Cisco Umbrella Reviews

We use Cisco Umbrella to detect malicious URLs, DNS queries, data exfiltration, and DNS tunneling. It is particularly effective in showing DNS queries and providing visibility for external DNS queries, especially in communications to malicious sites from internal systems.

The DNS data exfiltration and the blocking of DNS tunneling are the most effective features for threat prevention in our company. The DNS layer security provided by Cisco Umbrella is very effective for our security posture, offering us vast improvements in visibility over DNS queries and potential threats.

We need to work on integration as it is very complex. Making it more flexible and easy to deploy, particularly when integrating with other technologies like Active Directory and proxies, would be beneficial.

I have been working with Cisco Umbrella for the last three months.

Cisco Umbrella is stable, and I would rate its stability at nine out of ten.

Cisco Umbrella is scalable for our company. I would rate it nine. We are in the POC stage with twenty users, and once we purchase and deploy it, the number of users may increase.

I am satisfied with Cisco support. I would rate customer support ten out of ten due to the excellent assistance throughout the POC process.

Positive

The initial setup was complex, requiring two months for deployment due to the challenging integration process.

Currently, we have not been provided with the financial terms. We are evaluating our internal environment before proceeding with an RFP for a quotation.

The main concern with solutions is financial. Whichever solution gives us a good financial deal, we will consider it. All solutions have similar features yet vary slightly in deployment and workflows.

I recommend using Cisco Umbrella at full capacity with all features. My overall rating for Cisco Umbrella is ten out of ten.

We use Cisco Umbrella to protect our DNS queries and the traffic going out.

Cisco Umbrella is transparent to my users; they are unaware of its presence. The documentation they use is solely for the IT staff. It is functioning exceptionally well, to the point where I no longer require extensive documentation for its operation.

It has reduced malware and mitigated risks associated with email links and various other factors, resulting in cost savings.

Cisco Umbrella helps secure our infrastructure, enabling us to effectively detect and remediate threats. Apart from host-based firewalls or malware attempting to bypass threat detection, we currently do not have any other alternatives. Although there may be competing solutions available, we have been using Umbrella, and it has served us well.

Cisco Umbrella helps free up IT staff time indirectly by reducing the number of calls we receive regarding malware or bad calls.

Our organization improved its cybersecurity resilience by effectively blocking threats with Cisco Umbrella.

We used one feature, which is aimed at protecting our users from accessing malware-infected websites and encountering associated problems.

I am unsure if Cisco Umbrella offers a Windows option for running the server. However, since I am not familiar with Linux, I had to rely on someone else to handle that aspect. I'm not completely convinced that using Windows would be a superior solution, as Linux is generally regarded as more stable. However, it would benefit individuals like myself who are unfamiliar with Linux.

I have been using Cisco Umbrella for seven years.

I haven't needed to reboot the servers for years due to their excellent stability.

For the size we have, Cisco Umbrella has worked out really well in terms of scalability.

The solution that was previously used was acquired by Cisco and turned into Umbrella.

I have seen a return on investment using Cisco Umbrella.

The pricing model is easier compared to some of the other solutions, and it is also competitive.

I rate Cisco Umbrella a nine out of ten.

I recommend that people try Cisco Umbrella because I believe it is the best option available.

I have never needed to utilize technical support because the solution has consistently functioned effectively.

We're using Cisco Firepower to replace the ASAs as perimeter firewalls to the university's network. We're predominantly using Cisco Umbrella for web filtering of staff and student web traffic that is generated from the university campuses.

Cisco solutions are simple, efficient, and effective. We're definitely seeing that our users are protected by using these solutions. We're using Cisco Umbrella to protect around 1,500 staff and about 15,000 to 16,000 students. At any one time, on our campus, we could have 3,000 student endpoints protected and about 1,500 members of staff with laptops who are working hybrid since COVID. So, they're protected when they're on campus and when they're off campus. As a university in Edinburgh with three main campuses, we have two internet connections where firewalls protect us from bad stuff on the internet.

Cisco solutions have invariably saved us time. Without them, we would've had ransomware attacks and cyber attacks. So, they have helped protect us as much as they can. I don't have the metrics, but it's a university, so we're probably quite often under attack.

