Among the many security challenges that organizations face is having an always-on security approach. It’s a challenge that Cisco is aiming to solve with new enhanced capabilities in its Umbrella platform that is now being positioned as a Secure Internet Gateway (SIG) technology.
The Umbrella technology comes from OpenDNS, which is a company Cisco acquired for $635 million in 2015. The core premise behind OpenDNS is that by routing internet traffic through the company’s DNS platform, organizations can get a faster and safer internet experience. In addition to DNS services, OpenDNS developed cloud-based malware protection, which was first given the Umbrella brand name in November 2012.
Cisco is now expanding the Umbrella service with new capabilities drawn from across the Cisco security portfolio.
“We’ve taken the core OpenDNS Umbrella technology and added some of the core Cisco security technologies and rewritten them as microservices for a cloud architecture,” Brian Roddy, Senior Director, Cloud Security at Cisco, told eWEEK. Prior the Cisco acquisition, Roddy was the Executive Vice-President of Engineering and Operations at OpenDNS.
As opposed to needing a physical appliance or an endpoint client, the way Umbrella works is a user only needs to point their network, or endpoint device’s, DNS settings to use Cisco’s service. Organizations that are already using Cisco’s AnyConnect secure mobile client can now use the enhanced Umbrella service as well.
“We have a very easy to deploy approach that we’ve enhanced with rich web security including AMP (Advanced Malware Protection),” Roddy said.
The AMP capabilities originally came to Cisco as part of the $2.7 billion acquisition of SourceFire in 2013. In February 2014, Cisco expanded the availability of AMP across Cisco’s hardware devices, providing advanced capabilities to detect, analyze and isolate potentially malicious files.
Cisco Umbrella users now also benefit from Cisco’s Talos threat intelligence research group to help identify and block new classes of threats and malicious web addresses.
Another core element that is being added to Umbrella is integration with Cloudlock. Cisco acquired Cloudlock for $294 million in June 2016, bringing with it Cloud Access Security Broker (CASB) capabilities. CASB technology provides access control for Software-as-a-Service (SaaS) applications as well as protections to limit the risk of sensitive data leakage.
Roddy explained that the backend cloud architecture that Cisco is using to enable the enhanced Umbrella platform is built with container microservices that run multiple security services in parallel. The system is highly-available and fault-tolerant, enabling security to be enforced as traffic is routed through the platform.
Looking forward, Roddy said that there are more features on the roadmap that Cisco is planning on bringing to the Umbrella Secure Internet Gateway in the months to come.
“We’re spending a lot of time thinking about how we can re-imagine application visibility and control,” Roddy said.