Cisco Umbrella OverviewUNIXBusinessApplication

Cisco Umbrella is the #1 ranked solution in top Web Security Gateways, #1 ranked solution in top Internet Security tools, #1 ranked solution in CASB solutions, #1 ranked solution in top Secure Access Service Edge (SASE) tools, #1 ranked solution in top Domain Name System (DNS) Security tools, and #2 ranked solution in top Cisco Security Portfolio tools. PeerSpot users give Cisco Umbrella an average rating of 8.8 out of 10. Cisco Umbrella is most commonly compared to Zscaler Internet Access: Cisco Umbrella vs Zscaler Internet Access. Cisco Umbrella is popular among the large enterprise segment, accounting for 61% of users researching this solution on PeerSpot. The top industry researching this solution are professionals from a computer software company, accounting for 20% of all views.
Cisco Umbrella Buyer's Guide

Download the Cisco Umbrella Buyer's Guide including reviews and more. Updated: May 2023

What is Cisco Umbrella?

Cisco Umbrella offers flexible, cloud-delivered security according to users’ requirements Cisco Umbrella includes secure web gateway, firewall, and cloud access security broker (CASB) functionality all delivered from a single cloud security service. Cisco Umbrella’s protection is extended to devices, remote users, and distributed locations anywhere. As company employees work from many locations and devices, Cisco Umbrella is the easiest way to effectively protect users everywhere in minutes.

Cisco Umbrella uses machine learning to search for, identify, and even predict malicious domains. By learning from internet activity patterns, this DNS-layer security solution can automatically identify attacker infrastructure being staged for the next threat. These domains are then proactively blocked, protecting networks from potential compromise. Cisco Umbrella analyzes terabytes of data in real time across all markets, geographies, and protocols.

Cisco Umbrella works with leading IT companies to integrate its security enforcement and intelligence. Built with a bidirectional API, Cisco Umbrella makes it easy to extend protection from on-premises security appliances to cloud controlled devices and sites.

Cisco Umbrella is suitable for small businesses without dedicated security professionals, as well as for multinational enterprises with complex environments.

Why use Cisco Umbrella?

  • Simplify security management: Cisco Umbrella is the fastest and easiest way to protect all users within minutes and reduces the number of infections and alerts sent from other security products by stopping threats at the earliest point. With no hardware to install and no software to manually update, ongoing management is simple

  • Reliable reporting: Cisco Umbrella reports show activity for each device or network in the system. Users gain a more complete picture of the security risks facing their organization and can take action to remedy them.

  • Manage and control cloud apps: Umbrella provides visibility into sanctioned and unsanctioned cloud services in use across the enterprise. Users can uncover new services being used, see who is using them, identify potential risk, and block specific applications easily.

Reviews from Real Users

Cisco Umbrella stands out among its competitors for a number of reasons. Some of the major ones are its DNS-based protection, ability to protect users no matter where they are located, stability, and high performance.

Daniel B., a network specialist at Syswind Kft, writes, “We primarily use the solution as cloud security for our branches. It protects us from direct internet outbreaks. It makes for good flexibility. The solution is very easy to manage. We found the initial setup, for example, to be quite simple. Efficient protection on the DNS level and even higher. The sandboxing feature analyses and handles the complicated security risks.”

Victor M., SOC & Security Services Director at BEST, notes, “It provides security for the remote workers and it helps to improve enterprise security in a very easy way. We mainly enjoy web software protection capabilities. It prevents the end-users from getting into bad sites or sites that potentially could have malware or could be phishing. It helps end-users avoid the wrong sites. The solution works very smoothly. The user interface is good.”

Cisco Umbrella was previously known as OpenDNS.

Cisco Umbrella Customers

Chart Industries, City of Aspen, Eastern Mountain Sports, FLEXcon, George Washington University, Jackson Municipal Airport Authority, Ohio Public Library Information Network, PTC, Richland Community College, Smart Motors, Tulane University, VeriClaim

Cisco Umbrella Video

Cisco Umbrella Pricing Advice

What users are saying about Cisco Umbrella pricing:
  • "The pricing was marvelous."
  • "It was a little bit expensive on a per seat basis, but the company I was running was only a midsize Australian company, and it was a reasonable budget per computer for that system. It started off being a free product, and then Cisco bought it, and it went to a reasonable price. I was using Cisco AMP as well. So, my per computer cost was reasonably high, but for a small company, it was within an acceptable level."
  • "Its value exceeds its pricing."
  • "Cisco has a set price for a single license up to 100, but whenever we get over 100, we have to ask for a quote."
  • "We were using the free version, and we implemented the paid version about two months ago. I'm paying a fair price, but everything is negotiable with Cisco. One of the benefits that I got by having Cisco Umbrella is the licensing of the Cisco AnyConnect VPN client."
  • Cisco Umbrella Reviews

    Filter by:
    Filter Reviews
    Industry
    Loading...
    Filter Unavailable
    Company Size
    Loading...
    Filter Unavailable
    Job Level
    Loading...
    Filter Unavailable
    Rating
    Loading...
    Filter Unavailable
    Considered
    Loading...
    Filter Unavailable
    Order by:
    Loading...
    • Date
    • Highest Rating
    • Lowest Rating
    • Review Length
    Search:
    Showingreviews based on the current filters. Reset all filters
    Drake Kapler - PeerSpot reviewer
    Network Planning Associate at a manufacturing company with 1,001-5,000 employees
    Video Review
    Real User
    We can see all of our locations in one place and only have to make changes once for all our locations
    Pros and Cons
    • "Umbrella, being one pane for managing, being all-encompassing, allows us to quickly go in, make a change, and it applies to either every location, if we want it to, or we can have policies in place that only apply to certain users or certain computers."
    • "In my experience with Umbrella support, sometimes the response times take a bit more time than we would like... sometimes, if you go through email, it can take quite a while to get a response."