Our operating expenditures (OpEx) haven't really reduced. With moving to subscription-based, our OpEx has probably gone up rather than our CapEx coming down. 

The insight into what our users are doing via Cisco Umbrella is valuable. Knowing that we're protecting our users as they leave our network is also valuable now because we've got more hybrid working. With Cisco Umbrella and Cisco Secure clients on all our hybrid working laptops, we know that our staff is secure even when they're working from home.

They should provide more integrations and bring things together so that there is a more standard feel to their platform. We also use Cisco ISE, and it has a very different feel from Cisco Umbrella. We also have some Meraki products which feel very different from others. It's like you have to learn something new with every product you buy.

We've had Cisco ASAs, but we're just in the process of replacing them with Firepower, so Firepower is quite new. We've been using Cisco Umbrella since 2020.

We have a good Cisco partner called Ping Network Solutions in Scotland, so anytime we need to reach out for a bit of advice, we can ask them. We had good pre-sale support with Cisco as well to ensure that we get the right products that match our requirements. I'd rate their customer service a nine out of ten.

Positive

Instead of Cisco Umbrella, we used Zscaler for web filtering, but we've always had Cisco firewalls.

When we switched in 2020, Zscaler didn't seem to be developing their product as well. It didn't match our requirements anymore.

I was involved in its deployment although I had a technical team working underneath me. It was easier than Zscaler because Zscaler made us have two instances, one for staff and one for students. It was very complicated, and we had to route traffic in different ways. Being able to do it by DNS with Cisco Umbrella was just easy.

I managed the team that was deploying it. My role involved making decisions about what traffic and which groups of users we put through first, some early field tests, and things like that.

We did it all by ourselves.

We have seen an ROI. With Zscaler, we had more operational issues than we've had with Cisco Umbrella.

You get what you pay for.

We use Cisco Firepower, and we use Cisco Umbrella. Currently, these two products are not very integrated. We don't have the complete suite of Cisco solutions. We just have two that aren't joined. We also work with other technology partners, such as Microsoft, but in terms of the perimeter of our network, it has always been a solid product like the Cisco firewall.

I'd rate Cisco Umbrella a nine out of ten.

We're an MSP. We implement it for customers, and we also use it in our organization.

I'm not a technical guy. From my perspective, as an executive, it gives us more peace of mind knowing that our traffic is secure. There's basically an extra layer of security for all our traffic, so our customers' data is secure, and our own data is more secure. There's just peace of mind for me.

It does a pretty good job of securing the infrastructure from end to end. We're happy with it. That's the internet gateway security that we sell. There are other competitors out there, but it's agnostic to equipment. It very easily integrates with our customer base, which is mostly Meraki. The dashboard and reporting are very easy and very transparent for our customers, so we can do a good job of explaining to them their issues, what's been mitigated, and what're the advantages. They have visibility over why they're paying for this service. 

It has helped us to consolidate tools. We use most of Meraki. It's from top to bottom, so everything is in a single pane of glass.

It has definitely saved time and money. We're able to onboard a customer for a trial in minutes, so after a sales pitch call, we can onboard them the same day. That's pretty amazing.

It has improved our cybersecurity resilience to the point that we haven't had issues. In security, not having issues is very good. We're able to keep up with the threats with a partner like Cisco and make sure that the best practices are met both at the on-premise level with the firewalls and then over the cloud. When they're not in the office or when they're remotely working, everything is secure.

For our scope or type of customers, which are retail customers with many branches, as an MSP, we take care of everything related to security. It allows us to manage many customers at the same time, and it allows the customer to focus on the other aspects of their business and leave the cybersecurity and networking to us.

For us and for customers, it's the ease of integration with Meraki. It's just a couple of clicks. That allows us to deploy very fast, and it doesn't change the way a customer uses his service. It's just more secure.

For us, as an MSP, the initial licensing changes were a roadblock, and they still could be a lot clearer. Specifically, it's an honor-based licensing system. We'd like it to be more specific to our traffic or our users so that we can make sure that the customer is paying for all their licensing.

We've been using Cisco Umbrella for about a year.

We've implemented it for maybe a thousand users.

