Cisco Umbrella – What is it?
I’ve just been introduced to Cisco Umbrella now even though I’ve heard the name before, I haven’t actually tried it yet until now. Umbrella comes from the OpenDNS Business purchase that Cisco did a while back, and is essentially a service to secure traffic trough proxying DNS requests. So in essence it is to setup clients to use the public Umbrella DNS servers which are 18.104.22.168 & 22.214.171.124 where we have a set of policies which define what end-users are allowed to access or not.
So when you access your favorite website or newspaper online or such your computer will do 20+ DNS requests where their are different 3.party ads or other content which needs to be rendered inside the browser session which you don’t actually see. What if one of these domains actually contain malware or some form of bitcoin mining JS code? That is kind of hard to know, there has of course been traditional ways to handle and securing web traffic which has been using a forward web proxy where all traffic is forwareded trough a network appliance, but this doesn’t scale to that degree and has some implications for remote workers. This might also place a bottleneck on your proxy since all layer 7 traffic is tunneled trough it. Umbrella works on a smart level since it only checks the DNS requests a client has and makes sure that the domain does not fall into a category that is blocked in a policy. If there is a domain that Umbrella finds suspicious it will do a more in-depth analytics of the content it provides.
Umbrella can either be deployed using Umbrella virtual appliance utilized as conditional DNS forwarders on your network, Virtual Appliances record the internal IP address information of DNS requests for usage in Reports, also the VA provide more granular control.
Read the entire article here, Cisco Umbrella–What is it? | Marius Sandbu
Via Marius Sandbu.