    What is our primary use case?

    We're actually in the process of using this to replace our current web proxies. We use both, side-by-side, at the moment. The plan in the future is to eventually get those replaced with Umbrella so that we can have an overall, overarching proxy either that's based in the cloud or whatever we need. But this currently is our most convenient way of replacing web proxies across all of our locations at our company.

    How has it helped my organization?

    It's definitely made things more centralized. Our current setup is that we have proxies, either physical or virtual, throughout our different locations. Each location has its own proxy at the moment. What's nice about Umbrella is that we can just go into the site and see all of our locations in one place and look at all of our computers, users—everything. It's not divided into separate proxies that we have to go into and figure out which person's using which proxy. Umbrella lets us just see everybody at once, which is really handy for us, and we don't have to spend too much time messing around with figuring out who's where and which location needs this change. [We can just make] changes throughout every location at once, rather than one at a time with those proxies that we currently use.

    The past couple of years, [the fact that the solution helps support hybrid work has been] especially important because now we can't use those proxies if people aren't onsite. The way our network was set up was that we had it filtering through the firewall and the firewall was taking certain subnets and filtering those through the proxy. But obviously, when people work from home, we had to get a VPN connection set up. Before COVID, we did not have a work-from-home solution at the time, so everybody had to be in the office. Obviously, that all changed very quickly and Umbrella became a much bigger priority for us because that was our main replacement for those proxies at the time.

    We had to expedite the process of setting it up, but what was nice about Umbrella was that it was so user-friendly, it was so easy to set up on our end, that it didn't take as much time as we thought it would. It just simplified the entire process throughout the couple of years that we have especially needed it. But what's cool about that is that now, it's a permanent part of our network. Thanks to the last couple of years, we use it all the time now. It wasn't just a temporary solution for hybrid work because now we use it for both. We have the ability to do hybrid work, but we also have the ability to use it for our employees onsite as well.

    [When it comes to threat remediation] most of it is automatic so we don't really have to worry about it too much. Umbrella will just block something if it detects it as malware. That is a super convenient feature for us, that we don't have to manually review every single site. If we do have to review a site, it's nice to have that investigative tool. We put in the URL and it gives us a risk score, depending on how dangerous that site might be. That's super helpful for us to analyze that site, take a look at it, and make a decision on whether we need to block it, or if it can be unblocked. Every situation is different, but Umbrella makes that summary page very convenient for us. It allows us to make decisions much faster and more efficiently.

    Our cyber team is a bit different from our network team. We have a separate team for that, but it's nice because they also use Umbrella for a lot of that, depending on what the site is. We use the investigative tool for the risk score, but it also comes with a few other tools, and part of that is just so that they can assess what's safe and what's not safe and what might be detected as malware. Obviously, they have other tools for that as well, so Umbrella is just one cog in the big system. But it definitely allows for easier communication between our teams because we both use it and we can both understand it. It's user-friendly enough so that we can make decisions with them based on what Umbrella tells us and how we interpret that information depending on the site, the situation, the risk score, everything.

    We have a lot of employees, a few tens of thousands. We get probably hundreds [of threats blocked] every day. I wouldn't be able to give an exact number on how many are blocked. The main ones we look at are the ones that people request us to specifically look at because they might not think that something was supposed to be blocked, or something is not working properly, and we can go in and investigate that. But there are probably hundreds to thousands of blocks per day on the sites, across all of our locations. That automation allows us to relax a little bit easier and know that our network is much safer with Umbrella on it than it is off. The automatic side of it is basically saving our jobs. That really helps, and we're able to look at anything. Overall, as a program, it has saved us a ton of time and stress by not having to worry about malware or viruses or anything malicious.

    What is most valuable?

    One of the coolest features, for me at least, is to be able to type in a website and have it  give an overall summary of how safe that website appears. Part of that is just so that we can investigate. And if there's any sort of confusion between our cyber team and us, we can look further into that site and dive more into that risk score that Umbrella gives us. We can just analyze [those sites] and make sure that we're unblocking safe sites and blocking sites that we deem could be harmful for our employees.

    I would say it provides single-pane-of-glass management. We still, of course, use those old WSAs, but in the long run, our plan is to get those replaced with Umbrella. We have locations in Japan, Korea, China. So it's a little bit more difficult to go through one proxy for all of those, especially because it's a bit slower. What's nice is, [with] Umbrella being in the cloud, we can just go into the site, see everything from the management console in that page. Nothing is slow [and] nothing is hosted by us so that we don't have to worry about network issues or management issues. Everything is just laid out right in front of us from the Umbrella dashboard on the internet, in the cloud. And that makes it super helpful for us to just manage all that from one spot across all of our locations across the world.