That's pretty good. I'd rate them a nine out of ten. More Spanish would be better for our techs. We're based in Panama.

Positive

We've tried other products and other gateways from Fortinet and Arbor. We chose Cisco Umbrella. The most important thing for us is that we're fully Meraki stack. We have thousands of deployments of Meraki, so it's very easy for us to implement. Our customers are long-time Meraki users, so they're very comfortable with the Cisco stack.

It's deployed on the cloud, but I wasn't involved in its deployment.

We've seen an ROI with this product.

In terms of licensing, we're not able to be extremely clear with the customer because it's based on their reporting. It's not based on the actual traffic. If they say they have 50 users but they have 80, we'll just buy for 50 users. That's something where we'd like to have more flexibility.

Overall, I'd rate Cisco Umbrella a nine out of ten. There's always room for improvement, but it's very good.

We use Umbrella to front-end all of our DNS requests and that way they protect any of our end-users from going to any kind of malicious site. It doesn't matter if they're in-house in one of our locations, or if they're remote and working from home. That was the biggest part was the fact that we could protect our end-users, even when they're not in the office.

We were actually trying to solve other challenges, which included just to protect the onsite, but once COVID hit, it pretty much made it a very easy transition for us. At one point, when COVID was at its highest peak, we had everyone working remotely. We didn't have to worry about how we were going to restrict our access on the internet, because Umbrella was already handling that for us.

It made us more secure, which is a very important thing for a financial institution.

The support for hybrid work was the biggest thing. It protects our users, whether they're in the office or they're out of the office. We get the same policy in both locations. We can assign policies based on individual group memberships and it travels with them no matter where they go. It helps no matter where they are.

Since it's based on user DNS requests, it's right from the endpoint all the way through the network to be able to identify those locations and restrict access if necessary. It's not just the malware sites, which is very important, but it's also just content in general. There are business reasons for restricting access to certain content.

Since we implemented Umbrella, we are seeing a fairly significant amount of threats being blocked. A good 20 percent of all the activity, on average, that we see is actually being blocked by Umbrella, because it's either violating policy or it's some kind of malware.

Both monitoring the activity, so that we can investigate anything that may pop up, and the ability to restrict the access, or filter out what content end-users can view or go to [are valuable features of Umbrella]. Also, the fact that it blocks them from any known malicious locations.

It works really well and the best part about it is the fact that it's transparent to the users until they try to go somewhere that's either restricted because of content or restricted because of the fact that it's malicious. Then they simply get a popup and that's all there is to it. So from their perspective, it's very easy. They don't have to do anything in order for it to work.

There is a single portal that we go to that handles being able to set up policy, look at activity, or even manually add sites that we think that we want to restrict, even if it's not considered a particular category or a particular malware. The single-pane-of-glass management is very important. We have a very small team. We can't spend a lot of time going from product to product to product to either investigate or set up policy. We need to have one place that we can go to and set everything up.

It's really easy. It's an easy portal to go to, it's cloud-based, so we can get to it from anywhere. The ability to set up the policy is pretty straightforward. There are a lot of tie-ins with other products, like SecureX and other things, that make it just as easy.

It's cloud-based, so as long as you can get to the cloud, you're golden.

The only thing I can think of is that I'd like to see a little more flexibility in policy creation. The way that policy is currently structured is like a "first hit succeeds" kind of policy. It would be nice if it were more hierarchical.

I have been using Cisco Umbrella for about four years now.

It's been extremely stable. In the last four years, I do not recall a single outage. There has been nothing that I can think of that actually affected the performance of the system at all in the last four years.

We've never had an issue with scale. We've scaled it up to every user that we have in-house. When we deployed the gateways, we deployed two for HA purposes, but from a scale perspective, it's DNS queries. It doesn't take much. Our whole organization is on it.

Support for Umbrella is very good. There's a way to contact them directly from within the portal and we use that periodically.

I give them about a nine out of 10. There are issues with Cisco's tech support, like all the rest of them.

Positive

Umbrella was actually the first [solution we used in this area]. Once we discovered that that was a big hole we had—we didn't have anything that was controlling content for our internal end-users—we could run into problems with regulation, problems with compliance. It could run into issues with HR, as well as security issues associated with malware. We knew it was a hole, that we were missing. Umbrella filled that hole for us.

