IT Central Station is now PeerSpot: Here's why

Cisco Umbrella OverviewUNIXBusinessApplication

Cisco Umbrella is #1 ranked solution in top Web Security Gateways, top Internet Security tools, CASB solutions, top Secure Access Service Edge (SASE) tools, and top Domain Name System (DNS) Security tools. PeerSpot users give Cisco Umbrella an average rating of 8.8 out of 10. Cisco Umbrella is most commonly compared to Zscaler Internet Access: Cisco Umbrella vs Zscaler Internet Access. Cisco Umbrella is popular among the large enterprise segment, accounting for 64% of users researching this solution on PeerSpot. The top industry researching this solution are professionals from a computer software company, accounting for 24% of all views.
Cisco Umbrella Buyer's Guide

Download the Cisco Umbrella Buyer's Guide including reviews and more. Updated: August 2022

What is Cisco Umbrella?

Cisco Umbrella offers flexible, cloud-delivered security according to users’ requirements Cisco Umbrella includes secure web gateway, firewall, and cloud access security broker (CASB) functionality all delivered from a single cloud security service. Cisco Umbrella’s protection is extended to devices, remote users, and distributed locations anywhere. As company employees work from many locations and devices, Cisco Umbrella is the easiest way to effectively protect users everywhere in minutes.

Cisco Umbrella uses machine learning to search for, identify, and even predict malicious domains. By learning from internet activity patterns, this DNS-layer security solution can automatically identify attacker infrastructure being staged for the next threat. These domains are then proactively blocked, protecting networks from potential compromise. Cisco Umbrella analyzes terabytes of data in real time across all markets, geographies, and protocols.

Cisco Umbrella works with leading IT companies to integrate its security enforcement and intelligence. Built with a bidirectional API, Cisco Umbrella makes it easy to extend protection from on-premises security appliances to cloud controlled devices and sites.

Cisco Umbrella is suitable for small businesses without dedicated security professionals, as well as for multinational enterprises with complex environments.

Why use Cisco Umbrella?

  • Simplify security management: Cisco Umbrella is the fastest and easiest way to protect all users within minutes and reduces the number of infections and alerts sent from other security products by stopping threats at the earliest point. With no hardware to install and no software to manually update, ongoing management is simple

  • Reliable reporting: Cisco Umbrella reports show activity for each device or network in the system. Users gain a more complete picture of the security risks facing their organization and can take action to remedy them.

  • Manage and control cloud apps: Umbrella provides visibility into sanctioned and unsanctioned cloud services in use across the enterprise. Users can uncover new services being used, see who is using them, identify potential risk, and block specific applications easily.

Reviews from Real Users

Cisco Umbrella stands out among its competitors for a number of reasons. Some of the major ones are its DNS-based protection, ability to protect users no matter where they are located, stability, and high performance.

Daniel B., a network specialist at Syswind Kft, writes, “We primarily use the solution as cloud security for our branches. It protects us from direct internet outbreaks. It makes for good flexibility. The solution is very easy to manage. We found the initial setup, for example, to be quite simple. Efficient protection on the DNS level and even higher. The sandboxing feature analyses and handles the complicated security risks.”

Victor M., SOC & Security Services Director at BEST, notes, “It provides security for the remote workers and it helps to improve enterprise security in a very easy way. We mainly enjoy web software protection capabilities. It prevents the end-users from getting into bad sites or sites that potentially could have malware or could be phishing. It helps end-users avoid the wrong sites. The solution works very smoothly. The user interface is good.”

Cisco Umbrella was previously known as OpenDNS.

Cisco Umbrella Customers

Chart Industries, City of Aspen, Eastern Mountain Sports, FLEXcon, George Washington University, Jackson Municipal Airport Authority, Ohio Public Library Information Network, PTC, Richland Community College, Smart Motors, Tulane University, VeriClaim

Cisco Umbrella Video

Cisco Umbrella Pricing Advice

What users are saying about Cisco Umbrella pricing:
  • "The pricing was marvelous."
  • "Its value exceeds its pricing."
  • "We were using the free version, and we implemented the paid version about two months ago. I'm paying a fair price, but everything is negotiable with Cisco. One of the benefits that I got by having Cisco Umbrella is the licensing of the Cisco AnyConnect VPN client."
  • "Licensing with Cisco can be a little complex, but I think it's comparable with that of other similar products. It's always hard to put a price on security, but the price is fair for the value it provides."
  • "The pricing is great and very competitive with the rest of the market."
  • "The pricing is pretty fair. It's good."
  • Cisco Umbrella Reviews

    Filter by:
    Filter Reviews
    Industry
    Loading...
    Filter Unavailable
    Company Size
    Loading...
    Filter Unavailable
    Job Level
    Loading...
    Filter Unavailable
    Rating
    Loading...
    Filter Unavailable
    Considered
    Loading...
    Filter Unavailable
    Order by:
    Loading...
    • Date
    • Highest Rating
    • Lowest Rating
    • Review Length
    Search:
    Showingreviews based on the current filters. Reset all filters
    Drake Kapler - PeerSpot reviewer
    Network Planning Associate at a manufacturing company with 1,001-5,000 employees
    Video Review
    Real User
    We can see all of our locations in one place and only have to make changes once for all our locations
    Pros and Cons
    • "Umbrella, being one pane for managing, being all-encompassing, allows us to quickly go in, make a change, and it applies to either every location, if we want it to, or we can have policies in place that only apply to certain users or certain computers."
    • "In my experience with Umbrella support, sometimes the response times take a bit more time than we would like... sometimes, if you go through email, it can take quite a while to get a response."

    What is our primary use case?

    We're actually in the process of using this to replace our current web proxies. We use both, side-by-side, at the moment. The plan in the future is to eventually get those replaced with Umbrella so that we can have an overall, overarching proxy either that's based in the cloud or whatever we need. But this currently is our most convenient way of replacing web proxies across all of our locations at our company.

    How has it helped my organization?

    It's definitely made things more centralized. Our current setup is that we have proxies, either physical or virtual, throughout our different locations. Each location has its own proxy at the moment. What's nice about Umbrella is that we can just go into the site and see all of our locations in one place and look at all of our computers, users—everything. It's not divided into separate proxies that we have to go into and figure out which person's using which proxy. Umbrella lets us just see everybody at once, which is really handy for us, and we don't have to spend too much time messing around with figuring out who's where and which location needs this change. [We can just make] changes throughout every location at once, rather than one at a time with those proxies that we currently use.

    The past couple of years, [the fact that the solution helps support hybrid work has been] especially important because now we can't use those proxies if people aren't onsite. The way our network was set up was that we had it filtering through the firewall and the firewall was taking certain subnets and filtering those through the proxy. But obviously, when people work from home, we had to get a VPN connection set up. Before COVID, we did not have a work-from-home solution at the time, so everybody had to be in the office. Obviously, that all changed very quickly and Umbrella became a much bigger priority for us because that was our main replacement for those proxies at the time.

    We had to expedite the process of setting it up, but what was nice about Umbrella was that it was so user-friendly, it was so easy to set up on our end, that it didn't take as much time as we thought it would. It just simplified the entire process throughout the couple of years that we have especially needed it. But what's cool about that is that now, it's a permanent part of our network. Thanks to the last couple of years, we use it all the time now. It wasn't just a temporary solution for hybrid work because now we use it for both. We have the ability to do hybrid work, but we also have the ability to use it for our employees onsite as well.

    [When it comes to threat remediation] most of it is automatic so we don't really have to worry about it too much. Umbrella will just block something if it detects it as malware. That is a super convenient feature for us, that we don't have to manually review every single site. If we do have to review a site, it's nice to have that investigative tool. We put in the URL and it gives us a risk score, depending on how dangerous that site might be. That's super helpful for us to analyze that site, take a look at it, and make a decision on whether we need to block it, or if it can be unblocked. Every situation is different, but Umbrella makes that summary page very convenient for us. It allows us to make decisions much faster and more efficiently.

    Our cyber team is a bit different from our network team. We have a separate team for that, but it's nice because they also use Umbrella for a lot of that, depending on what the site is. We use the investigative tool for the risk score, but it also comes with a few other tools, and part of that is just so that they can assess what's safe and what's not safe and what might be detected as malware. Obviously, they have other tools for that as well, so Umbrella is just one cog in the big system. But it definitely allows for easier communication between our teams because we both use it and we can both understand it. It's user-friendly enough so that we can make decisions with them based on what Umbrella tells us and how we interpret that information depending on the site, the situation, the risk score, everything.