    We aren't a very big team, so that's the main thing. Going through filtering web traffic or blocking sites or unblocking sites, whatever we need to do, can be a bit tedious, especially when we have all these different locations and we would have to go into each location specifically to perform these tasks. Umbrella, being one pane for managing, being all-encompassing, allows us to quickly go in, make a change, and it applies to either every location, if we want it to, or we can have policies in place that only apply to certain users or certain computers. And that makes it super useful for us because we're not messing around with jumping into all these different locations and manually doing each and every one individually. It is extremely helpful for us and it improves efficiency exponentially.

    For how long have I used the solution?

    I have personally been using Cisco Umbrella for almost a couple of years. Our company implemented it about five or six years ago. Most of that time was spent getting it set up, but we've really been using it more within the last two or three years now, so it's still pretty new to us at the moment.

    Buyer's Guide
    Cisco Umbrella
    May 2023
    Learn what your peers think about Cisco Umbrella. Get advice and tips from experienced pros sharing their opinions. Updated: May 2023.
    706,951 professionals have used our research since 2012.

    What do I think about the stability of the solution?

    [In terms of maintaining network connectivity] obviously it depends on the situation. With Umbrella, it's a bit easier, for sure. There are times where Umbrella, on their side, is having an issue and we're notified of that issue. But in that case, there isn't really much on our side that we can do. To that extent though, the pros outweigh the cons. It's pretty rare that Umbrella is having a problem. The way that our network is set up is that we can reroute traffic pretty quickly using our other Cisco devices, so it's not usually a big issue for us. We have fewer problems with Umbrella than we do with our physical WSA proxies that we currently use, because that is something that we would have to troubleshoot on our end, and we're not always there on site to be able to do that. Then we have to go through someone else who's over there and they have to console us in and we have to troubleshoot whatever's going on over there.

    With Umbrella, it's nice to have them tell us what's going on so that we're aware of the situation. If there are any problems, then we'd know what the issue was and how we could work around it. That makes it a bit simpler for us.

    Network connectivity isn't really a huge issue for us with Umbrella, specifically. Our use case mainly is just for blocking internet traffic, making groups. We have social media groups where we allow certain computers in places to have access to certain social media sites that we wouldn't normally do. We have other sites being blocked, depending on their use case. That's mainly our function with Umbrella. Internet connectivity is usually not a huge issue regarding Umbrella with us, but if it ever is, it's nice that they communicate the issue to us, [so] that we can work around it.

    How are customer service and support?

    In my experience with Umbrella support, sometimes the response times take a bit more time than we would like. Obviously, it depends on how they're contacted. But usually, when I contact them via phone, their support team is great. They help me out with everything. But sometimes, if you go through email, it can take quite a while to get a response. Obviously, if it's through email, the issue's probably not as pressing as it would be through a phone call, but the response times could be a little bit better. Email, I usually just avoid. I usually just call them now.

    They're super helpful. In terms of response times, it could be a little bit better. Some issues are more urgent than others, but if it's an urgent issue, obviously we just call. Sometimes it takes a little bit [of time] for them to get back. I would probably rate them a seven out of ten.

    How would you rate customer service and support?

    Neutral

    How was the initial setup?

    We've had to deploy connectors across certain locations, but [in] all the locations we have a domain controller and that needs to be deployed on those domain controllers throughout all of our different places. I've done a couple of deployments. Most of it was already deployed just by the time I got here. 

    [In] my experience of how deployment went, it was very easily laid out, very simple. The instructions were super clear. I didn't have any issues with that. As more of a newcomer to the entire industry, this has been much easier than I expected it to be. Umbrella, as a product, is very simply laid out, very user-friendly. I couldn't praise it enough for helping me out with my job. 

    While the support [can] sometimes take a while, overall they're super helpful, they make it very easy and they make you feel like you're not doing anything wrong. They're super friendly and make everything super easy for you. Umbrella as a product, overall, is very user-friendly, as a newcomer to my company.

    What was our ROI?

    The plan is to replace those physical proxies that we have. In terms of return on investment, getting rid of those across each location [has been valuable]. In terms of the efficiency with time, it's definitely saved us a lot of time and money troubleshooting different issues and securing the network and helping people access what they need to access. Just in terms of time and efficiency, it definitely has a return on investment.

    Trying to replace those physical ones as well, getting rid of those, just having this be the all-encompassing way of filtering traffic and unblocking, of making policies, it definitely saves us a lot of time with the solution that's offered.

    What other advice do I have?

    In terms of [our employees] feeling supported, they have the ability to submit a request to us very easily. When they get blocked from a site, it's not just one page saying you're not allowed here. They have the ability to submit a request to us so that we can look further into that site. That makes our employees feel more included in the process of helping the company access the sites that it needs to use, [as does our] communicating with those employees [about] why a site might be blocked; or a site that needs to be blocked based on what they find and what they're doing for their job. The important thing is that they're able to talk to us in case there's a site that they think that they need to access and helps them feel included in the entire process.