There were two pieces of the deployment. One was the cloud deployment, which got us set up in the cloud to begin with. We also had gateways that were installed on-prem, in-house.

We were able to get the gateways up and running in about an hour. The cloud deployment was all done by the Umbrella organization on the back-end side. To deploy to the end users, all we needed to do is set up a policy that said, "This is what you use for DNS." Once that was set up, we were done. Deploying that was done in a group policy and that group policy was pushed in a matter of minutes. The entire solution was probably deployed in just a few hours.

We did it all ourselves. Cisco handled the back-end side with the portal itself, but the rest of it, we did ourselves.

I think we got our return on investment within the first month of its use, because of the increased security that we had in the organization; the ability to have a product that is protecting our end-users. We do educate our end users today, but Umbrella doesn't require us to go through as in-depth an education process to say, "Okay, you're going to have to do the research. You're going to have to figure out what sites are bad. You're going to have to figure out where not to go." We don't have to do any of that. That's all handled by Umbrella. We just need to let them know that we're protecting them on the back-end side.

Its value exceeds its pricing.

We looked around to see what was available. There were a lot of content filtering solutions available, but one of the things that Umbrella brings, in addition to content filtering, is that awareness of known threat sites. Their tie-in with Talos, Talos being that organization that does all that research and feeds that into Umbrella, means that we not only have known malware sites from six months ago, but we're getting feeds from Talos within hours.

The impact on our employees' morale has been good. Anytime the employees understand that we're doing something from a technology standpoint to secure the organization more, that makes them happy. It's something that they don't have to concern themselves with as much and it improves morale quite a bit.

Resilience in cyber security is extremely important. We're a financial institution, so cyber security is very high on our organizational goals, all the time. Making sure that cyber security is resilient against any of the latest attacks that are coming out is extremely important. It's a constant thing. Cyber attacks are increasing every single year. The methods that are being used are increasing every single year. If something were to happen, not only would we have a financial impact, but we have a reputational impact. For a financial institution, a reputational impact could be just as devastating as a financial one.

Umbrella helps us with that overall security. It gives one less attack vector for the bad guys to get into. We're protecting those end-user devices and we're protecting those end-users from going to places that could be malicious. The fact that it's doing that for those end-users increases our overall security without us having to rely specifically on end-user education in that particular attack vector.

For leaders who are looking to increase resilience within their organizations, I would say that what is necessary is to do as much security, in-depth, as you can. That includes using Umbrella to protect your users and using lots of other security products and being able to secure every aspect of your organization.

I would rate Umbrella absolutely a 10 out of 10. It's literally a lifesaver when it comes to being able to protect our endpoints.

I had implemented Cisco Umbrella at a previous company. I'm now working at another company where I'm not using this solution. We've got another solution here.

The policy of the company was to make sure all outgoing traffic was sent through a filtering service, and OpenDNS, and then Cisco Umbrella, was chosen for that purpose. Once it was taken over by Cisco Umbrella, it had far more capacity and far more functionality written into it. 

In terms of the deployment model, I just used Cisco services. It would be through Cisco's private cloud. My site wasn't big enough. So, I didn't deploy the Cisco service on-premises. 

It was really valuable to me in protecting the outgoing data of the company. It was good for reporting. Every computer had the Cisco Umbrella program installed. So, I had good reporting on any issues related to outgoing data, such as whether there were any phishing or dodgy sites connected. It protected that part of the business.

A combination of Cisco ASA, Cisco Umbrella, and Cisco AMP connecting to the SecureX portal gave me all-around security for the site because they all reported into a central reporting server. If there were any issues, I could have got full details, even if a crypto locker attempt was made. I never had any security incidents that I'm aware of. So, it was a very effective tool.

It kept itself updated. So, I didn't have to worry about continuing to push out new installs of the program.

I felt safe, supported, and secure, and so did the owner of the company. It worked silently in the background, and no one else really knew it was working on their computers. When we went into lockdown with COVID, I was happy knowing that all the computers that left the business had the app installed and were going to be functioning securely. We got no viruses and no issues on any computer on the network, which is quite unusual. A lot of other people or a lot of other companies I spoke to reported that they had quite a few issues.

