Cisco Blogs
Share

Introducing Cisco Umbrella, the industry’s first Secure Internet Gateway in the cloud


February 9, 2017 - 6 Comments

If your job is anything like mine, you find yourself using a wide range of SaaS-based applications. Today alone, I found myself using Salesforce.com, WebEx, Workday, Spark, Office 365, Box, JIRA, Trello, SmartSheets, and Google Docs. And I’m not even counting some of the things I use for fun: Spotify, Netflix, and Instagram. Every company is dealing with the implications of all of these applications being moved to the cloud. And this is on top of the massive shift towards mobility and BYOD that IT has already been working to address.

This is a huge challenge. Sometimes users are connected to the VPN when they’re working on the road, but more frequently they aren’t. In fact, 82% of workers admit to not always using the VPN. Plus, many branch offices are now connecting directly to the internet instead of backhauling traffic to headquarters — 70% of branch offices have some level of direct internet access.

And that means most companies are between a rock and a hard place. On one hand, you want to move to the cloud, but you recognize the visibility gaps and new attack surfaces it creates. If your employees don’t use the VPN, then they’re left with very little protection. Let’s face it, one of the reasons your security team is overwhelmed with malware and ransomware is due to what happens when your employees are off the corporate network

But what about your Secure Web Gateway (SWG)? Originally designed for bandwidth and access controls, they’ve been repurposed to help with threat protection. And while they may appear to accomplish this — they often do so in an ineffective and inelegant way. They’re complex to deploy, requiring agents or PAC files to be installed in order to get protection.  You’d be hard pressed to find a admin who loves their SWG.  They constantly create problems around latency and capacity.  Even the cloud versions of SWG carry over the complexity and maintenance burdens of traditional proxies. The SWG is not enough to properly secure your users in this mobile, cloud-era.

To address these challenges and provide effective protection for users everywhere, we set out to reimagine how security is delivered. For us, it wasn’t about taking the old technology and just sticking it into the cloud. We knew the approach of yesterday wouldn’t solve the challenges of today. We wanted to create a new layer of defense — protecting users whether they’re on and off the corporate network. We want it to be easy to deploy, be highly effective, minimize latency, support world-wide installations and support the open architectures that have made SaaS so effective.

Think of this new category as a Secure Internet Gateway (SIG). A SIG is a secure onramp to the internet. Wherever users go, even when they are off the VPN, this cloud-delivered internet gateway provides safe and secure access. As internet requests are made, a SIG acts as the first line of defense and inspection. For more details about the key capabilities of a SIG, check out our whitepaper.

Today, we’re announcing the industry’s first SIG in the cloud, Cisco Umbrella. Umbrella was built upon the OpenDNS platform, a platform that has been delivered from the cloud since its inception. Then we integrated technology from across the Cisco security portfolio, including capabilities from the Cloud Web Security proxy, and the Advanced Malware Protection (AMP) file inspection. These technologies haven’t just been stitched together, but re-engineered to be delivered within Umbrella, so that they’re easy to use and able to deliver even more effective security.

For more details on new features in Cisco Umbrella, check out our product blog or product webpage — umbrella.cisco.com. And stay tuned for more — there are additional security capabilities that we’ll be bringing to our cloud platform in the coming quarters.

In an effort to keep conversations fresh, Cisco Blogs closes comments after 60 days. Please visit the Cisco Blogs hub page for the latest content.

6 Comments

  1. Awesome! This will be one of the most effective and scalable security platforms in the cloud for years to come. Well done, Team Cisco!

  2. I am confused. Isn't the previous scan safe the first SIG in the cloud offered by Cisco? And in third party report like Forrester, it has already mentioned similar offerings. How can Umbrella be in the first one in the industry?

    • ScanSafe (now Cisco Cloud Web Security) is a secure web gateway. The secure internet gateway (SIG) is a new product category forming. One major difference is that a SIG protects against threats over all ports and protocols (not just web ports 80/443). Check out our white paper for more details and differences: http://cs.co/SIGwhitepaper

  3. Good information on the new product and the threats it attempts to counter. We need to make sure our partner's (suppliers) IT departments are monitoring their employees use of non VPN usage.

  4. Cisco amazes me with its kind of structure... Learning and growth... Not reusing but re-engineering(was there code re-using? ;-) ... This is awesome... More the reason why I study cisco courses.

  5. Congratulations Brain and team for launching innovative Cisco Umbrella product!!!