    Like I mentioned earlier, it's one cog in the big system that we have out of our solutions for cybersecurity. We also use products like AMP, we have certain firewalls that also block certain things, the way they're configured. But overall, Umbrella, if we're talking about users on the internet, using sites or accessing different websites, is a big help in determining what exactly they need. We can go into Umbrella and help them understand why something might be blocked, or if they need to get into something, we can make certain policies within Umbrella. It's obviously just one tool out of the many that we have, so these configurations are pretty involved and even I don't know how they all work. It's divided amongst our team. For cybersecurity in general, it's great. It simplifies it. It's very useful in terms of the automation and how it blocks everything, and how all that stuff is interconnected. I would say that it is a lifesaver for us.

    As somebody who is pretty familiar with networks and just learning everything, but being an inexperienced network manager, I would say that it makes the entire process very painless, very super simple to understand. In my experience, it's a nine out of ten.

    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    PeerSpot user
    Director of Security
    Real User
    Helped us monitor activity and find bad actors who had managed to grab and control some of our domains
    Pros and Cons
    • "Any time someone went off the network, the AnyConnect client had the Umbrella agent built in, and it would realize when their computer connected that they were not on the corporate network. It would monitor and they would have pretty close to the same rules that they had to follow when they were in the office, regarding what kind of website browsing they could do."
    • "The design of the screens could be improved. Sometimes you're trying to look for information, for what you think is critical that should be on that first screen of the dashboard so that you can quickly take screenshots to have people help out, but you have to hop between screens to find little pieces of evidence."

    What is our primary use case?

    In my previous company, there was a gap in being able to put controls on users when they were away from the network. We thought, "Okay, Umbrella can do this for us," and it was at a reasonable cost for our security budget.

    How has it helped my organization?

    With Umbrella, it didn't matter if the users were in the office or they were going to go out. When I trained them I said, "If you go to Target, Starbucks, or anywhere else you can get on a hotspot, you're going to be covered with our rules, so we can make sure you're protected and that our company device is protected."

    It gave our users, from all of our sites, something like a first line of defense, including monitoring all the exit points of our offices. We also used Cisco AnyConnect on everybody's laptop so that any time they were out, we were making sure to secure their machine and keep an eye on it.

    Having a single pane of glass allowed us to quickly monitor and find out what was happening at that moment. We could see active connections going to a public address on the internet. At one point there were so many of them, thousands and thousands to one public address, which was more than normal. I had to contact Cisco support, and say, "This is what I'm seeing. Something's not right," and they said, "You're right." In the main screen, we switched over to investigation and we found that it was a bad actor. The bad actor was checking for domains that are flying around, and he found a few of ours that weren't paid for. He bought them and then he started controlling where they were going by redirecting them. That raised a big red flag for our company. They never had any idea that that had been going on for a very long time.

    There were other bad actors who had some of our domain names as well. I had to work with legal and we actually purchased back a few domain names from people. As a result, we taught our guys internally, "When you do a domain and you're going to do tests in the lab, make sure that we put purchase orders in. It's so cheap, let's buy them so that we have control of them, and not allow this again." That was a big awakening.

    Another benefit of Cisco Umbrella was related to our wireless. If we had a vendor come to our company, I'd have to get permission for him to use our wireless. I'd have to put in a ticket with his machine name, the IP he would have, and ask for a two-hour window. But I could tell that vendor, "In the same way that you are helping us with the product we purchased from your company, we're going to help protect you at no charge. When you get on our wireless, we're going to have it set up so that everything you do is monitored, just like everybody else here in the company. Even though you don't work for our company, you'll be protected and that will help protect us." They would stare at me, and I'd say, "I know a lot of companies don't do that, but we're doing that because we want to make sure you have a good experience and that we have a good experience by staying safe."

    What is most valuable?

    I was able to make use of Cisco Umbrella because it acts like a proxy. The company also had content security, which I used on-prem with Blue Coat products. Any time someone went off the network, the AnyConnect client had the Umbrella agent built in, and it would realize when their computer connected that they were not on the corporate network. It would monitor and they would have pretty close to the same rules that they had to follow when they were in the office, regarding what kind of website browsing they could do.

    The single pane of glass management was one of the really good features. From that single pane, not only could you look at what was happening security-wise, such as what was being blocked by domains and IPs, but you could check for your roaming users. With a deployment of AnyConnect, or just the Umbrella agent, on 5,000 machines, you could watch the main glass and see how many roaming users were out there that had it on their machines. And even if they were in the office, it was always active, talking to Cisco's cloud.

    You could see numbers. I was able to watch, as we were deploying, how many people were getting the agent. I could see activity such as how many blocks we were getting, what types of blocks they were, and whether they were in categories. I would ask why those users were going to those categories that they shouldn't be going to. Maybe we needed to just refresh them with an email saying, "Hey, remember, we don't do this kind of thing."

    Cisco's Umbrella client product is superb. It worked so well for us and was easy to deploy.

    What needs improvement?