It worked 100% in terms of applying and maintaining network connectivity consistently across all workplaces. We never had any issues. The only issues we had were when sites might have been blocked because they were suspected of being within a filtering group. It would report back to the user and say, "This site is currently blocked by your administrator. Please click this button. An email will be sent to your administrator, and they can resolve the issue." I would then get the email, and I'd look at the site, and then I'd release it through whitelisting. It was very user-friendly in that regard.

It certainly helped to remediate threats more quickly because I was able to stay free of any virus outbreaks. It definitely locks out that part of the transmission where the virus will go out and attempt to download a package.

It worked silently and didn't use too many computer resources. It was really silent in its operation on the network. It had a really good impact on me. I'd love to put it in my new company, but we've gone down a different pathway. That's being resolved through Office 365 now, and I'm not proposing to change that technology.

I wanted to ensure that all outgoing traffic went through Cisco AMP servers. So, if we did get a crypto locking incident or any malicious sites that wanted to direct traffic to particular websites, they would be unable to do that because they would be blocked by the Cisco Umbrella DNS servers.

It also did website filtering for preventing access to porn sites and gambling sites. It had all other standard features. It had a good section where you could whitelist and blacklist websites.

I was able to implement it myself. It was really easy to install. You could install it on a server locally if you want to. If you have the biggest site, you would do that, but for my site, it was just directing all the traffic out through the Cisco Umbrella DNS. It was really handy. When the owners of the company went overseas, I knew that they would be secure because even if they were not on the company network, they would still go through the Cisco Umbrella servers. It was a complete solution for protecting the company with outgoing data.

The other useful feature was that if we were to get a malicious actor onto a server or service running somewhere, it would still have to go out through the Umbrella servers. So, it would more likely be blocked through there. It had multiple features that were super handy.

It had the ability to do a lot of app control. So, every single app that went through that portal was registered, but there is a general issue with the whole app control. As soon as you add a mobile phone to your network, all of the apps get registered through the system, and you can approve, reject, or just let them go through. When I looked at it, it was impossible to manage app control. There was just so much data. I didn't apply that service because I just didn't have the time to manage it. It would be good if there was a way to categorize applications. However, that's dangerous too because you can be turning off an app in a group because you don't know what it is doing. It could be a vital company app. So, App control is the main area in which they need to keep working.

Originally, Cisco Umbrella was called OpenDNS. I have used OpenDNS and Cisco Umbrella for about six years.

It is very stable. I never had any issue with it.

It is highly scalable. You don't even have to install it on your computers. You just change your DNS, and it'll start to work internally immediately. I never had any issues with performance or anything like that. I'm sure it would suit larger companies as well, but larger companies would install their own Umbrella service on their own systems and deal with the capacity that way. So, it is very scalable.

Their support is good. They always got back to me and answered issues. They showed me how to do my own debugging. They were always very professional and helpful. I would rate them a 10 out of 10.

Positive

We previously used proxy servers, but I wanted a more modern interface, and that's why I chose Umbrella.

It was super easy. I'm a general IT person, and I was able to deploy it. I read the documentation, changed some settings, changed the DNS on my servers, and then rolled it out to the team. It was a pain-free implementation.

I deployed it. It was pretty intuitive. I didn't have a consultant help me. I was able to implement the solution myself and manage it myself. That's a really good rating for an application. There are different systems you get to manage these days, and you can't have training on all of them. Because I rolled it out, I knew I rolled it out properly, and the system was working effectively. It was good. I liked using it.

The return on investment was that we kept the company secure. Nothing happened, which is the ultimate return on investment.

It was a little bit expensive on a per seat basis, but the company I was running was only a midsize Australian company, and it was a reasonable budget per computer for that system.

It started off being a free product, and then Cisco bought it, and it went to a reasonable price. I was using Cisco AMP as well. So, my per computer cost was reasonably high, but for a small company, it was within an acceptable level.

Not having reviewed other systems, I can't tell how they compare, but I know that when you do special security licensing with Microsoft, it is on par. So, it is probably standard within the industry.

