Cisco Umbrella is a cloud-based secure gateway that
helps protect and defend against threats that arise on the
Internet. Cisco Umbrella is the first line of defense for
users who may be trying to connect to the Internet from
anywhere. A device trying to connect to the Internet
needs a DNS (Domain Name System) lookup to translate
the name of the site or the service to the IP address that
it needs to connect to.
Cisco Umbrella processes billions of DNS requests per
day, analyzing and learning about various activities and
blocking requests to unwanted and malicious
destinations before a connection is even established.
Cisco Umbrella incorporates the following security
services in its offering, regardless of where the user is
located:
It blocks malware, ransomware, and phishing attempts from malicious
or fraudulent sites.
It can be integrated with Cisco AMP and other antivirus engines.
It maintains content categories and custom-defined whitelists and
blacklists to comply with any organization policy.Understanding Umbrella
Cisco Umbrella processes DNS requests received from
users or devices on the networks. It not only works on
HTTP or HTTPS but supports other protocols as well.
Let’s look at a simple flow using the network shown in
Figure 11-2. Say that a user wants to access a site and
makes a request to the site. This results in a DNS request
being sent to Cisco Umbrella. The following steps occur:
Step 1. Umbrella analyzes the DNS request to check
whether the domain is malicious or safe.