    The design of the screens could be improved. Sometimes you're trying to look for information, for what you think is critical that should be on that first screen of the dashboard so that you can quickly take screenshots to have people help out, but you have to hop between screens to find little pieces of evidence.

    They should work with their customers to find out, when they're troubleshooting, if they're going through multiple screens just to get little pieces of information. Maybe they could design an overall security screen for an event and pull that stuff in so that it's on one screen, rather than having to go search for it. Right now, you're always going back and looking on the left-hand side, going down the column, and trying to remember where something you need is. You have to click all over the place to go find what you're looking for.

    For how long have I used the solution?

    I used it at my previous company for about four years.

    What do I think about the stability of the solution?

    It was always up. We never had any problems. It was always there.

    What do I think about the scalability of the solution?

    Scaling was very simple. Since we were using a VPN, we had Cisco AnyConnect on all the user machines, with Umbrella built into it, and that deployment was just blasted out and it was seamless.

    How are customer service and support?

    The Cisco Umbrella support group was wonderful; very strong. I loved it. I never had one issue with them. They were willing to be there with us, and walk us through things every bit of the way.

    How would you rate customer service and support?

    Positive

    Which solution did I use previously and why did I switch?

    We didn't have a whole lot going on in terms of security and when I got a new manager, he asked, "How do we protect the people when they're out in a store?" That's when we saw that's where the flaw was. We were protecting everything on-prem but the gap we found was that when users were traveling around, we were not seeing where they were going. We were holding them to a standard internally, but when they were outside they were doing whatever they wanted.

    How was the initial setup?

    What a simple product. It's a fast deployment. Then, you can start designing how you want to do your policies and what you're going to block. But once we told them what public addressing they were going to see, within a few hours we would see them go green. We said, "It's already seeing the data. Let's start applying policies, and we can start controlling all this."

    What was our ROI?

    We looked at metrics. As I mentioned, one of the benefits we received was finding the bad actors who had collected our domains that weren't paid for. That helped us to put the magnifying glass to use and say, "Hey, we have something going on." 

    I also worked with an outside company that Cisco purchased. I sent them our data from Umbrella and they actually mapped out our data and found bots on our network. There weren't many, but there were a few. The guy shared that with me on the screen and said, "If you buy the service to have us be part of your Cisco deployment, we'll take your data, continually analyze it, and give you reports." 

    There was one bot in particular that was just sitting there. The guy at the other company said, "That bot that you're seeing, it's asleep. Look again in a few hours," and it popped up. He said, "It just woke up at that point to try to do a command call." He said, "But we're blocking them, so you're not getting any threats." We didn't know that we had bots in there, and that was a big benefit.

    I also had to run numbers for reports. One of them looked at our category-blocking on Umbrella, such as blocks of alcohol sites, social media, weapons, government. I would provide monthly reports to show how many blocks we had from our users trying to go to these types of categories, and it really woke up management: "Wow. That thing is blocking." 

    Our investment in this worked, and we were showing it by numbers. It wasn't only that we found bots and bad actors, but we were also controlling things  by blocking phishing and categories. It was protecting us and no one was able to get past those blocks.

    What's my experience with pricing, setup cost, and licensing?

    The pricing was marvelous. We only had to pay for licenses and they worked a very nice deal with us. It was a much better way to go because it was within budget. It was an easy cost for us to handle.

    Which other solutions did I evaluate?

    We did not evaluate any other options. We invited Cisco to come in and do a demonstration, and it was so strong. I also come from a Cisco background of many years. In addition, the industry reviews rated them very well and we took that as our lead.

    When they came in and showed us what they could do and how easy it was to monitor every one of our sites within a day, after we put in our external public addresses, it was a no-brainer. It was up and live by the next day, after just a few hours. It was easy to use and set up and we could use it like our internal proxies. We could manage the content and know what was going on and investigate things. We knew what sites people were going to. It was wonderful. Everything we needed was there. We didn't have to go any further, and we knew Cisco would have our back.

    What other advice do I have?

    All the users understood why we were putting the security control in place, to show that not only were they going to be protected at work on company-owned devices, but whenever they would go outside, we were also going to help. We had to mitigate the chances that they would get something on their machines and make sure that we stopped anything that shouldn't come in and affect our network or expose us to anything.

    With Cisco Umbrella, employee morale was very high. We hardly had any complaints at all. One of the reasons is that, when doing regular security troubleshooting, we would go to Umbrella as our first line investigation. We might find a domain or IP that was being blocked by Cisco, something they consider a risk. We would check it out and if it didn't look to be bad we could bypass the block and allow that AD group or set of users to go to that site, because they had to do business as usual. With that ability, we had very few problems, if at all. Overall, it was smooth, with everybody happy, including management. They were happy that we had our first line of defense and that it worked out very well.

    I introduce Umbrella to any company that I'm involved with. Cisco is already taking the correct steps right now, as a CASB for any cloud activity as well as DLP. Once they circled around to help companies with protection when they move to the cloud, that was the right direction. I'm not using Umbrella every day anymore, but I'm a proponent of it as a first defense for your company at a reasonable cost. And you don't have hardware to manage. You just rely on Cisco, get your support contract, and work with them to have them help fix things.

