Manager PreSales & Support

First line of defense for threats on the internet

Jens Schneider

Cisco Umbrella

AgendaChallenges

Introducing Cisco Umbrella

Customers

Next steps

Challenges

Workplace

desktops

Business

apps

Critical

infrastructure

How IT was built Internet

Business appsSalesforce, Office 365,

G Suite, etc.

Branch office

Critical infrastructureAmazon, Rackspace,

Windows Azure, etc.

Roaming laptops

Workplace

desktops

Business

apps

Critical

infrastructure

InternetThe way we work has changed

Users and apps have adopted the cloud

49% of the workforce

is mobile

82%admit to not

using the VPN

70%increase in

SaaS usage

70% of branch offices

have DIA

Security controls

must shift to the cloud

, security must too

Your security challenges

Malware and

ransomware

Gaps in visibility

and coverage

Cloud apps

and shadow IT

Difficult to

manage security

DNS

It all starts with DNS

DNS = Domain Name System

• First step in connecting to the internet

• Precedes file execution and IP connection

• Used by all devices

• Port agnostic

Umbrella

Cisco.com 72.163.4.161

DNS

Overview

Authoritative DNS

Owns and publishes the “phone books”

Domain registrar

Maps and records names to #s in “phone books”

Recursive DNS

Looks up and remembers the #s for each name

Remote

sites

Enterprise

location BInternal Windows

DNS server

Enterprise

location CInternal BIND server

Who resolves your

DNS requests?

Challenges

Multiple internet service providers

Direct-to-internet branch offices

Users forget to always turn VPN on

Different DNS log formats

Enterprise

location AInternal InfoBlox

appliance

Home

users

Roaming

laptopsISP2

ISP1

ISP3

ISP?

ISP?

ISP?

Recursive DNS for internet domains

Authoritative DNS for intranet domains

Remote

sites

Enterprise

location BInternal Windows

DNS server

Enterprise

location CInternal BIND server

Using a single global

recursive DNS service

Benefits

Global internet activity visibility

Network security w/o adding latency

Consistent policy enforcement

Internet-wide cloud app visibility

Enterprise

location AInternal InfoBlox

appliance

Home

users

Roaming

laptopsISP2

ISP1

ISP3

ISP?

ISP?

ISP?

Recursive DNS for internet domains

Authoritative DNS for intranet domains

Authoritative DNS logs

Used to find:

▪ Newly staged infrastructures

▪ Malicious domains, IPs, ASNs

▪ DNS hijacking

▪ Fast flux domains

▪ Related domains

User request patterns

Used to detect:

▪ Compromised systems

▪ Command and control callbacks

▪ Malware and phishing attempts

▪ Algorithm-generated domains

▪ Domain co-occurrences

▪ Newly registered domains

Gather intelligence and enforce security at the DNS layer

Any device

Recursive DNS

root

com.

domain.com.

Authoritative DNS

How fast do we resolve DNS requests?

Measured in milliseconds

Source: MSFT Office 365 Researcher, ThousandEyes Blog Post, May 2017

157

130

119

92

78

75

74

50

45

33

SafeDNS

FreeDNS

DNS.WATCH

Comodo

Level3

OpenNIC

Verisign

Dyn

Umbrella

Google

Overall

75

132

106

39

17

38

43

12

17

25

North America

135

41

34

44

32

52

43

31

31

29

Europe/EMEA

197

275

268

198

167

119

112

80

59

39

Asia/APC

184

225

218

119

110

108

140

73

99

42

Latin America

322

195

169

164

171

81

176

165

23

38

Africa

Introducing Cisco Umbrella

Cisco Umbrella

Cloud security platform

Built into the foundation of the internet

Intelligence to see attacks before launched

Visibility and protection everywhere

Enterprise-wide deployment in minutes

Integrations to amplify existing investments

Malware

C2 Callbacks

Phishing

208.67.222.222

Where does Umbrella fit?Malware

C2 Callbacks

Phishing

HQ

Sandbox

NGFW

Proxy

Netflow

AV AV

BRANCH

Router/UTM

AV AV

ROAMING

AV

First lineNetwork and endpoint

Network and endpoint

Endpoint

It all starts with DNS

Precedes file execution and IP connection

Used by all devices

Port agnostic

Built into foundation of the internet

Umbrella provides:

Connection for safe requests

Prevention for user and malware-

initiated connections

Proxy inspection for risky domains

Safe request

Blocked request

Prevents connections before and during the attack

Command and control callback

Malicious payload drop

Encryption keys

Updated instructions

Web and email-based infection

Malvertising / exploit kit

Phishing / web link

Watering hole compromise

Stop data exfiltration and ransomware encryption

Our view of the internet

100Brequests per day

12Kenterprise customers

85Mdaily active

users

160+countriesworldwide

Intelligence to see attacks before launched

Data

▪ Cisco Talos feed of malicious

domains, IPs, and URLs

▪ Umbrella DNS data —

100B requests per day

Security researchers

▪ Industry renown researchers

▪ Build models that can

automatically classify and

score domains and IPs

Models

▪ Dozens of models continuously

analyze millions of live events

per second

▪ Automatically uncover malware,

ransomware, and other threats

Our efficacy

3M+daily new

domain names

Discover

60K+daily malicious

destinations

Identify

7M+malicious destinations while resolving DNS

Enforce

Visibility and protection for all activity, anywhere

HQ

Mobile

Branch

Roaming

IoT

ALL PORTS AND PROTOCOLS

ON-NETWORK

OFF-NETWORK

Umbrella

All office locations

Any device on your network

Roaming laptops

Every port and protocol

Enterprise-wide deployment in minutes

ANY DEVICE ON NETWORK

ROAMING LAPTOP

On-network coverage

With one setting change

Integrated with Cisco ISR 4K series

and Cisco WLAN controllers

Off-network coverage

With AnyConnect VPN client

integration

Or with any VPN using lightweight

Umbrella client

BRANCH OFFICES

What sets Umbrella apart from competitors

Easiestconnect-to-cloud

deployment

Fastest and most reliable

cloud infrastructure

Broadestcoverage of malicious

destinations and files

Most open platform for integration

Most predictiveintelligence to stop

threats earlier

Customers

Enterprises worldwide use Umbrella

IT services Legal Manufacturing Retail Technology Telecom

Education Finance Government Healthcare InsuranceEnergy

Trusted by enterprises worldwide

Fortune 500 companies in retail, healthcare, energy, and entertainment

Over 600 leadingprofessional services including law and consulting firms

Over 500 leading finance, banking, and insurance companies

Over 500 leadingmanufacturing and technology companies

UmbrellaStart blocking in minutes

Easiest security product you’ll ever deploy

Signup1

2 Point your DNS

3 Done

Why do an Umbrella POV?

Next Steps

It’s the easiest POV you’ll ever do.

After your POV, you’ll receive a custom

security report to help answer:

▪ How effective is this solution?

▪ How does it compare (or add)

to my current security stack?

▪ Does it deliver great time-to-value?

1. Signup 2. Point DNS 3. Done.

Uncover more with Umbrella

50%Encountered APT(Advanced Persistent Threat)

82%Encounteredransomware

77%Encountered

phishing

Across 200+ recent POVs:

653 C2 callbacks blocked 1150 malware requests blocked