VIDEO
HIGHLIGHT
Log InSign up
Secure Internet Gateway: Your Next Generation Protection (Umbrella SIG)
SummaryTranscriptChat

Secure Internet Gateway: Your Next Generation Protection (Umbrella SIG)

Introduction to the Cisco Umbrella Hands-On Course

Welcome and Housekeeping

  • The session begins with a welcome message from Aspire Technology Partners, emphasizing the importance of maximizing insights during the presentation.
  • Attendees are informed that they will be muted throughout the webinar, which is being recorded for later access via email and on their website.

About Aspire Technology Partners

  • Aspire Technology Partners is headquartered in Eatontown, New Jersey, with additional operations in Mount Laurel, White Plains, and Albany.
  • The company focuses on business transformation through digital solutions and offers managed services to support IT teams.

Cisco Umbrella Overview

Introduction to Cisco Umbrella

  • Michael O'Connell introduces himself as a Security Solutions Architect at Aspire and outlines the agenda for the session.
  • Key topics include digital transformation, Cisco Umbrella background, licensing features introduced in 2020 and 2021, and a live demo showcasing new network features.

Features of Cisco Umbrella

  • Cisco Umbrella originated from OpenDNS; some installation files still reference this legacy name humorously.
  • Acquired by Cisco to enhance security against ransomware and malware threats; it now includes advanced features like Secure Internet Gateway (SIG).

Secure Internet Gateway (SIG)

Importance of SIG

  • SIG serves as a secure connection point to the internet for corporate devices regardless of location—home or branch office.
  • It allows organizations to manage device security continuously while adapting to hybrid workplace models post-COVID.

Cybersecurity Challenges

  • Cybersecurity teams face increasing challenges due to rising cyber threats; examples include ransomware attacks on critical infrastructure.
  • Cisco Umbrella provides data protection not only for corporate users but also for remote employees and branch offices.

Licensing Model of Cisco Umbrella

Overview of Licensing Options

  • The baseline licensing model is DNS Security Essentials, which protects users from threats at the DNS level across corporate networks.

Understanding Cisco's Secure Internet Gateway Essentials

Overview of DNS Security and Proxies

  • Discusses the importance of DNS security in protecting corporate infrastructures from malicious attacks that bypass DNS by targeting IP addresses directly.
  • Highlights the use of proxies to modify access to risky domains, ensuring that potentially harmful sites are not accessed within the infrastructure.
  • Introduces the concept of a secure web gateway, which allows for URL file inspections and malware scans using Cisco AMP (Advanced Malware Protection).

Features of Secure Internet Gateway Essentials

  • Explains how SIG Essentials provides web filtering capabilities based on domain URL categorization and utilizes Cisco Threat Grid for analyzing suspicious files in a cloud sandbox environment.
  • Describes the hybrid firewall functionality offered by SIG Essentials, eliminating the need for physical firewalls at every location, especially beneficial for remote users or small branch offices.

Advanced Policy Controls

  • Details how policies can be created with granular controls to prevent uploads of corporate assets to public sites like Dropbox when employees work remotely.
  • Emphasizes that SIG Essentials introduces advanced feature sets compared to previous models, enhancing security measures significantly since 2020.

Migration and Integration Options

  • Clarifies options for migrating existing Umbrella services to include SIG features, providing flexibility in adding new protections for remote users.
  • Mentions that current Umbrella users can transition smoothly into utilizing SIG essentials without losing their existing functionalities.

Dashboard and User Interface Insights

  • Previews an upcoming demo showcasing the dashboard architecture of Cisco Umbrella, noting familiar elements alongside new features related to SIG.
  • Describes how network traffic is visualized within the dashboard, allowing users to monitor requests, blocks, and security events effectively.

Firewall Functionality and Session Management

  • Discusses additional firewall services integrated into Cisco Umbrella under SIG essentials, including session management metrics such as total sessions and blocks over time.

Cisco Umbrella: Enhancing Security for Remote Offices

Overview of Cisco Umbrella Capabilities

  • Cisco Umbrella can be utilized to protect remote offices and branch locations by connecting directly to its infrastructure, allowing for effective security management.
  • The platform provides visibility into various security categories, including malware events, phishing attempts, command and control (CNC) activities, and cryptocurrency mining threats.
  • Organizations must ensure protection of assets accessed remotely, especially if employees are not required to use VPNs. Lack of visibility at endpoints is a significant security risk that needs addressing.

Detailed Security Insights

  • Users can drill down into specific security requests based on destination, identity, or type. This granularity allows for detailed analysis of user activity and potential threats.
  • Administrators have the ability to analyze blocked requests from Cisco Umbrella and modify policies as needed for specific users who may require access to restricted sites like YouTube.

Deployment Strategies

  • To implement Cisco Umbrella effectively, organizations need to point their DNS settings to a Cisco Umbrella instance. This involves obtaining an organization ID.
  • For remote users, options include installing the Umbrella roaming client or integrating it with existing VPN solutions like Cisco AnyConnect.