    I'm a firm believer in Cisco Umbrella and I would definitely use it everywhere I go. I'm speaking to companies in the health industry and telling them, "Guys, you can't just have four people working on security and think you're going to do everything in the world to protect your hospital. You're going to end up on the news." I try to introduce them to this type of solution, to at least have something there to mitigate and help out.

    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    PeerSpot user
    Buyer's Guide
    Cisco Umbrella
    May 2023
    Learn what your peers think about Cisco Umbrella. Get advice and tips from experienced pros sharing their opinions. Updated: May 2023.
    706,951 professionals have used our research since 2012.
    Tim Woodhouse - PeerSpot reviewer
    IT Operations Manager at a manufacturing company with 201-500 employees
    Real User
    Top 10
    Easy to install, doesn't use too many resources, and is highly effective for adding another layer of security around your company
    Pros and Cons
    • "I was able to implement it myself. It was really easy to install. You could install it on a server locally if you want to. If you have the biggest site, you would do that, but for my site, it was just directing all the traffic out through the Cisco Umbrella DNS. It was really handy. When the owners of the company went overseas, I knew that they would be secure because even if they were not on the company network, they would still go through the Cisco Umbrella servers. It was a complete solution for protecting the company with outgoing data."
    • "It had the ability to do a lot of app control. So, every single app that went through that portal was registered, but there is a general issue with the whole app control. As soon as you add a mobile phone to your network, all of the apps get registered through the system, and you can approve, reject, or just let them go through. When I looked at it, it was impossible to manage app control. There was just so much data. I didn't apply that service because I just didn't have the time to manage it. It would be good if there was a way to categorize applications."

    What is our primary use case?

    I had implemented Cisco Umbrella at a previous company. I'm now working at another company where I'm not using this solution. We've got another solution here.

    The policy of the company was to make sure all outgoing traffic was sent through a filtering service, and OpenDNS, and then Cisco Umbrella, was chosen for that purpose. Once it was taken over by Cisco Umbrella, it had far more capacity and far more functionality written into it. 

    In terms of the deployment model, I just used Cisco services. It would be through Cisco's private cloud. My site wasn't big enough. So, I didn't deploy the Cisco service on-premises. 

    How has it helped my organization?

    It was really valuable to me in protecting the outgoing data of the company. It was good for reporting. Every computer had the Cisco Umbrella program installed. So, I had good reporting on any issues related to outgoing data, such as whether there were any phishing or dodgy sites connected. It protected that part of the business.

    A combination of Cisco ASA, Cisco Umbrella, and Cisco AMP connecting to the SecureX portal gave me all-around security for the site because they all reported into a central reporting server. If there were any issues, I could have got full details, even if a crypto locker attempt was made. I never had any security incidents that I'm aware of. So, it was a very effective tool.

    It kept itself updated. So, I didn't have to worry about continuing to push out new installs of the program.

    I felt safe, supported, and secure, and so did the owner of the company. It worked silently in the background, and no one else really knew it was working on their computers. When we went into lockdown with COVID, I was happy knowing that all the computers that left the business had the app installed and were going to be functioning securely. We got no viruses and no issues on any computer on the network, which is quite unusual. A lot of other people or a lot of other companies I spoke to reported that they had quite a few issues.

    It worked 100% in terms of applying and maintaining network connectivity consistently across all workplaces. We never had any issues. The only issues we had were when sites might have been blocked because they were suspected of being within a filtering group. It would report back to the user and say, "This site is currently blocked by your administrator. Please click this button. An email will be sent to your administrator, and they can resolve the issue." I would then get the email, and I'd look at the site, and then I'd release it through whitelisting. It was very user-friendly in that regard.

    It certainly helped to remediate threats more quickly because I was able to stay free of any virus outbreaks. It definitely locks out that part of the transmission where the virus will go out and attempt to download a package.

    It worked silently and didn't use too many computer resources. It was really silent in its operation on the network. It had a really good impact on me. I'd love to put it in my new company, but we've gone down a different pathway. That's being resolved through Office 365 now, and I'm not proposing to change that technology.

    What is most valuable?

    I wanted to ensure that all outgoing traffic went through Cisco AMP servers. So, if we did get a crypto locking incident or any malicious sites that wanted to direct traffic to particular websites, they would be unable to do that because they would be blocked by the Cisco Umbrella DNS servers.

    It also did website filtering for preventing access to porn sites and gambling sites. It had all other standard features. It had a good section where you could whitelist and blacklist websites.

    I was able to implement it myself. It was really easy to install. You could install it on a server locally if you want to. If you have the biggest site, you would do that, but for my site, it was just directing all the traffic out through the Cisco Umbrella DNS. It was really handy. When the owners of the company went overseas, I knew that they would be secure because even if they were not on the company network, they would still go through the Cisco Umbrella servers. It was a complete solution for protecting the company with outgoing data.

    The other useful feature was that if we were to get a malicious actor onto a server or service running somewhere, it would still have to go out through the Umbrella servers. So, it would more likely be blocked through there. It had multiple features that were super handy.

    What needs improvement?