    We have a lot of employees, a few tens of thousands. We get probably hundreds [of threats blocked] every day. I wouldn't be able to give an exact number on how many are blocked. The main ones we look at are the ones that people request us to specifically look at because they might not think that something was supposed to be blocked, or something is not working properly, and we can go in and investigate that. But there are probably hundreds to thousands of blocks per day on the sites, across all of our locations. That automation allows us to relax a little bit easier and know that our network is much safer with Umbrella on it than it is off. The automatic side of it is basically saving our jobs. That really helps, and we're able to look at anything. Overall, as a program, it has saved us a ton of time and stress by not having to worry about malware or viruses or anything malicious.

    What is most valuable?

    One of the coolest features, for me at least, is to be able to type in a website and have it  give an overall summary of how safe that website appears. Part of that is just so that we can investigate. And if there's any sort of confusion between our cyber team and us, we can look further into that site and dive more into that risk score that Umbrella gives us. We can just analyze [those sites] and make sure that we're unblocking safe sites and blocking sites that we deem could be harmful for our employees.

    I would say it provides single-pane-of-glass management. We still, of course, use those old WSAs, but in the long run, our plan is to get those replaced with Umbrella. We have locations in Japan, Korea, China. So it's a little bit more difficult to go through one proxy for all of those, especially because it's a bit slower. What's nice is, [with] Umbrella being in the cloud, we can just go into the site, see everything from the management console in that page. Nothing is slow [and] nothing is hosted by us so that we don't have to worry about network issues or management issues. Everything is just laid out right in front of us from the Umbrella dashboard on the internet, in the cloud. And that makes it super helpful for us to just manage all that from one spot across all of our locations across the world.

    We aren't a very big team, so that's the main thing. Going through filtering web traffic or blocking sites or unblocking sites, whatever we need to do, can be a bit tedious, especially when we have all these different locations and we would have to go into each location specifically to perform these tasks. Umbrella, being one pane for managing, being all-encompassing, allows us to quickly go in, make a change, and it applies to either every location, if we want it to, or we can have policies in place that only apply to certain users or certain computers. And that makes it super useful for us because we're not messing around with jumping into all these different locations and manually doing each and every one individually. It is extremely helpful for us and it improves efficiency exponentially.

    For how long have I used the solution?

    I have personally been using Cisco Umbrella for almost a couple of years. Our company implemented it about five or six years ago. Most of that time was spent getting it set up, but we've really been using it more within the last two or three years now, so it's still pretty new to us at the moment.

    Buyer's Guide
    Cisco Umbrella
    August 2022
    Learn what your peers think about Cisco Umbrella. Get advice and tips from experienced pros sharing their opinions. Updated: August 2022.
    622,949 professionals have used our research since 2012.

    What do I think about the stability of the solution?

    [In terms of maintaining network connectivity] obviously it depends on the situation. With Umbrella, it's a bit easier, for sure. There are times where Umbrella, on their side, is having an issue and we're notified of that issue. But in that case, there isn't really much on our side that we can do. To that extent though, the pros outweigh the cons. It's pretty rare that Umbrella is having a problem. The way that our network is set up is that we can reroute traffic pretty quickly using our other Cisco devices, so it's not usually a big issue for us. We have fewer problems with Umbrella than we do with our physical WSA proxies that we currently use, because that is something that we would have to troubleshoot on our end, and we're not always there on site to be able to do that. Then we have to go through someone else who's over there and they have to console us in and we have to troubleshoot whatever's going on over there.

    With Umbrella, it's nice to have them tell us what's going on so that we're aware of the situation. If there are any problems, then we'd know what the issue was and how we could work around it. That makes it a bit simpler for us.

    Network connectivity isn't really a huge issue for us with Umbrella, specifically. Our use case mainly is just for blocking internet traffic, making groups. We have social media groups where we allow certain computers in places to have access to certain social media sites that we wouldn't normally do. We have other sites being blocked, depending on their use case. That's mainly our function with Umbrella. Internet connectivity is usually not a huge issue regarding Umbrella with us, but if it ever is, it's nice that they communicate the issue to us, [so] that we can work around it.

    How are customer service and support?

    In my experience with Umbrella support, sometimes the response times take a bit more time than we would like. Obviously, it depends on how they're contacted. But usually, when I contact them via phone, their support team is great. They help me out with everything. But sometimes, if you go through email, it can take quite a while to get a response. Obviously, if it's through email, the issue's probably not as pressing as it would be through a phone call, but the response times could be a little bit better. Email, I usually just avoid. I usually just call them now.

    They're super helpful. In terms of response times, it could be a little bit better. Some issues are more urgent than others, but if it's an urgent issue, obviously we just call. Sometimes it takes a little bit [of time] for them to get back. I would probably rate them a seven out of ten.

    How would you rate customer service and support?

    Neutral

    How was the initial setup?

    We've had to deploy connectors across certain locations, but [in] all the locations we have a domain controller and that needs to be deployed on those domain controllers throughout all of our different places. I've done a couple of deployments. Most of it was already deployed just by the time I got here. 

    [In] my experience of how deployment went, it was very easily laid out, very simple. The instructions were super clear. I didn't have any issues with that. As more of a newcomer to the entire industry, this has been much easier than I expected it to be. Umbrella, as a product, is very simply laid out, very user-friendly. I couldn't praise it enough for helping me out with my job. 

    While the support [can] sometimes take a while, overall they're super helpful, they make it very easy and they make you feel like you're not doing anything wrong. They're super friendly and make everything super easy for you. Umbrella as a product, overall, is very user-friendly, as a newcomer to my company.

    What was our ROI?

    The plan is to replace those physical proxies that we have. In terms of return on investment, getting rid of those across each location [has been valuable]. In terms of the efficiency with time, it's definitely saved us a lot of time and money troubleshooting different issues and securing the network and helping people access what they need to access. Just in terms of time and efficiency, it definitely has a return on investment.

    Trying to replace those physical ones as well, getting rid of those, just having this be the all-encompassing way of filtering traffic and unblocking, of making policies, it definitely saves us a lot of time with the solution that's offered.

    What other advice do I have?

    In terms of [our employees] feeling supported, they have the ability to submit a request to us very easily. When they get blocked from a site, it's not just one page saying you're not allowed here. They have the ability to submit a request to us so that we can look further into that site. That makes our employees feel more included in the process of helping the company access the sites that it needs to use, [as does our] communicating with those employees [about] why a site might be blocked; or a site that needs to be blocked based on what they find and what they're doing for their job. The important thing is that they're able to talk to us in case there's a site that they think that they need to access and helps them feel included in the entire process.

    Like I mentioned earlier, it's one cog in the big system that we have out of our solutions for cybersecurity. We also use products like AMP, we have certain firewalls that also block certain things, the way they're configured. But overall, Umbrella, if we're talking about users on the internet, using sites or accessing different websites, is a big help in determining what exactly they need. We can go into Umbrella and help them understand why something might be blocked, or if they need to get into something, we can make certain policies within Umbrella. It's obviously just one tool out of the many that we have, so these configurations are pretty involved and even I don't know how they all work. It's divided amongst our team. For cybersecurity in general, it's great. It simplifies it. It's very useful in terms of the automation and how it blocks everything, and how all that stuff is interconnected. I would say that it is a lifesaver for us.

    As somebody who is pretty familiar with networks and just learning everything, but being an inexperienced network manager, I would say that it makes the entire process very painless, very super simple to understand. In my experience, it's a nine out of ten.

    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    Flag as inappropriate
    PeerSpot user
    Director of Security
    Real User
    Helped us monitor activity and find bad actors who had managed to grab and control some of our domains
    Pros and Cons
    • "Any time someone went off the network, the AnyConnect client had the Umbrella agent built in, and it would realize when their computer connected that they were not on the corporate network. It would monitor and they would have pretty close to the same rules that they had to follow when they were in the office, regarding what kind of website browsing they could do."
    • "The design of the screens could be improved. Sometimes you're trying to look for information, for what you think is critical that should be on that first screen of the dashboard so that you can quickly take screenshots to have people help out, but you have to hop between screens to find little pieces of evidence."

