Jump to content

Cisco Umbrella

Recommended Posts

  • 3 months later...
  • 7 months later...
  • 8 months later...
  • 1 year later...
On 7/26/2020 at 10:00 AM, heliman said:

I am curious what kind of latency / bandwidth overhead you are seeing with Umbrella.  We are evaluating Umbrella as our current solution, BlueCoat, is introducing a lot of overhead in the SSL connection.



This is a really interesting question, and one of the key use cases for Umbrella. I work with (link redacted) a lot so I am happy to elaborate on this.

The base Cisco Umbrella service has no performance impact, because it is not a full proxy service. Standard protection is provided for DNS lookups based on Cisco threat intelligence including Cisco Talos as well as other sources and third parties. 

Higher tier packages of the Cisco Umbrella service offer the 'Intelligent Proxy'. This essentially means that, only where a URL or file is deemed to be unknown or risky, it is then put through further analysis such as AV engines - AMP - threat grid.

This means that the majority of traffic does not have any deep inspection which keeps performance impacts low.

Further, with regards to SSL, SSL decryption within Cisco Umbrella is only used to investigate URLs and files within those SSL-encrypted destinations. Nothing else. So again, we are seeing visibility of malicious threats behind SSL without the privacy and performance concerns of 'full' in-line SSL decryption.

Finally, certain devices with the Cisco Umbrella roaming client are also able to enjoy IP-layer enforcement, meaning that known malicious IP addresses on the Cisco Talos threat database are blocked from client devices and not just malicious DNS destinations.

Hope this helps - feel free to PM me if you would like more information.

Edited by Mr-Protocol
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Create New...