At the time, we were using OpenDNS, and then OpenDNS went to Cisco Umbrella. Because we'd had such success with OpenDNS, we just stayed on with the product. So, I didn't evaluate any other products at that time.

It is just another layer that you need to wrap around your company to keep it safe unless you could just shut off that possible attack vector from external parties.

To leaders who want to build more resilience within their organization, I would say that they've got to keep doing it, and they've got to keep working on it. I'm constantly looking for better ways to secure the company. Cisco Umbrella would be a very useful addition to their set of tools. 

A part of my plan in the long term was to implement the full suite. I never got around to that, but it was really good to know that I could go right down to app-level control. It was a very successful product, and I'd certainly recommend it to any business looking to just add another layer of security around their company.

In terms of providing a single pane of glass management, security does involve multiple systems, and I could log them all into the Cisco SecureX system. From there, I could get my single point where I could resolve issues with viruses, et cetera. So, in itself, it was a single pane of glass for DNS protection. It was fine, but I don't think there is ever going to be a single pane of glass anywhere. You're always going to have many different systems that you're using, but overall, it had a lot of features. It did the job it needed to do.

I would rate it a 9 out of 10. It is just app control that I want them to develop more.

Cisco Umbrella enables all of our end users to browse the internet and internal networks securely. It can block different things like sites and applications that they shouldn't access according to company policies. For example, we can block different applications or specific site categories.

We also use Cisco SecurePort and SecureX, which is a platform for integrating various Cisco products. We have already integrated Cisco Secure Endpoint and Cisco Umbrella through SecureX, which offers a single pane of glass so you can see all the problems. We have also integrated our Meraki firewalls and access points. We have 500 users, and each of them has the Umbrella agent installed. If you're working in the office, you don't need it because every computer is protected by Umbrella. 

The main benefit of Cisco Umbrella is to prevent the end users from becoming victims of phishing attacks or malicious links in an email. It isn't necessarily about making the users more efficient or productive, but it could help with that. For example, if someone mistakenly clicks on a link and their device is infected, we may need to take it offline for a day or two in order to resolve it. We don't have these incidents, so we can ensure that users won't be affected by any malicious activities and can continue doing what they're doing without worrying about other departments getting infected.

Umbrella lets you inspect client Internet traffic as if it were flowing through a traditional data center security stack. The main thing you can do is check the destination they're trying to access, but you cannot inspect the package. You can see the URL, but you cannot fully inspect the way we're actually using it. The primary goal is to block or allow specific URLs. We don't do any inspection or use any proxy to inspect traffic. 

I would say that we save money using this product because it's easy to use, so you don't need an expert to operate it. It requires some expertise, but it's simple to monitor and maintain. Also, when we want to set up offices in new areas, it's easy to integrate. 

Umbrella is constantly discovering new vulnerabilities. The solution's ability to discover zero-day attacks without significant changes to the platform is crucial. For example, we prohibit certain categories of websites like gaming or gambling, and the categories are constantly updated. We don't need to update the categories to add new websites or constantly check those reports because we know that Umbrella does what it's supposed to. 

The interface is well organized, so you can easily find everything. Even if you don't have much experience with Cisco, you can easily navigate the solution and find your way around. Everything has been done well, from the deployment to monitoring. 

The application is really stable. We never have problems with Cisco not working for our end users. We have an internal communication hub. The office implementation is integrated with our security systems and firewalls, but we also have users worldwide working from home. Our employees are pleased with the user experience, and we've never had reports about Umbrella not working properly or being unable to access a site. It's integrated with Cisco AnyConnect, so our users can access it through a VPN solution.

Umbrella actively processes and blocks malicious DNS queries daily, which is helpful for us because we're a small team. We heavily depend on the tool to do its job properly. It works nicely out of the box. You have to do a little initial configuration, but after that, it blocks everything we want and nothing we don't. We've gotten some false positives with other products, but we've never experienced that with Cisco Umbrella.

Guest internet access is easy to configure. We set more restrictive policies for our guest users, but it hasn't been difficult to spin up consistent policies in three or four different offices. We just attached the policy that we have for guest users to a specific wireless SSID.