    What is our primary use case?

    In my previous company, there was a gap in being able to put controls on users when they were away from the network. We thought, "Okay, Umbrella can do this for us," and it was at a reasonable cost for our security budget.

    How has it helped my organization?

    With Umbrella, it didn't matter if the users were in the office or they were going to go out. When I trained them I said, "If you go to Target, Starbucks, or anywhere else you can get on a hotspot, you're going to be covered with our rules, so we can make sure you're protected and that our company device is protected."

    It gave our users, from all of our sites, something like a first line of defense, including monitoring all the exit points of our offices. We also used Cisco AnyConnect on everybody's laptop so that any time they were out, we were making sure to secure their machine and keep an eye on it.

    Having a single pane of glass allowed us to quickly monitor and find out what was happening at that moment. We could see active connections going to a public address on the internet. At one point there were so many of them, thousands and thousands to one public address, which was more than normal. I had to contact Cisco support, and say, "This is what I'm seeing. Something's not right," and they said, "You're right." In the main screen, we switched over to investigation and we found that it was a bad actor. The bad actor was checking for domains that are flying around, and he found a few of ours that weren't paid for. He bought them and then he started controlling where they were going by redirecting them. That raised a big red flag for our company. They never had any idea that that had been going on for a very long time.

    There were other bad actors who had some of our domain names as well. I had to work with legal and we actually purchased back a few domain names from people. As a result, we taught our guys internally, "When you do a domain and you're going to do tests in the lab, make sure that we put purchase orders in. It's so cheap, let's buy them so that we have control of them, and not allow this again." That was a big awakening.

    Another benefit of Cisco Umbrella was related to our wireless. If we had a vendor come to our company, I'd have to get permission for him to use our wireless. I'd have to put in a ticket with his machine name, the IP he would have, and ask for a two-hour window. But I could tell that vendor, "In the same way that you are helping us with the product we purchased from your company, we're going to help protect you at no charge. When you get on our wireless, we're going to have it set up so that everything you do is monitored, just like everybody else here in the company. Even though you don't work for our company, you'll be protected and that will help protect us." They would stare at me, and I'd say, "I know a lot of companies don't do that, but we're doing that because we want to make sure you have a good experience and that we have a good experience by staying safe."

    What is most valuable?

    I was able to make use of Cisco Umbrella because it acts like a proxy. The company also had content security, which I used on-prem with Blue Coat products. Any time someone went off the network, the AnyConnect client had the Umbrella agent built in, and it would realize when their computer connected that they were not on the corporate network. It would monitor and they would have pretty close to the same rules that they had to follow when they were in the office, regarding what kind of website browsing they could do.

    The single pane of glass management was one of the really good features. From that single pane, not only could you look at what was happening security-wise, such as what was being blocked by domains and IPs, but you could check for your roaming users. With a deployment of AnyConnect, or just the Umbrella agent, on 5,000 machines, you could watch the main glass and see how many roaming users were out there that had it on their machines. And even if they were in the office, it was always active, talking to Cisco's cloud.

    You could see numbers. I was able to watch, as we were deploying, how many people were getting the agent. I could see activity such as how many blocks we were getting, what types of blocks they were, and whether they were in categories. I would ask why those users were going to those categories that they shouldn't be going to. Maybe we needed to just refresh them with an email saying, "Hey, remember, we don't do this kind of thing."

    Cisco's Umbrella client product is superb. It worked so well for us and was easy to deploy.

    What needs improvement?

    The design of the screens could be improved. Sometimes you're trying to look for information, for what you think is critical that should be on that first screen of the dashboard so that you can quickly take screenshots to have people help out, but you have to hop between screens to find little pieces of evidence.

    They should work with their customers to find out, when they're troubleshooting, if they're going through multiple screens just to get little pieces of information. Maybe they could design an overall security screen for an event and pull that stuff in so that it's on one screen, rather than having to go search for it. Right now, you're always going back and looking on the left-hand side, going down the column, and trying to remember where something you need is. You have to click all over the place to go find what you're looking for.

    For how long have I used the solution?

    I used it at my previous company for about four years.

    What do I think about the stability of the solution?

    It was always up. We never had any problems. It was always there.

    What do I think about the scalability of the solution?

    Scaling was very simple. Since we were using a VPN, we had Cisco AnyConnect on all the user machines, with Umbrella built into it, and that deployment was just blasted out and it was seamless.

    How are customer service and support?

    The Cisco Umbrella support group was wonderful; very strong. I loved it. I never had one issue with them. They were willing to be there with us, and walk us through things every bit of the way.

    How would you rate customer service and support?

    Positive

    Which solution did I use previously and why did I switch?

    We didn't have a whole lot going on in terms of security and when I got a new manager, he asked, "How do we protect the people when they're out in a store?" That's when we saw that's where the flaw was. We were protecting everything on-prem but the gap we found was that when users were traveling around, we were not seeing where they were going. We were holding them to a standard internally, but when they were outside they were doing whatever they wanted.

    How was the initial setup?

    What a simple product. It's a fast deployment. Then, you can start designing how you want to do your policies and what you're going to block. But once we told them what public addressing they were going to see, within a few hours we would see them go green. We said, "It's already seeing the data. Let's start applying policies, and we can start controlling all this."

    What was our ROI?

    We looked at metrics. As I mentioned, one of the benefits we received was finding the bad actors who had collected our domains that weren't paid for. That helped us to put the magnifying glass to use and say, "Hey, we have something going on." 

    I also worked with an outside company that Cisco purchased. I sent them our data from Umbrella and they actually mapped out our data and found bots on our network. There weren't many, but there were a few. The guy shared that with me on the screen and said, "If you buy the service to have us be part of your Cisco deployment, we'll take your data, continually analyze it, and give you reports." 

    There was one bot in particular that was just sitting there. The guy at the other company said, "That bot that you're seeing, it's asleep. Look again in a few hours," and it popped up. He said, "It just woke up at that point to try to do a command call." He said, "But we're blocking them, so you're not getting any threats." We didn't know that we had bots in there, and that was a big benefit.

    I also had to run numbers for reports. One of them looked at our category-blocking on Umbrella, such as blocks of alcohol sites, social media, weapons, government. I would provide monthly reports to show how many blocks we had from our users trying to go to these types of categories, and it really woke up management: "Wow. That thing is blocking." 

    Our investment in this worked, and we were showing it by numbers. It wasn't only that we found bots and bad actors, but we were also controlling things  by blocking phishing and categories. It was protecting us and no one was able to get past those blocks.

    What's my experience with pricing, setup cost, and licensing?

    The pricing was marvelous. We only had to pay for licenses and they worked a very nice deal with us. It was a much better way to go because it was within budget. It was an easy cost for us to handle.

    Which other solutions did I evaluate?

    We did not evaluate any other options. We invited Cisco to come in and do a demonstration, and it was so strong. I also come from a Cisco background of many years. In addition, the industry reviews rated them very well and we took that as our lead.

    When they came in and showed us what they could do and how easy it was to monitor every one of our sites within a day, after we put in our external public addresses, it was a no-brainer. It was up and live by the next day, after just a few hours. It was easy to use and set up and we could use it like our internal proxies. We could manage the content and know what was going on and investigate things. We knew what sites people were going to. It was wonderful. Everything we needed was there. We didn't have to go any further, and we knew Cisco would have our back.

    What other advice do I have?

    All the users understood why we were putting the security control in place, to show that not only were they going to be protected at work on company-owned devices, but whenever they would go outside, we were also going to help. We had to mitigate the chances that they would get something on their machines and make sure that we stopped anything that shouldn't come in and affect our network or expose us to anything.

    With Cisco Umbrella, employee morale was very high. We hardly had any complaints at all. One of the reasons is that, when doing regular security troubleshooting, we would go to Umbrella as our first line investigation. We might find a domain or IP that was being blocked by Cisco, something they consider a risk. We would check it out and if it didn't look to be bad we could bypass the block and allow that AD group or set of users to go to that site, because they had to do business as usual. With that ability, we had very few problems, if at all. Overall, it was smooth, with everybody happy, including management. They were happy that we had our first line of defense and that it worked out very well.

