Cisco's Umbrella Protects Against Threats Raining Down from the Cloud
Cisco Umbrella's ease of deployment combined with openness and analytics should make it appealing to a large number of organizations.
The cloud is now a way of life. It's possible for many users to spend their entire day using cloud applications. Email, social networking, expense management, CRM systems, file sharing applications, the Microsoft Office suite, unified communications, and anything else a worker might need on the daily is available from the cloud. It's not just the number of cloud services in the market that has grown, but also the use of them. Many organizations I've interviewed have told me that cloud usage has doubled in the past two or three years, making it easily the fastest growing part of IT today.
Why is cloud adoption so strong? The answer is that it fits our workforce better than traditional, on-premises applications. What I mean by that is that when workers were in the office at a fixed location, static applications were fine. But workers are now more distributed and work from everywhere, and cloud-based services are much easier to deliver to a mobile workforce so it's the delivery model that suits workers best.
While it's said that every cloud has a silver lining, however, they also have dark and stormy ones as the cloud introduces new security risks. Hackers are smart and savvy and have started targeting users with phishing links and other types of malware that can come through the browser, email, or the connection to the Internet. Why beat your head trying to break through a state-of-the-art, next-generation firewall when it's easier to just target the user?
Security teams tell me that they do extensive training in their organizations to protect against user initiated threats but I always provide this cautionary point – its not the technical, power-user types that need protecting; it's the tech illiterates who believe that email that says the Nigerian Prince needs their help to bring $300 million into the country. Remember, the dumbest person in every company uses a wide range of cloud services.
Also, I understand businesses spend tens of billions of dollars in aggregate every year on network security to enable them to catch things before they get to the user. But what happens when the worker isn't on the company network? That stuff doesn't do much good if the cloud apps are being accessed directly, bypassing corporate security. The answer then would obviously be VPNs but the majority of workers now skip launching the VPN client. The big threat is the diligent employee that goes on vacation and, in an effort to stay caught up with work, sneaks off to an Internet café and connects to the "FREE WIFI" network, which might be owned by some cyber criminal who then drops malware onto the laptop, then infecting the company when the employee comes into the office.
Solving the Problem
So if more network security, VPNs and training doesn't solve the problem, what will? The answer is Cisco's Security Internet Gateway, Umbrella. The product is actually the coming together of the following Cisco products: OpenDNS, Cisco Web Security, Advanced Malware Protection (AMP) and ThreatGrid Sandboxing.
User-based security is typically too complicated for the average run of the mill employee to deal with. Umbrella re-defines simplicity -- the security team just needs to signup and point the DNS to 188.8.131.52. Once that's done, every cloud session will be secured by Umbrella.
The product also enforces inline and analyzes data offline. At the DNS layer, it sees the domain requested and the IP address response. Umbrella can also see direct connections at the IP layer. The statistical models in Umbrella combined with Talos threat intelligence and partner feeds enforce over 7 million known malicious domains and IP addresses.
Umbrella can also be used in conjunction with CloudLock, Cisco's CASB solution, to help control shadow IT (see, "Cisco to Lend Hand in Locking Cloud Down"). Umbrella can be used to identify all the cloud apps in a company, including the ones procured by individual lines of business. IT can then investigate them and revoke access for risky or inappropriate apps. For example, perhaps the company has standardized on Cisco Spark for Team Messaging, but one group decides to use a solution with no security. Umbrella's enforcement API and CloudLock can add that domain to prevent further usage, and IT can go to that line of business with a preferred solution.
Umbrella is available in three packages with increasing capabilities -- Professional, Insights, and Platform. Over time I can see Cisco adding more functionality, such as app visibility from its AppDynamics acquisition (see, "Cisco Grabs AppDynamics to Deepen Insight Delivery").
Every one at Cisco, including CEO Chuck Robbins, has articulated how important security is to the company's growth prospects. Its traditional product protected from the inside of the network out. Umbrella is a great compliment, as it works from the outside in. The ease of deployment combined with openness and analytics should make it appealing to a large number of organizations.
Learn more about cloud communications trends and technologies at Enterprise Connect 2017, March 27 to 30, in Orlando, Fla. View the Cloud Communications track, and register now using the code NOJITTER to receive $300 off an Entire Event pass or a free Expo Plus pass.