Client Installation Options

  • Clients can be downloaded for Windows or macOS systems. These clients provide comprehensive protection across all layers of the umbrella service.
  • Organizations can deploy these clients through corporate push methods such as Group Policy Objects (GPO), System Center Configuration Manager (SCCM), or third-party deployment tools.

Network Tunnel Configurations

  • If using Cisco Umbrella without network tunnels currently available in your setup (e.g., DNS Essentials), transitioning to SIG Essentials will enable tunnel configurations.
  • Creating network tunnels allows organizations to maintain centralized control over firewall policies and web filtering even in environments with limited resources or outdated hardware.

How to Configure Cisco Umbrella for Secure Remote Access

Setting Up the Tunnel

  • To identify an umbrella, you need a unique set of credentials. Start by filling in the details, naming it "test tunnel," and using a standard Cisco passphrase before saving.
  • Upon saving, another tunnel is automatically created. This includes traffic routes and generates configuration details for remote devices.

Configuring DNS Policies

  • Review the generated configuration and apply it to your ISR (Integrated Services Router). The ISR will route DNS or firewall rules through Cisco Umbrella integration.
  • You can pre-provision users from Active Directory for web policies, allowing restrictions on social media or shopping sites during business hours.

Managing Web Security Policies

  • Cisco introduced policies to manage DNS, firewall, and web security effectively. Creating a DNS policy allows control over log levels, block pages, URLs, IP addresses, and site categorization.
  • Geographic restrictions can be implemented to prevent access to locations where the organization has no business presence.

Testing Policies Effectively

  • A policy tester feature allows testing without impacting users. You can select an identity and test access to various websites like Facebook or Google directly within the dashboard.

Firewall Policy Management

  • The firewall policy section enables management of intrusion protection systems and network threats with a single pane of glass interface.
  • Firewall rules are applied sequentially from top down; default rules at the bottom ensure flexibility in quickly opening specific ports or applications as needed.

Customizing Web Policies

  • Web policies consist of variable underlying rules that help secure internet destinations based on geographic locations or time-based browsing permissions.
  • Custom block pages can be created to guide users on how to contact support if they encounter blocked content.

Data Loss Prevention Strategies

Cisco Umbrella Overview and Features

Data Loss Prevention and Monitoring

  • Cisco Umbrella allows users to browse social media or access Dropbox while providing visibility into uploads through data loss prevention (DLP) policies.
  • The roaming client or AnyConnect module enables hidden monitoring of endpoints, allowing proactive management of DLP, firewall policies, and web filtering without user awareness.

Policy Management

  • The dashboard includes policy components that correlate with management policies, enabling the creation of destination lists for blocking or allowing specific sites.
  • Users can quickly modify DNS policies to allow access to sites like YouTube, which is beneficial for organizations such as marketing firms.

Integration with SecureX

  • Cisco's SecureX integration provides a single pane of glass solution for managing various Cisco platforms like AMP and Umbrella Insights.
  • API keys are required for SecureX integration; these can be generated in the administration section to facilitate communication between legacy devices and the SecureX dashboard.

Reporting and Visibility

  • All reporting from Umbrella can be sent to SecureX, offering a comprehensive overview of network security across different platforms.

Q&A Session Highlights

Deployment Questions

  • Cisco SIG can be deployed from any IOS-based router, establishing a direct tunnel to the corporate Umbrella dashboard.

Remote Device Management

  • Umbrella provides visibility into remote devices under roaming clients regardless of their location (home, Starbucks, etc.), ensuring comprehensive monitoring without needing direct access.

Troubleshooting Capabilities

  • Users can troubleshoot SIG tunnels directly from the dashboard. Accessing both ends of the tunnel is recommended for effective debugging.

Subscription Structure

  • The subscription model varies by version; lower versions are based on user count while higher levels use IP count. Detailed information is available upon request.

Ease of Deployment

Setting Up DLP and CASB Features

Overview of Setup Process

  • Discussion revolves around the simplicity of setting up Data Loss Prevention (DLP) or Cloud Access Security Broker (CASB) features.
  • The speaker emphasizes the importance of establishing a baseline for umbrella services, indicating a foundational step in the setup process.
  • Mention of collaboration with "bro" suggests teamwork is involved in configuring these features effectively.
  • The speaker expresses gratitude towards Mike, indicating a supportive environment during the setup discussion.
Video description

Umbrella has matured into a mission-critical enterprise solution because of how it supports modern business needs and a mobile remote workforce. Listen in to learn about the application and benefits of Umbrella - Secure Internet Gateway (SIG) as we review: Digital transformation: the third era of enterprise IT Cisco Umbrella SIG updates SIG Benefits and Features Cisco Umbrella Licensing – How it Works How Umbrella supports your Managed Detection & Response (MDR) Cisco Umbrella Demo