    I introduce Umbrella to any company that I'm involved with. Cisco is already taking the correct steps right now, as a CASB for any cloud activity as well as DLP. Once they circled around to help companies with protection when they move to the cloud, that was the right direction. I'm not using Umbrella every day anymore, but I'm a proponent of it as a first defense for your company at a reasonable cost. And you don't have hardware to manage. You just rely on Cisco, get your support contract, and work with them to have them help fix things.

    I'm a firm believer in Cisco Umbrella and I would definitely use it everywhere I go. I'm speaking to companies in the health industry and telling them, "Guys, you can't just have four people working on security and think you're going to do everything in the world to protect your hospital. You're going to end up on the news." I try to introduce them to this type of solution, to at least have something there to mitigate and help out.

    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    Flag as inappropriate
    PeerSpot user
    Buyer's Guide
    Cisco Umbrella
    August 2022
    Learn what your peers think about Cisco Umbrella. Get advice and tips from experienced pros sharing their opinions. Updated: August 2022.
    622,949 professionals have used our research since 2012.
    Network Security Architect at Lake Trust Credit Union
    Video Review
    Real User
    Top 20
    Protects users whether in the office or out, and we get the same policy in both locations
    Pros and Cons
    • "The single-pane-of-glass management is very important. We have a very small team. We can't spend a lot of time going from product to product to product to either investigate or set up policy. We need to have one place that we can go to and set everything up."
    • "The only thing I can think of is that I'd like to see a little more flexibility in policy creation. The way that policy is currently structured is like a "first hit succeeds" kind of policy. It would be nice if it were more hierarchical."

    What is our primary use case?

    We use Umbrella to front-end all of our DNS requests and that way they protect any of our end-users from going to any kind of malicious site. It doesn't matter if they're in-house in one of our locations, or if they're remote and working from home. That was the biggest part was the fact that we could protect our end-users, even when they're not in the office.

    How has it helped my organization?

    We were actually trying to solve other challenges, which included just to protect the onsite, but once COVID hit, it pretty much made it a very easy transition for us. At one point, when COVID was at its highest peak, we had everyone working remotely. We didn't have to worry about how we were going to restrict our access on the internet, because Umbrella was already handling that for us.

    It made us more secure, which is a very important thing for a financial institution.

    The support for hybrid work was the biggest thing. It protects our users, whether they're in the office or they're out of the office. We get the same policy in both locations. We can assign policies based on individual group memberships and it travels with them no matter where they go. It helps no matter where they are.

    Since it's based on user DNS requests, it's right from the endpoint all the way through the network to be able to identify those locations and restrict access if necessary. It's not just the malware sites, which is very important, but it's also just content in general. There are business reasons for restricting access to certain content.

    Since we implemented Umbrella, we are seeing a fairly significant amount of threats being blocked. A good 20 percent of all the activity, on average, that we see is actually being blocked by Umbrella, because it's either violating policy or it's some kind of malware.

    What is most valuable?

    Both monitoring the activity, so that we can investigate anything that may pop up, and the ability to restrict the access, or filter out what content end-users can view or go to [are valuable features of Umbrella]. Also, the fact that it blocks them from any known malicious locations.

    It works really well and the best part about it is the fact that it's transparent to the users until they try to go somewhere that's either restricted because of content or restricted because of the fact that it's malicious. Then they simply get a popup and that's all there is to it. So from their perspective, it's very easy. They don't have to do anything in order for it to work.

    There is a single portal that we go to that handles being able to set up policy, look at activity, or even manually add sites that we think that we want to restrict, even if it's not considered a particular category or a particular malware. The single-pane-of-glass management is very important. We have a very small team. We can't spend a lot of time going from product to product to product to either investigate or set up policy. We need to have one place that we can go to and set everything up.

    It's really easy. It's an easy portal to go to, it's cloud-based, so we can get to it from anywhere. The ability to set up the policy is pretty straightforward. There are a lot of tie-ins with other products, like SecureX and other things, that make it just as easy.

    It's cloud-based, so as long as you can get to the cloud, you're golden.

    What needs improvement?

    The only thing I can think of is that I'd like to see a little more flexibility in policy creation. The way that policy is currently structured is like a "first hit succeeds" kind of policy. It would be nice if it were more hierarchical.

    For how long have I used the solution?

    I have been using Cisco Umbrella for about four years now.

    What do I think about the stability of the solution?

    It's been extremely stable. In the last four years, I do not recall a single outage. There has been nothing that I can think of that actually affected the performance of the system at all in the last four years.

    What do I think about the scalability of the solution?

    We've never had an issue with scale. We've scaled it up to every user that we have in-house. When we deployed the gateways, we deployed two for HA purposes, but from a scale perspective, it's DNS queries. It doesn't take much. Our whole organization is on it.

    How are customer service and support?

    Support for Umbrella is very good. There's a way to contact them directly from within the portal and we use that periodically.

    I give them about a nine out of 10. There are issues with Cisco's tech support, like all the rest of them.

    How would you rate customer service and support?

    Positive

    Which solution did I use previously and why did I switch?

    Umbrella was actually the first [solution we used in this area]. Once we discovered that that was a big hole we had—we didn't have anything that was controlling content for our internal end-users—we could run into problems with regulation, problems with compliance. It could run into issues with HR, as well as security issues associated with malware. We knew it was a hole, that we were missing. Umbrella filled that hole for us.

    How was the initial setup?

    There were two pieces of the deployment. One was the cloud deployment, which got us set up in the cloud to begin with. We also had gateways that were installed on-prem, in-house.

    We were able to get the gateways up and running in about an hour. The cloud deployment was all done by the Umbrella organization on the back-end side. To deploy to the end users, all we needed to do is set up a policy that said, "This is what you use for DNS." Once that was set up, we were done. Deploying that was done in a group policy and that group policy was pushed in a matter of minutes. The entire solution was probably deployed in just a few hours.

    What about the implementation team?

    We did it all ourselves. Cisco handled the back-end side with the portal itself, but the rest of it, we did ourselves.

    What was our ROI?

    I think we got our return on investment within the first month of its use, because of the increased security that we had in the organization; the ability to have a product that is protecting our end-users. We do educate our end users today, but Umbrella doesn't require us to go through as in-depth an education process to say, "Okay, you're going to have to do the research. You're going to have to figure out what sites are bad. You're going to have to figure out where not to go." We don't have to do any of that. That's all handled by Umbrella. We just need to let them know that we're protecting them on the back-end side.

    What's my experience with pricing, setup cost, and licensing?

    Its value exceeds its pricing.

    Which other solutions did I evaluate?

    We looked around to see what was available. There were a lot of content filtering solutions available, but one of the things that Umbrella brings, in addition to content filtering, is that awareness of known threat sites. Their tie-in with Talos, Talos being that organization that does all that research and feeds that into Umbrella, means that we not only have known malware sites from six months ago, but we're getting feeds from Talos within hours.

    What other advice do I have?

    The impact on our employees' morale has been good. Anytime the employees understand that we're doing something from a technology standpoint to secure the organization more, that makes them happy. It's something that they don't have to concern themselves with as much and it improves morale quite a bit.

    Resilience in cyber security is extremely important. We're a financial institution, so cyber security is very high on our organizational goals, all the time. Making sure that cyber security is resilient against any of the latest attacks that are coming out is extremely important. It's a constant thing. Cyber attacks are increasing every single year. The methods that are being used are increasing every single year. If something were to happen, not only would we have a financial impact, but we have a reputational impact. For a financial institution, a reputational impact could be just as devastating as a financial one.

    Umbrella helps us with that overall security. It gives one less attack vector for the bad guys to get into. We're protecting those end-user devices and we're protecting those end-users from going to places that could be malicious. The fact that it's doing that for those end-users increases our overall security without us having to rely specifically on end-user education in that particular attack vector.

    For leaders who are looking to increase resilience within their organizations, I would say that what is necessary is to do as much security, in-depth, as you can. That includes using Umbrella to protect your users and using lots of other security products and being able to secure every aspect of your organization.

    I would rate Umbrella absolutely a 10 out of 10. It's literally a lifesaver when it comes to being able to protect our endpoints.

