the phishing domain, the malware's command&control, the compromised site get blocked BEFORE the connection exists. It activates by pointing the DNS, protects on and off site, and with the SIG part adds proxy, CASB and cloud firewall.

1 ora
the basic activation time: you change the DNS, you're protected
Pre-connessione
the block happens before contact: the malware doesn't download
Ovunque
on site and on the move: the laptop protected even at the café
Cisco Umbrella
OFFICIAL CISCO BRANDING · UMBRELLA
CONSOLE REALE · UMBRELLA DASHBOARD · FONTE: CISCO
REAL CONSOLE · UMBRELLA DASHBOARD · SOURCE: CISCO
02 · How to use it well

The things that make the difference.

The first filter

Users, sites, roaminganyone resolving a name
DNS security
Web proxy (SIG)
CASB & DLP
the filter · the inspection · the SaaS control
Policies per groupwho can go where
Talos intelligencethe reputation that decides
The threat stopped at the name

A true quick win

DNS protection active within the day: security's best result/effort ratio.

Policies per context

Departments, schedules and categories: the filter that respects the work and blocks the risk.

Roaming module

Mobile users inside the policy: security follows the laptop.

Toward SASE

Umbrella as the first step: proxy and CASB get added when needed.

03 · In depth

SSE from the DNS up: how it protects

Umbrella starts from the DNS (the first signal of almost every attack: the malicious request dies before the connection) and climbs: secure web gateway with TLS inspection, CASB for the SaaS discovered and governed, inline DLP, cloud firewall and ZTNA for private access; the feeds are Talos, the global PoPs keep the latency low; the client (Secure Client) or the site DNS cover users everywhere.

  • DNS-layer — the block at the first request: the malware stopped before the download
  • SWG — the cloud proxy with TLS inspection: the web filtered by category and risk
  • CASB — the shadow IT discovered: who uses what, with what risk
  • DLP inline — the sensitive data stopped on the way out: GDPR on the traffic
  • ZTNA — access to the private apps without a full-tunnel VPN
  • Talos — the global telemetry behind every verdict
04 · Numbers and lifecycle

The numbers that matter.

620Mld
the DNS requests analyzed per day
min
the rollout: you change the DNS and you're protected
30+
the PoPs: the latency you don't feel
1
one client for VPN, ZTNA and security: Secure Client
SSE is adopted in layers: DNS right away, then SWG and ZTNA — the roadmap we design, the value arrives from day one.
05 · Use cases

Where it really pays off.

Basic anti-phishing

The wrong click that doesn't become an incident.

Branches without appliances

The small site protected from the cloud.

Remote working

The same protection, wherever you work.

The best security is the one that's REALLY active: Umbrella starts today — literally.