    It had the ability to do a lot of app control. So, every single app that went through that portal was registered, but there is a general issue with the whole app control. As soon as you add a mobile phone to your network, all of the apps get registered through the system, and you can approve, reject, or just let them go through. When I looked at it, it was impossible to manage app control. There was just so much data. I didn't apply that service because I just didn't have the time to manage it. It would be good if there was a way to categorize applications. However, that's dangerous too because you can be turning off an app in a group because you don't know what it is doing. It could be a vital company app. So, App control is the main area in which they need to keep working.

    For how long have I used the solution?

    Originally, Cisco Umbrella was called OpenDNS. I have used OpenDNS and Cisco Umbrella for about six years.

    What do I think about the stability of the solution?

    It is very stable. I never had any issue with it.

    What do I think about the scalability of the solution?

    It is highly scalable. You don't even have to install it on your computers. You just change your DNS, and it'll start to work internally immediately. I never had any issues with performance or anything like that. I'm sure it would suit larger companies as well, but larger companies would install their own Umbrella service on their own systems and deal with the capacity that way. So, it is very scalable.

    How are customer service and support?

    Their support is good. They always got back to me and answered issues. They showed me how to do my own debugging. They were always very professional and helpful. I would rate them a 10 out of 10.

    How would you rate customer service and support?

    Positive

    Which solution did I use previously and why did I switch?

    We previously used proxy servers, but I wanted a more modern interface, and that's why I chose Umbrella.

    How was the initial setup?

    It was super easy. I'm a general IT person, and I was able to deploy it. I read the documentation, changed some settings, changed the DNS on my servers, and then rolled it out to the team. It was a pain-free implementation.

    What about the implementation team?

    I deployed it. It was pretty intuitive. I didn't have a consultant help me. I was able to implement the solution myself and manage it myself. That's a really good rating for an application. There are different systems you get to manage these days, and you can't have training on all of them. Because I rolled it out, I knew I rolled it out properly, and the system was working effectively. It was good. I liked using it.

    What was our ROI?

    The return on investment was that we kept the company secure. Nothing happened, which is the ultimate return on investment.

    What's my experience with pricing, setup cost, and licensing?

    It was a little bit expensive on a per seat basis, but the company I was running was only a midsize Australian company, and it was a reasonable budget per computer for that system.

    It started off being a free product, and then Cisco bought it, and it went to a reasonable price. I was using Cisco AMP as well. So, my per computer cost was reasonably high, but for a small company, it was within an acceptable level.

    Not having reviewed other systems, I can't tell how they compare, but I know that when you do special security licensing with Microsoft, it is on par. So, it is probably standard within the industry.

    Which other solutions did I evaluate?

    At the time, we were using OpenDNS, and then OpenDNS went to Cisco Umbrella. Because we'd had such success with OpenDNS, we just stayed on with the product. So, I didn't evaluate any other products at that time.

    What other advice do I have?

    It is just another layer that you need to wrap around your company to keep it safe unless you could just shut off that possible attack vector from external parties.

    To leaders who want to build more resilience within their organization, I would say that they've got to keep doing it, and they've got to keep working on it. I'm constantly looking for better ways to secure the company. Cisco Umbrella would be a very useful addition to their set of tools. 

    A part of my plan in the long term was to implement the full suite. I never got around to that, but it was really good to know that I could go right down to app-level control. It was a very successful product, and I'd certainly recommend it to any business looking to just add another layer of security around their company.

    In terms of providing a single pane of glass management, security does involve multiple systems, and I could log them all into the Cisco SecureX system. From there, I could get my single point where I could resolve issues with viruses, et cetera. So, in itself, it was a single pane of glass for DNS protection. It was fine, but I don't think there is ever going to be a single pane of glass anywhere. You're always going to have many different systems that you're using, but overall, it had a lot of features. It did the job it needed to do.

    I would rate it a 9 out of 10. It is just app control that I want them to develop more.

    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    PeerSpot user
    Network Security Architect at Lake Trust Credit Union
    Video Review
    Real User
    Top 10
    Protects users whether in the office or out, and we get the same policy in both locations
    Pros and Cons
    • "The single-pane-of-glass management is very important. We have a very small team. We can't spend a lot of time going from product to product to product to either investigate or set up policy. We need to have one place that we can go to and set everything up."
    • "The only thing I can think of is that I'd like to see a little more flexibility in policy creation. The way that policy is currently structured is like a "first hit succeeds" kind of policy. It would be nice if it were more hierarchical."

    What is our primary use case?

    We use Umbrella to front-end all of our DNS requests and that way they protect any of our end-users from going to any kind of malicious site. It doesn't matter if they're in-house in one of our locations, or if they're remote and working from home. That was the biggest part was the fact that we could protect our end-users, even when they're not in the office.

    How has it helped my organization?

    We were actually trying to solve other challenges, which included just to protect the onsite, but once COVID hit, it pretty much made it a very easy transition for us. At one point, when COVID was at its highest peak, we had everyone working remotely. We didn't have to worry about how we were going to restrict our access on the internet, because Umbrella was already handling that for us.

    It made us more secure, which is a very important thing for a financial institution.