    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    Flag as inappropriate
    PeerSpot user
    Dan Brunnquell - PeerSpot reviewer
    Director Of Information Technology at a financial services firm with 11-50 employees
    Real User
    Top 5Leaderboard
    Works exactly how it's supposed to and gives confidence that when our laptops leave the building, they are protected as if they were behind our firewall
    Pros and Cons
    • "When we have laptops that leave the building, they could connect to public WiFi before they establish a VPN connection back into the company. For that duration or that period of time when they're not docked in the network or on a VPN, they effectively don't have that full layer of security that I provide inside the building. This tool stands in during that period of time, and we extend the security settings through their basic firewall or their cloud-based firewall at that time. So, we do content filtering and control access, but they also are looking at new domains, IP addresses, and bad requests. They're blocking them on my behalf when a laptop is not sitting behind our security appliances."
    • "There are a couple of interface issues. I know that they say that there are feature enhancements that are noted. For example, we've got the Cisco Meraki security appliances, and there, we geofence our company to where we're allowed to send and receive traffic. So, in our case, by default, we only allow traffic to six different countries, which allows us to effectively prevent traffic for the majority of bad players in the world, but they don't give you an easy way to do that in Cisco Umbrella. With Cisco Meraki, I can specify or pick the countries. I can say that I want to only allow traffic from these six countries, and I'm done. With Cisco Umbrella, I have to rely on the fact that they're going to prevent traffic to other countries. They're going to decide if it's good or bad."

    What is our primary use case?

    We use Cisco Umbrella to secure our gateway. All of the DNS forwarding coming out of the company from any site or all the DNS requests are forwarded through Cisco Umbrella, and then they determine if that is a safe address and if the content coming back is safe. They will either reject the addressing out of hand, or they'll look at the Layer 7 content and reject that from making it back to us.

    We are using the Secure Internet Gateway (SIG) Advantage package. In terms of deployment, effectively, it's deployed from our private cloud. It's in our data closet on our servers.

    How has it helped my organization?

    It enables us to finally allow laptops to be used as workstations and allow data to leave the building. In the past, laptops were only used for VPN access, but they would connect back to their data inside the company. This has allowed us to have a level of confidence that they're protected as if they were behind our firewall. So, now, we've got work-from-home people who literally have their workstations with them.

    We have six sites with 60 to 70 users. The baseline configuration allows for additional protection for any DNS requests as they leave those sites, and then the secondary policy is for the mobile devices as they leave the premises. When they're connected to public WiFi, they have an additional policy that kicks in for that time that they're not connected back to the company. So, when they're on public WiFi without a VPN, the tool will actually put that second policy in place that's more aggressive and offers a higher level of protection when it's not sitting behind the firewall. All that is automated. It's all built into the agent.

    We don't allow WiFi inside of our network for connection to our actual business network. As soon as a device is docked, it disables WiFi on that mobile device.

    What is most valuable?

    When we have laptops that leave the building, they could connect to public WiFi before they establish a VPN connection back into the company. For that duration or that period of time when they're not docked in the network or on a VPN, they effectively don't have that full layer of security that I provide inside the building. This tool stands in during that period of time, and we extend the security settings through their basic firewall or their cloud-based firewall at that time. So, we do content filtering and control access, but they also are looking at new domains, IP addresses, and bad requests. They're blocking them on my behalf when a laptop is not sitting behind our security appliances.

    What needs improvement?

    There are a couple of interface issues. I know that they say that there are feature enhancements that are noted. For example, we've got the Cisco Meraki security appliances, and there, we geofence our company to where we're allowed to send and receive traffic. So, in our case, by default, we only allow traffic to six different countries, which allows us to effectively prevent traffic for the majority of bad players in the world, but they don't give you an easy way to do that in Cisco Umbrella. With Cisco Meraki, I can specify or pick the countries. I can say that I want to only allow traffic from these six countries, and I'm done. With Cisco Umbrella, I have to rely on the fact that they're going to prevent traffic to other countries. They're going to decide if it's good or bad. I can't geofence out. I can plot top-level domains, but .com and .net go global. I can certainly block a China (CN) or a Russia (RU) domain, but that doesn't give me the same level of granularity. 

    Apparently, Cisco Umbrella has got that as a feature request to allow an administrator to say, "I specifically only want traffic to and from these countries. Everything else should be dumped." That way, when they're sitting behind my network or they go out in the wild, they have that same level of traffic being blocked.

    For how long have I used the solution?

    I have been using it for 14 to 15 years.

    What do I think about the stability of the solution?

    We've had no issues. It has done exactly what it's supposed to do.

    What do I think about the scalability of the solution?

    It is cloud-based. So, scalability should not be an issue. 

    Any increase in its usage is all relative to the growth of our staff. Currently, we deploy the laptops for people who need to work from home or are traveling between the banks. That's roughly about 20% of our total staff. Some people aren't going to be working from home, and some of their jobs can't be done from home. They have no need for mobile devices. If there is a need to work from home, its usage will increase. It is there if we need it to scale, but at this point, it is not scheduled to change.

    How are customer service and support?

    Once I became a paying customer, it was much better. The preliminary training is there, but when you get into the nuances and the details of some of its capabilities, you need to talk to tech support. Once you're a paid customer, you get direct access, and then it's good. When I'm able to get a hold of them, their technical support is a 10 out of 10.

    How would you rate customer service and support?

    Positive

    Which solution did I use previously and why did I switch?

    I didn't use any similar solution previously. 

    How was the initial setup?

    I was a hundred percent involved in its deployment. We had a couple of issues. The proof of concept was done without a lot of planning. So, there were some mistakes made along the way. If I was doing it again the second time, I wouldn't make the same mistakes. 

    The default configurations have your baselines. Those are never supposed to get changed, and I changed and tweaked those for our proof of concept. After a couple of weeks, I had some additional guidance from the Cisco Umbrella team. You leave the baseline configuration, and then you clone and create a new configuration that sits in front of it. So, everyone gets the baseline, and you don't change that. If you want to change it, you make a new policy and then make the changes to that. If you change the baseline default policy and you make a mistake in it, you've to back that all out. If you make it in the new policy, in the worst case, you just delete it, and automatically everyone goes back to baseline. So, there's still a policy in effect. That was a training issue that should have been resolved. Now that I've done it, if somebody asks me, I would say that this is the way you've got to do it.

    What about the implementation team?

    It was just me taking care of its deployment. In terms of maintenance, once it's configured, unless you're retweaking and adding or removing something that was blocked, it pretty much runs itself.

    What was our ROI?

    I have less maintenance to resolve, fix, and reconfigure VPN clients personally, and the feedback from the end-users is that they're more productive.

    What's my experience with pricing, setup cost, and licensing?

    We were using the free version, and we implemented the paid version about two months ago.

    I'm paying a fair price, but everything is negotiable with Cisco. One of the benefits that I got by having Cisco Umbrella is the licensing of the Cisco AnyConnect VPN client. There has always been an issue for years and years with Cisco Meraki in terms of VPN clients and using the native built-in Windows client. It keeps reconfiguring itself. By using Cisco AnyConnect as the VPN client, it's not affected by Windows patching or people typing in passwords by mistake. It's more resilient and doesn't change. With just Meraki solution, there was an extra expense for the Cisco AnyConnect VPN client. By having Cisco Umbrella, that licensing is now included.

    Which other solutions did I evaluate?

    There were a couple of other options, and I discussed them with another consultant. As a regulated industry, we have to do vendor management, and vendors have to be vetted. So, Cisco was already a vetted vendor. There are other companies that do the same thing, but Cisco didn't require me to do any more vetting. They were already a vendor.

    What other advice do I have?

    When it's configured the way it's supposed to work, it turns itself on and off based on the status of the VPN or the dock condition. Once it's configured, it does exactly what it's supposed to do. 

    If you're doing a proof of concept on it, fully understand how the policies are configured and what the flow is. You should understand the hierarchical status of the policies to configure it right the first time. You don't really want to guess it.

    I would rate it a 10 out of 10.

    Which deployment model are you using for this solution?

    Private Cloud
    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    Flag as inappropriate
    PeerSpot user
    Network Administrator
    Video Review
    Real User
    Saves us a lot of time and a lot of effort in isolating the actual issue
    Pros and Cons
    • "A single pane of glass saves time... This does have a lot of options available for us to see who's doing what, what trends, what errors. We can set up our alerting through it as well. It is definitely a great dashboard."
    • "Something on our end that might make it better is alerting going to our ticketing system. It's not something that we have discussed, but that would be a proactive option for us to provide a learning experience for the staff."

