As the industry’s leading Secure Internet Gateway, Cisco Umbrella provides the first line of defense against threats on the Internet wherever users go. Leveraging their global infrastructure, which resolves over 120 billion Internet requests a day, Umbrella is able to see where imminent attacks are being staged. It also delivers complete visibility into Internet activity across all locations, devices and users, and blocks threats before they ever reach your network or endpoints. Additionally, Umbrella is an open platform and integrates easily with your existing security stack and delivers live threat intelligence about current and emerging threats. By analyzing and learning from Internet activity patterns, Umbrella automatically uncovers attacker infrastructure staged for attacks, and proactively blocks requests to malicious destinations before a connection is even established — without adding any latency for users.
With Umbrella, you can stop phishing and malware infections earlier, identify already infected devices faster and prevent data exfiltration.
Provides threat analysts with detailed and historical indicator data
Deep visibility into traffic both on and off network
Helps security teams respond appropriately when investigating a threat
INTEGRATION USE CASES
Add malicious domains curated by the ThreatQ platform to Umbrella domain lists for blocking
Use Umbrella’s passive DNS data to query a domain or IP address’ historical record
Use Umbrella Investigate’s integration with Cisco Threat Grid to uncover file hashes associated with malware campaigns and build out a full view of an attacker’s Internet infrastructure
Pull in domain tags, security scores and other metadata associated with domains and IP addresses
Automatically send IP Addresses, FQDNs and URLs to critical infrastructure for blocking.