bashincajun Posted November 21, 2018 Share Posted November 21, 2018 Anyone ever use Cisco umbrella? Do you find the features useful? I like the layout and the ease of use for my multiple sites but not a big fan of the price. Link to comment Share on other sites More sharing options...
nmshades Posted March 6, 2019 Share Posted March 6, 2019 yes I use it with the fire amp endpoint and untangle routers at each site I manage for clients. yes it is a bit on cost but it integrates well and it runs on any thing windwos, droid, apple, thanks Link to comment Share on other sites More sharing options...
jonahd Posted October 28, 2019 Share Posted October 28, 2019 We use Cisco Umbrella and AMP and CES. All work fantastic Link to comment Share on other sites More sharing options...
heliman Posted July 26, 2020 Share Posted July 26, 2020 I am curious what kind of latency / bandwidth overhead you are seeing with Umbrella. We are evaluating Umbrella as our current solution, BlueCoat, is introducing a lot of overhead in the SSL connection. Thanks Link to comment Share on other sites More sharing options...
davefor Posted March 13, 2022 Share Posted March 13, 2022 On 7/26/2020 at 10:00 AM, heliman said: I am curious what kind of latency / bandwidth overhead you are seeing with Umbrella. We are evaluating Umbrella as our current solution, BlueCoat, is introducing a lot of overhead in the SSL connection. Thanks This is a really interesting question, and one of the key use cases for Umbrella. I work with (link redacted) a lot so I am happy to elaborate on this. The base Cisco Umbrella service has no performance impact, because it is not a full proxy service. Standard protection is provided for DNS lookups based on Cisco threat intelligence including Cisco Talos as well as other sources and third parties. Higher tier packages of the Cisco Umbrella service offer the 'Intelligent Proxy'. This essentially means that, only where a URL or file is deemed to be unknown or risky, it is then put through further analysis such as AV engines - AMP - threat grid. This means that the majority of traffic does not have any deep inspection which keeps performance impacts low. Further, with regards to SSL, SSL decryption within Cisco Umbrella is only used to investigate URLs and files within those SSL-encrypted destinations. Nothing else. So again, we are seeing visibility of malicious threats behind SSL without the privacy and performance concerns of 'full' in-line SSL decryption. Finally, certain devices with the Cisco Umbrella roaming client are also able to enjoy IP-layer enforcement, meaning that known malicious IP addresses on the Cisco Talos threat database are blocked from client devices and not just malicious DNS destinations. Hope this helps - feel free to PM me if you would like more information. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.