    What is our primary use case?

    We use Umbrella to monitor user activity and make sure that our staff isn't clicking on malicious links. We also use it to protect us by being more proactive on links that are already known to cause harm or potential hacks. Overall, it's keeping everything in a safe box.

    How has it helped my organization?

    We had a lot of challenges with staff clicking on ad links, random Google search links. Most staff want to shop during the day or in their downtime and were clicking on random links and then causing potential network issues, bugs, and causing network downs. Umbrella has helped us limit that.

    It has provided our organization with more stability. Even though staff would like to shop using certain links, it gives us the option to educate them: "Hey, some of these links, just don't click on those." We are pretty lenient. We understand people want to shop and do other things at work. We try to keep it work-related, but safe.

    Everyone really just wants to be able to click and do what they do, just like at home. But for the IT side of it, it does benefit us by limiting all of the extra activity. It does give us some comfortability that we aren't going to wake up, or even come in in the afternoon, and the whole network is down because someone went to buy some shoes or they clicked on a malicious email and caused a chain reaction.

    It's very important for our organization to support the hybrid workers because we're a health clinic. A lot of staff are going to be away, but with the COVID numbers still out there, we want to be able to provide the same support that we did before COVID. We want to give the same flexibility, the same availability to our patients, that we had in the past. Being remote or having hybrid, it does give us a different range of opportunities to implement different workflows. They can reach out with more telecommunication, more video conferencing, rather than having a patient drive out to a site to seek support. We can do remote assistance and, with Umbrella, it still gives us the opportunity to be secure through those communication links.

    We don't really have metrics at this particular time for it, but just [anecdotally] from past troubleshooting, having to diagnose maybe five different areas, this saves us a lot of time and a lot of effort in isolating the actual issue. We can just open up Umbrella, go to the specific area that we feel is impacted, or just look at one of the key dashboards that are on the portal and identify the issue.

    It's very easy to maintain network connectivity with Umbrella. Before, we were having a lot of issues, but since Umbrella has been implemented, we really haven't had to touch it. It's kind of self-sufficient.

    The solution is a lot more proactive. It does have its own features where it constantly uploads known threats and blocks those. It takes a lot of the guesswork out of our environment, but it also gives us an opportunity, if there are some questionable links, to diagnose those without it impacting the environment.

    What is most valuable?

    The best feature is the visibility. We're able to see the specific user names of whoever clicked on a certain link. It also gives us a threat detection level. It allows us to maintain more [awareness of] who's doing what they shouldn't be doing. The most valuable asset of it is giving us the ability to categorize who should have access to what type of sites.

    This solution does give us a single-pane-of-glass for this particular instance. We do have several products implemented that we manage, which this hasn't integrated with yet, but we have just been made aware of the SecureX implementation and we are looking into implementing that and bringing that into another single-pane-of-glass, but with more options available.

    A single pane of glass saves time. It saves effort and the headache of having to open up multiple links and go to different dashboards for troubleshooting different areas. This does have a lot of options available for us to see who's doing what, what trends, what errors. We can set up our alerting through it as well. It is definitely a great dashboard.

    The dashboard, the single pane, is very helpful, it's very visual. Everything is straightforward there; it's definitely important for management. Even when we bring it to upper management and explain why this product is beneficial for us, this gives us a good breakdown and makes a lot of details available for us.

    What needs improvement?

    So far, I haven't seen any areas that need improvement. As far as what we need it to do, it's doing just that. It's comfortable for us. It's working beyond our expectations. Something on our end that might make it better is alerting going to our ticketing system. It's not something that we have discussed, but that would be a proactive option for us to provide a learning experience for the staff.

    For how long have I used the solution?

    We've had Umbrella implemented for about two years.

    What do I think about the stability of the solution?

    The stability is very great. Once it's deployed and you do your due diligence to make sure that everything is communicating and in sync, we've hardly had to touch it.

    What do I think about the scalability of the solution?

    For our environment, it doesn't seem to have any issues with the amount of users and staff. We have been constantly growing since we deployed it without any impact. No negative impact is forecasted.

    How are customer service and support?

    The support has been really good. I have only had to utilize support about three times. It's been more of a training area: "How do I get to this area?" and "What does this actually do? How can this benefit me?" From there, it still has been stable and smooth and doing everything that we expected it to do.

    How would you rate customer service and support?

    Positive

    Which solution did I use previously and why did I switch?

    We had a different overall firewall solution, which was a Sophos firewall. But since we migrated away from that, we implemented the Firepower firewall and, in addition to that, added in Umbrella.

    The reliability wasn't really there, with Sophos always having issues, even from the endpoint perspective. We had issues across the board and it was management's decision to look into a new solution.

    How was the initial setup?

    We just did one deployment through a virtual machine and that manages all of our routers and all of our users. We haven't had to do multi-site configurations or deployments. It goes towards the organization, uploads all of our users, and all of our statistics, and maintains things from there.

    What was our ROI?

    I'm not sure of the actual cost that went into it, but it's definitely a productive product for us.

    What other advice do I have?

    The solution doesn't require almost any maintenance, unless you're doing triple checks, upgrades, or just being proactive in different areas. But for the most part, once it's deployed, you just give it about a week or two to check your levels and make sure everything is the way that you intend the product to work.

    As far as the IT infrastructure team goes, we're all happy with the product. It definitely takes a lot of load off of our plate. We don't have to deal with certain sites being blocked. We have been able to set expectations, where these particular users have access to these types of sites, and certain sites are just blocked. That's just the company standard. From the staff perspective, they want to be able to browse freely, but we were able to set those expectations and guidelines and that we're working in the best interests of the site.

    I'll rate it a 10 out of 10. It's been functioning very efficiently and effectively, and it's doing everything we need it to do. It takes a lot of load off of our team.

    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    Flag as inappropriate
    PeerSpot user
    Andraz Piletic - PeerSpot reviewer
    Technical Solutions Architect at Flint
    Video Review
    Real User
    Is user friendly and easy to deploy, and provides single-pane-of-glass management
    Pros and Cons
    • "One valuable feature is definitely its simplicity in terms of deployment. It is very easy to integrate it into the environment without any heavy lifting. Users didn't notice that we implemented it. You can start with a very low monitoring mode and start observing what Cisco Umbrella sees."
    • "I'd like to see this solution more closely integrate with other products Cisco has in its portfolio."

    What is our primary use case?

    As a Cisco partner, try to test things on our own before we position the product to our customers or educate partners on it. So, the primary use case was to test things out and to be our own first customer. We started using it internally for our own purposes to secure our access to the internet with Umbrella.

    We use Cisco Umbrella to secure internet connectivity and especially to focus on the threats introduced through web browsing. This is because most of the applications the workers use are browser-based.

    The traffic, by default, is typically encrypted with HPS, and we use Cisco Umbrella to get more insight into that traffic. The classical security appliances have very low visibility into them. This is where we see Cisco Umbrella have the most traction.

    How has it helped my organization?

    In general, it increases the security level. It helps us prevent threats from being accessed. Also, the visibility into internet bounce traffic is increased. So, in general, it increases the overall internet security of the organization.

    What is most valuable?

    One valuable feature is definitely its simplicity in terms of deployment. It is very easy to integrate it into the environment without any heavy lifting. Users didn't notice that we implemented it. You can start with a very low monitoring mode and start observing what Cisco Umbrella sees.

    In terms of helping workers feel safe, secure, supported, and included, the solution is pretty transparent to the end user in most cases. They don't necessarily get any confidence from it, but it's supposed to be that way. It's supposed to be as transparent as possible. However, when the end-user accesses a site that is blacklisted or treated as potentially suspicious, he or she will see a warning displayed. This gives them additional confidence that somebody else is taking care of the details and that they can confidently browse around. If they come across a suspicious site, they know that they will get a warning or advice on how to proceed.

    Cisco Umbrella supporting hybrid work environments is important. Within our organization, even before COVID, a lot of us worked remotely from time to time. For companies that we work with, it has become a reality with COVID. Before, everybody was working on site, and now, that's no longer the case. It is important to have flexibility and know that even if we work from home or from another place we're still secure.