Umbrella combines multiple security functions into a single dashboard. If you use Cisco SecureX, there is a dashboard in Umbrella, but you have to look at different areas. In Cisco SecureWorks, you can add the tasks and dashboards you want to monitor, but Umbrella is more standardized, so you cannot make many changes. In addition to the dashboard, we have some daily reports and email alerts. It does what we want. 

Cisco Umbrella hasn't integrated customized reporting yet. With Cisco Secure Endpoint Hub, I can see a report on user downloads and set it up to constantly get an email alert. Based on my understanding, Cisco Umbrella can't do that. You can set it up with third parties, but it would be better if that were built into the platform. 

I joined this company a year ago, but they had already been using Cisco Umbrella for more than three years. 

I have never experienced any outages or downtime. It works all the time.

I rate Cisco support nine out of 10. We had to open a ticket because we had some issues installing the agents, but we haven't had trouble since then. The technical team responded and fixed our issues quickly.

Positive

I used a similar SaaS solution by Palo Alto, but Cisco Umbrella seems to be quite unique because it's a DNS layer. I'm not sure if any other company is doing the same thing. We integrate Cisco Secure Endpoint and Cisco Umbrella to provide end-user detection and prevention. It does what it's supposed to do with most of a lot of admin work. It's a gateway.

I wasn't part of the deployment, but it seems to be straightforward based on what I have seen. It requires a few adjustments to the firewalls and some integration, but it seems relatively simple. We needed to help the users working from home install the agents for Umbrella and AnyConnect, and this was also straightforward to deploy with Kandji, our MDM system.

After deployment, Umbrella doesn't require much maintenance because it's a SaaS application like Gmail. You don't have to do anything except the admin work, such as adding websites or categories. However, Umbrella uses an agent, so we need to update the engine. We can automate all these things, so the maintenance is minimal. 

It's hard to quantify a return, but the cost of a malware attack or customers losing private information is potentially very high. I don't have the numbers for those things, but Cisco Umbrella helps us to avoid those issues. A breach can harm our reputation and damage the entire organization.

Cisco Umbrella is reasonably priced for what it does. I don't have any numbers to compare it with because I don't recall what the other solutions cost. 

I rate Cisco Umbrella nine out of 10.

We use Cisco Umbrella to secure our gateway. All of the DNS forwarding coming out of the company from any site or all the DNS requests are forwarded through Cisco Umbrella, and then they determine if that is a safe address and if the content coming back is safe. They will either reject the addressing out of hand, or they'll look at the Layer 7 content and reject that from making it back to us.

We are using the Secure Internet Gateway (SIG) Advantage package. In terms of deployment, effectively, it's deployed from our private cloud. It's in our data closet on our servers.

It enables us to finally allow laptops to be used as workstations and allow data to leave the building. In the past, laptops were only used for VPN access, but they would connect back to their data inside the company. This has allowed us to have a level of confidence that they're protected as if they were behind our firewall. So, now, we've got work-from-home people who literally have their workstations with them.

We have six sites with 60 to 70 users. The baseline configuration allows for additional protection for any DNS requests as they leave those sites, and then the secondary policy is for the mobile devices as they leave the premises. When they're connected to public WiFi, they have an additional policy that kicks in for that time that they're not connected back to the company. So, when they're on public WiFi without a VPN, the tool will actually put that second policy in place that's more aggressive and offers a higher level of protection when it's not sitting behind the firewall. All that is automated. It's all built into the agent.

We don't allow WiFi inside of our network for connection to our actual business network. As soon as a device is docked, it disables WiFi on that mobile device.

When we have laptops that leave the building, they could connect to public WiFi before they establish a VPN connection back into the company. For that duration or that period of time when they're not docked in the network or on a VPN, they effectively don't have that full layer of security that I provide inside the building. This tool stands in during that period of time, and we extend the security settings through their basic firewall or their cloud-based firewall at that time. So, we do content filtering and control access, but they also are looking at new domains, IP addresses, and bad requests. They're blocking them on my behalf when a laptop is not sitting behind our security appliances.

