Cisco Umbrella provides the first line of defense against threats on the internet. Umbrella delivers complete visibility into internet activity across all locations, devices, and users, and blocks threats before they ever reach your network or endpoints.
By analyzing and learning from internet activity patterns, Umbrella automatically uncovers attacker infrastructure staged for attacks, and proactively blocks requests to malicious destinations before a connection is even established — without adding any latency for users.
Enforcement built into the foundation of the internet
The Domain Name System (DNS) is a foundational component of the internet — mapping domain names to IP addresses. When you click a link or type a URL, a DNS request initiates the process of connecting any device to the internet. Umbrella uses DNS as one of the main mechanisms to get traffic to our cloud platform, and then uses it to enforce security, too.
When Umbrella receives a DNS request, it uses intelligence to determine if the request is safe, malicious or risky — meaning the domain contains both malicious and legitimate content. Safe and malicious requests are routed as usual or blocked, respectively.
Intelligence to stop attacks before they launch
The Umbrella global network, which is the network that Cisco recursive DNS service is built on, resolves billions of internet requests from millions of users around the world every day. Cisco analyze this massive amount of data to detect patterns and uncover attacker infrastructure.
Cisco ingest all of that internet activity data from its global network in real-time into its massive graph database, and then continuously run statistical and machine learning models against it. This information is also constantly analyzed by the Umbrella security researchers and supplemented with intelligence from Cisco Talos. Using this combination of human intelligence and machine learning Cisco identify malicious sites — whether it’s domains or URLs — all across the Internet.
- Visibility and protection
- Intelligence to uncover attacks earlier
- Simple deployment and management
- Open platform for integration
- Fast and reliable cloud infrastructure