    For all Umbrella-related things, it does provide single-pane-of-glass management, but it's one component. If I look at the typical employee, he is only one piece of the puzzle. Other solutions, like, for example, AnyConnect for remote access, are managed separately. For Umbrella-specific items, it's a single interface for management. For monitoring, policies, and troubleshooting a specific case, everything is in one place. I don't need to go through the logs to know where to look.

    My organization is not very large, and I'd say my colleagues are pretty proficient. So, it's not a high priority to have single-pane-of-glass management, but it's always good if solutions are capable of integrating together. If by enabling single-pane-of-glass management the workflow is simplified and the day-to-day operations are a little easier, then that's something we definitely want to benefit from.

    The administrator user experience is definitely optimized by single-pane-of-glass management, especially if the personnel are busy. Then, it helps if all the relevant details are in one place.

    In terms of maintaining network connectivity, Umbrella on its own is pretty user-friendly. It is easy to set up and maintain. It's one of its strong suits.

    For the branch and campus, it's very simple to apply and maintain network connectivity. For the home environments, there are options to integrate it into the employee's PC as well. Cisco Umbrella supports different methods for different environments so that you can achieve the level of implementation that you need. It's where it should be.

    It's very efficient in securing the infrastructure from end to end so that we can detect and remediate threats. You can simply adopt it right into the environment, and you don't need to build the rule sets on your own. It utilizes best practices, and it's very easy to set up policies such as potential malicious categories on the internet, what you want to block, what you want to filter out, etc. It's very easy to implement those.

    When you go through the reports, you can see what kind of threats were blocked. Luckily, we haven't had an incident where something got through and caused a security incident.

    In terms of metrics on how Cisco Umbrella has been able to remediate threats, the numbers look pretty impressive. However, it's hard to assess how serious that potential threat really was. It's hard to put actual weight on the numbers to determine how meaningful those numbers are.

    The value that resilience helps offer in cyber security is pretty high. Cyber security resilience is a high priority in our organization. It's important to our customers that we handle what we do for them in a secure manner.

    What needs improvement?

    I'd like to see this solution more closely integrate with other products Cisco has in its portfolio.

    I would also like to be able to manage the identities, for example. If you define them in ISE, it would be good to be able to use the same identities also within Umbrella. It would simplify the use of multiple products within the organization from the same vendor.

    For how long have I used the solution?

    I've been using it for about three years now.

    What do I think about the stability of the solution?

    Stability-wise, Cisco Umbrella is pretty robust. The uptime statistics are very high. There are, generally, no issues with stability.

    What do I think about the scalability of the solution?

    Our organization isn't very large, but it's pretty scalable for larger organizations. At the moment, it's not a limiting factor.

    How are customer service and support?

    Technical support is one of Cisco's strong suits. In my experience, the Umbrella team has been very quick to turn around requests. It's even been above average by Cisco's standard compared to the turnaround time for other Cisco solutions and products.

    I would give Cisco's support a rating of nine on a scale from one to ten.

    How would you rate customer service and support?

    Positive

    How was the initial setup?

    We deployed it by configuring local devices to redirect the DNS request to the SAS service Umbrella provides.

    The solution is cloud-based. You just send your DNS request or your traffic to it. You can start with a monitoring-only mode. So for example, you can redirect the DNS request and start observing what Umbrella recognizes. Later, you can start defining the policies, setting up the enforcements, etc. You can very quickly get to the first results.

    What was our ROI?

    Actual ROI numbers are really hard to measure and determine. Generally, we see that customers who implement Cisco Umbrella and start using it tend to renew their licenses. They adopt the product, and they recognize the value it brings. I think this shows that there was a return of investment for them and that it achieved the desired level.

    What's my experience with pricing, setup cost, and licensing?

    Licensing with Cisco can be a little complex, but I think it's comparable with that of other similar products. It's always hard to put a price on security, but the price is fair for the value it provides.

    Which other solutions did I evaluate?

    We're a Cisco partner, and we work with a lot of Cisco solutions. So, it was pretty easy for us to decide what we wanted to try and test. We didn't really do competitive selection and assessment, and it was pretty straightforward for us to go with Umbrella.

    What other advice do I have?

    I would rate Cisco Umbrella at nine on a scale from one to ten.

    Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
    Flag as inappropriate
    PeerSpot user
    Rohan Singh - PeerSpot reviewer
    Consultant at KRS Systems
    Consultant
    Protects endpoints wherever they are, always pushing people to the right locations to avoid malicious intent
    Pros and Cons
    • "The most valuable thing is how easy it is to deploy. We did it with 9,000 users at my last job, and it took a week to get to all the endpoints. Doing that without having to physically touch all those endpoints was very simple."
    • "I'd like to see improvement in its overall integration with all the other platforms. There's some integration between Umbrella and Meraki, but an overall Cisco problem is that there are so many different tools, and finding easy, seamless ways of connecting everything together is always a challenge."

    What is our primary use case?

    I deployed it as an end-user management solution in a large IT practice, and for our end-users to have secure internet access. I've also advised on it as a consultant for companies wanting to use it to deploy SASE-type solutions.

    How has it helped my organization?

    It's really hard to have a firewall everywhere. It's also really hard to have somebody follow a user on the internet and make sure that they're doing things securely. Having a tool that's on an endpoint that you know is always connected and always pushing people to the right locations, avoiding redirects and malicious intent, has been the biggest benefit for us.

    We were exposed to ransomware attacks at a very early stage in our company. Cisco Umbrella is one of the ways that we have found to help prevent ransomware attacks. It also helps prevent users from going to places that they shouldn't be going to, beyond just firewalls and email security. It is an extra level of protection that really helps make us feel comfortable at night.

    The fact that Cisco Umbrella helps support hybrid work is really the key, having an endpoint protected wherever it is, whether it's on or off your network. That's what everybody on the planet is looking for right now.

    It has also, 100 percent, helped us remediate threats more quickly.

    What is most valuable?

    The most valuable thing is how easy it is to deploy. We did it with 9,000 users at my last job, and it took a week to get to all the endpoints. Doing that without having to physically touch all those endpoints was very simple. 

    The single pane of glass management makes it very easy to manage your rollout. We get a lot of "single panes of glass" and, eventually, you need a pane of panes of glass. But it's always good to have a clear and graphical view, and Umbrella's is nice and easy to read. Definitely, of the panes of glass that we do have, it's one of the easiest to use.

    The single pane of glass is good to group users together and separate people out. Some people need different types of security. Some people are more vulnerable. Some have more highly valuable assets, like C-suite people. It's really good to be able to have end-users defined inside of that. You don't have to jump around. You don't have to figure out who's who. It's all done through one pane of glass.

    What most people don't realize is that it's running in the background, which is a really nice aspect when it comes to security. Often, when you deploy a security tool, it takes up CPU performance. Everything slows to a grind. But Umbrella is so simple and easy and it doesn't affect the end-user experience. It's the best of all worlds. It's nice when people realize that they're being protected when they go to the wrong site. I think people are happy that they're protected, but it's nice that they rarely notice it.

    It's generally easy to maintain network connectivity, but with Umbrella, the nice part is that whichever connectivity you're on, you're always secure. With Umbrella, as long as you're online, you're going to be protected.

    What needs improvement?

    I'd like to see improvement in its overall integration with all the other platforms. There's some integration between Umbrella and Meraki, but an overall Cisco problem is that there are so many different tools, and finding easy, seamless ways of connecting everything together is always a challenge. Always, with Cisco tools, there is the issue of finding ways to have fewer windows to look at and how to make those tools work together better.

    For how long have I used the solution?

    I have been using Cisco Umbrella for over six years.

    What do I think about the stability of the solution?

    It's a cloud service. Beyond the actual tool working, the most important thing is its availability.

    As long as the internet connectivity is up, I've never had a problem with Umbrella not being there. It's a tool that we have never been concerned will go down while our internet connectivity is up.

    Security always has to be there. As long as your security tools are available, that's when you can be the most secure. With Umbrella, especially, we have never had an issue where it was out and we needed protection. It's probably one of the most resilient tools available on the planet. For sure, it's amazing.

    What do I think about the scalability of the solution?

    I'm sure there are bigger customers than us, but we had 9,000 endpoints secured in a month's time without a blip in the system or in performance. For us, it has been impressive.