There are a couple of interface issues. I know that they say that there are feature enhancements that are noted. For example, we've got the Cisco Meraki security appliances, and there, we geofence our company to where we're allowed to send and receive traffic. So, in our case, by default, we only allow traffic to six different countries, which allows us to effectively prevent traffic for the majority of bad players in the world, but they don't give you an easy way to do that in Cisco Umbrella. With Cisco Meraki, I can specify or pick the countries. I can say that I want to only allow traffic from these six countries, and I'm done. With Cisco Umbrella, I have to rely on the fact that they're going to prevent traffic to other countries. They're going to decide if it's good or bad. I can't geofence out. I can plot top-level domains, but .com and .net go global. I can certainly block a China (CN) or a Russia (RU) domain, but that doesn't give me the same level of granularity. 

Apparently, Cisco Umbrella has got that as a feature request to allow an administrator to say, "I specifically only want traffic to and from these countries. Everything else should be dumped." That way, when they're sitting behind my network or they go out in the wild, they have that same level of traffic being blocked.

I have been using it for 14 to 15 years.

We've had no issues. It has done exactly what it's supposed to do.

It is cloud-based. So, scalability should not be an issue. 

Any increase in its usage is all relative to the growth of our staff. Currently, we deploy the laptops for people who need to work from home or are traveling between the banks. That's roughly about 20% of our total staff. Some people aren't going to be working from home, and some of their jobs can't be done from home. They have no need for mobile devices. If there is a need to work from home, its usage will increase. It is there if we need it to scale, but at this point, it is not scheduled to change.

Once I became a paying customer, it was much better. The preliminary training is there, but when you get into the nuances and the details of some of its capabilities, you need to talk to tech support. Once you're a paid customer, you get direct access, and then it's good. When I'm able to get a hold of them, their technical support is a 10 out of 10.

Positive

I didn't use any similar solution previously. 

I was a hundred percent involved in its deployment. We had a couple of issues. The proof of concept was done without a lot of planning. So, there were some mistakes made along the way. If I was doing it again the second time, I wouldn't make the same mistakes. 

The default configurations have your baselines. Those are never supposed to get changed, and I changed and tweaked those for our proof of concept. After a couple of weeks, I had some additional guidance from the Cisco Umbrella team. You leave the baseline configuration, and then you clone and create a new configuration that sits in front of it. So, everyone gets the baseline, and you don't change that. If you want to change it, you make a new policy and then make the changes to that. If you change the baseline default policy and you make a mistake in it, you've to back that all out. If you make it in the new policy, in the worst case, you just delete it, and automatically everyone goes back to baseline. So, there's still a policy in effect. That was a training issue that should have been resolved. Now that I've done it, if somebody asks me, I would say that this is the way you've got to do it.

It was just me taking care of its deployment. In terms of maintenance, once it's configured, unless you're retweaking and adding or removing something that was blocked, it pretty much runs itself.

I have less maintenance to resolve, fix, and reconfigure VPN clients personally, and the feedback from the end-users is that they're more productive.

We were using the free version, and we implemented the paid version about two months ago.

I'm paying a fair price, but everything is negotiable with Cisco. One of the benefits that I got by having Cisco Umbrella is the licensing of the Cisco AnyConnect VPN client. There has always been an issue for years and years with Cisco Meraki in terms of VPN clients and using the native built-in Windows client. It keeps reconfiguring itself. By using Cisco AnyConnect as the VPN client, it's not affected by Windows patching or people typing in passwords by mistake. It's more resilient and doesn't change. With just Meraki solution, there was an extra expense for the Cisco AnyConnect VPN client. By having Cisco Umbrella, that licensing is now included.

There were a couple of other options, and I discussed them with another consultant. As a regulated industry, we have to do vendor management, and vendors have to be vetted. So, Cisco was already a vetted vendor. There are other companies that do the same thing, but Cisco didn't require me to do any more vetting. They were already a vendor.

When it's configured the way it's supposed to work, it turns itself on and off based on the status of the VPN or the dock condition. Once it's configured, it does exactly what it's supposed to do. 

If you're doing a proof of concept on it, fully understand how the policies are configured and what the flow is. You should understand the hierarchical status of the policies to configure it right the first time. You don't really want to guess it.

I would rate it a 10 out of 10.