    How are customer service and support?

    Meraki and Umbrella support are great. We have never had an issue with Umbrella, so we haven't had to evaluate support there. But whenever we have had issues with the integration between Meraki and Umbrella, Meraki support has been amazing.

    How would you rate customer service and support?

    Positive

    Which solution did I use previously and why did I switch?

    We did not have a previous solution.

    How was the initial setup?

    It was pretty straightforward. We loaded the client into Meraki Systems Manager, and then we were able to push it to all devices inside our network that had Systems Manager. It was pretty much three clicks.

    We had full Meraki stacks as most of our network deployment. We were 100 percent cloud on our solutions. Umbrella sits in between our on-premises networks or between our users at home and between our cloud applications that we use at our clinic and office locations.

    What about the implementation team?

    We did it in-house.

    What was our ROI?

    The return is that you don't get breached. It's a hard thing to quantify because if you don't get breached, you don't know what the value of that breach would have been. By not being breached and by being able to mitigate ransomware attacks, there is definitely return on investment.

    What's my experience with pricing, setup cost, and licensing?

    The pricing is great and very competitive with the rest of the market. 

    With everything to do with security, you should never worry about price because it's all about risks. The cost of $20 to $30 a license for Umbrella might protect you from $4 to $5 million worth of ransomware. It depends on your risk profile.

    Which other solutions did I evaluate?

    We evaluated Zscaler as well. The difference between Zscaler and Umbrella was that Umbrella was a lot simpler to deploy and a lot easier to manage. Zscaler requires way more customization and it has some slightly different use cases than Umbrella. For us, Umbrella was more what we were looking for and generally easier for us to manage.

    What other advice do I have?

    For C-suites that want more security resilience in their organizations, I would tell them to adopt cloud technologies as much as they can. Try to find things that will help you scale because, when you keep things on-premises, you have to be the cloud provider yourself. Tools that other people have already stretched across, and on whose service you can rely, are generally going to be better than what you can do yourself. Either that or it's going to be very expensive for you to provide that service in-house.

    Umbrella is probably one of the best tools out there in all the security landscape. It's very valuable to all people who are looking to deploy secure internet access. Everything has been perfect as far as we have used it.

    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    Flag as inappropriate
    PeerSpot user
    IT Consultant with 501-1,000 employees
    Consultant
    Top 20
    With the reduction in risk, we spend less time on end-user support
    Pros and Cons
    • "The Global Block List is one of the most valuable features because it's really easy to block domain names as well as URLs. Sometimes you don't want to block the whole site, you just want to block one URL. The Global Block and Allow Lists are the best features for us."
    • "There are some situations where we would like to block things for specific user groups. I know that Umbrella does that, but it's not that easy.... when you want a specific task for specific rules and policies for user groups, you have to go three levels down in the menu, and it's hard to find where you do that task."

    What is our primary use case?

    One of our purposes for acquiring Umbrella was to block phishing links that we get in emails and to manage risky websites. We're using it for our internal network and the roaming client for external users.

    Blocking malicious websites and preventing users from going into them, as well as the phishing attacks that usually come with malicious links, were the challenges. With Umbrella we can block them.

    We use it in our Active Directory domain and for about 175 users. We use it on desktop computers and on laptops for external users. It's all on-premises, protecting servers and workstations.

    How has it helped my organization?

    It has improved our company a lot because we now see where the users are going and prevent them from going to malicious websites. It has reduced, by a lot, the chances of hackers getting into our organization.

    With Umbrella, it's our IT staff who we feel secure. Sometimes the end-users, our clients, don't fully understand the purpose of the tools when we install them, such as the roaming client. And sometimes they get false positives and they don't fully understand why. But for us, as IT admins, we feel a lot more comfortable with the tool in place, because we know that it's unlikely our users will go to a malicious website. Umbrella is protecting us.

    Umbrella has also helped us remediate threats more quickly. It's really good for securing our infrastructure from end to end. Umbrella's footprint is really small. If you want to secure infrastructure, such as servers, you don't have to install an agent. You just have to use DNS forwarders and point them to the umbrella servers. That's easier. It helps us protect our infrastructure for sure.

    What is most valuable?

    The Global Block List is one of the most valuable features because it's really easy to block domain names as well as URLs. Sometimes you don't want to block the whole site, you just want to block one URL. The Global Block and Allow Lists are the best features for us.

    Cisco Umbrella also provides a single pane of glass for management. It's really helpful and it's important for us because we have multiple locations. Without a single pane of glass, if you want to block websites you have to go to every location, in each firewall, one by one. But when you have a single management portal, it's a lot easier.

    The user experience is good because, as IT and admins, it's easy to use. But that's not only for admins, it's also true for the clients because they know the reason a website is blocked. The user experience is pretty smooth because they can report a false positive or a malicious website that has not been blocked in Umbrella. We are happy with the user experience.

    And when it comes to applying and maintaining network connectivity consistently across all workplaces, Umbrella is excellent. We can track, among the different locations that we have, where the users are trying to get to. That means the risk of disruption is reduced by using Umbrella. And in that way, Umbrella contributes to maintaining network connectivity.

    The user interface is pretty nice. Once you know how to do tasks, it's easy.

    What needs improvement?

    There are some situations where we would like to block things for specific user groups. I know that Umbrella does that, but it's not that easy. When you go to the Global Allow and Block Lists, that's the easy part. But when you want a specific task for specific rules and policies for user groups, you have to go three levels down in the menu, and it's hard to find where you do that task.

    Also, the policies are not that easy to manage.

    For how long have I used the solution?

    I have been using Cisco Umbrella for around a year and a half.

    What do I think about the stability of the solution?

    The stability is really good. They have about 99.99 percent uptime. I can't think of a significant disruption in the service.

    What do I think about the scalability of the solution?

    We are a small organization, but from what I have seen, it is very scalable.

    How are customer service and support?

    We have never requested support.

    How was the initial setup?

    The initial deployment was straightforward.

    The solution is on-premises but the management is cloud-based.

    What about the implementation team?

    We did it all by ourselves.

    What was our ROI?

    We have seen return on investment by reducing the risk we had in the past. That has saved us from having to invest a lot of time in support, which is something we had to do when a user didn't know what they were doing and got infected. We now spend less time on end-user support.

    What's my experience with pricing, setup cost, and licensing?

    The pricing is pretty fair. It's good.

    Which other solutions did I evaluate?

    In my former company, we used Area 1 for DNS protection, not Umbrella. I knew OpenDNS before it became Umbrella. In fact, I used OpenDNS for my personal accounts. In my current company we evaluated Area 1, but in the end, we loved Cisco's support and that is one of the reasons we went with Umbrella. But, obviously, the features in Umbrella are pretty good.

    What other advice do I have?

    Once our end-users understood why we use Umbrella, that it was for improving our organization's security, it improved their morale. Nowadays, they are aware of cyber threats and they know that Umbrella is one of the tools that we use to prevent a breach. They feel more secure now.

    Resilience helps a lot in cyber security. One of the things that makes Umbrella great is that you don't have to detect threats by yourself. Wherever in the world a new threat is detected, it's in the Global Block List of Umbrella and we don't have to manage those threats one by one.

    That kind of resilience is more and more important for our organization every day. Fortunately, our C-level now understands the risks and what the organization could lose. They understand the impact. With the support of management, cyber security is really important for our organization.

    I would tell the leaders of other organizations who want to build more resilience that cyber security is more important now because we are serving our internal and external customers. The problem with a cyber security risk, a threat or a disruption in IT services, is that it will probably cause us to stop producing what we produce. Our customers will have a bad experience, and that means it is not only a financial issue but one of reputation. I would tell such leaders to always keep cyber security in mind because it's not just about your IT guys, it's for the whole organization.

    It's an excellent product. It has worked really well. The only reason I don't give it a 10 out of 10 is, as I mentioned, that there are some tasks that could be done more easily.

    Which deployment model are you using for this solution?

    On-premises
    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    Flag as inappropriate
    PeerSpot user
    Buyer's Guide
    Download our free Cisco Umbrella Report and get advice and tips from experienced pros sharing their opinions.
    Updated: August 2022
    Buyer's Guide
    Download our free Cisco Umbrella Report and get advice and tips from experienced pros sharing their opinions.