    The support for hybrid work was the biggest thing. It protects our users, whether they're in the office or they're out of the office. We get the same policy in both locations. We can assign policies based on individual group memberships and it travels with them no matter where they go. It helps no matter where they are.

    Since it's based on user DNS requests, it's right from the endpoint all the way through the network to be able to identify those locations and restrict access if necessary. It's not just the malware sites, which is very important, but it's also just content in general. There are business reasons for restricting access to certain content.

    Since we implemented Umbrella, we are seeing a fairly significant amount of threats being blocked. A good 20 percent of all the activity, on average, that we see is actually being blocked by Umbrella, because it's either violating policy or it's some kind of malware.

    What is most valuable?

    Both monitoring the activity, so that we can investigate anything that may pop up, and the ability to restrict the access, or filter out what content end-users can view or go to [are valuable features of Umbrella]. Also, the fact that it blocks them from any known malicious locations.

    It works really well and the best part about it is the fact that it's transparent to the users until they try to go somewhere that's either restricted because of content or restricted because of the fact that it's malicious. Then they simply get a popup and that's all there is to it. So from their perspective, it's very easy. They don't have to do anything in order for it to work.

    There is a single portal that we go to that handles being able to set up policy, look at activity, or even manually add sites that we think that we want to restrict, even if it's not considered a particular category or a particular malware. The single-pane-of-glass management is very important. We have a very small team. We can't spend a lot of time going from product to product to product to either investigate or set up policy. We need to have one place that we can go to and set everything up.

    It's really easy. It's an easy portal to go to, it's cloud-based, so we can get to it from anywhere. The ability to set up the policy is pretty straightforward. There are a lot of tie-ins with other products, like SecureX and other things, that make it just as easy.

    It's cloud-based, so as long as you can get to the cloud, you're golden.

    What needs improvement?

    The only thing I can think of is that I'd like to see a little more flexibility in policy creation. The way that policy is currently structured is like a "first hit succeeds" kind of policy. It would be nice if it were more hierarchical.

    For how long have I used the solution?

    I have been using Cisco Umbrella for about four years now.

    What do I think about the stability of the solution?

    It's been extremely stable. In the last four years, I do not recall a single outage. There has been nothing that I can think of that actually affected the performance of the system at all in the last four years.

    What do I think about the scalability of the solution?

    We've never had an issue with scale. We've scaled it up to every user that we have in-house. When we deployed the gateways, we deployed two for HA purposes, but from a scale perspective, it's DNS queries. It doesn't take much. Our whole organization is on it.

    How are customer service and support?

    Support for Umbrella is very good. There's a way to contact them directly from within the portal and we use that periodically.

    I give them about a nine out of 10. There are issues with Cisco's tech support, like all the rest of them.

    How would you rate customer service and support?

    Positive

    Which solution did I use previously and why did I switch?

    Umbrella was actually the first [solution we used in this area]. Once we discovered that that was a big hole we had—we didn't have anything that was controlling content for our internal end-users—we could run into problems with regulation, problems with compliance. It could run into issues with HR, as well as security issues associated with malware. We knew it was a hole, that we were missing. Umbrella filled that hole for us.

    How was the initial setup?

    There were two pieces of the deployment. One was the cloud deployment, which got us set up in the cloud to begin with. We also had gateways that were installed on-prem, in-house.

    We were able to get the gateways up and running in about an hour. The cloud deployment was all done by the Umbrella organization on the back-end side. To deploy to the end users, all we needed to do is set up a policy that said, "This is what you use for DNS." Once that was set up, we were done. Deploying that was done in a group policy and that group policy was pushed in a matter of minutes. The entire solution was probably deployed in just a few hours.

    What about the implementation team?

    We did it all ourselves. Cisco handled the back-end side with the portal itself, but the rest of it, we did ourselves.

    What was our ROI?

    I think we got our return on investment within the first month of its use, because of the increased security that we had in the organization; the ability to have a product that is protecting our end-users. We do educate our end users today, but Umbrella doesn't require us to go through as in-depth an education process to say, "Okay, you're going to have to do the research. You're going to have to figure out what sites are bad. You're going to have to figure out where not to go." We don't have to do any of that. That's all handled by Umbrella. We just need to let them know that we're protecting them on the back-end side.

    What's my experience with pricing, setup cost, and licensing?

    Its value exceeds its pricing.

    Which other solutions did I evaluate?

    We looked around to see what was available. There were a lot of content filtering solutions available, but one of the things that Umbrella brings, in addition to content filtering, is that awareness of known threat sites. Their tie-in with Talos, Talos being that organization that does all that research and feeds that into Umbrella, means that we not only have known malware sites from six months ago, but we're getting feeds from Talos within hours.

    What other advice do I have?

    The impact on our employees' morale has been good. Anytime the employees understand that we're doing something from a technology standpoint to secure the organization more, that makes them happy. It's something that they don't have to concern themselves with as much and it improves morale quite a bit.

    Resilience in cyber security is extremely important. We're a financial institution, so cyber security is very high on our organizational goals, all the time. Making sure that cyber security is resilient against any of the latest attacks that are coming out is extremely important. It's a constant thing. Cyber attacks are increasing every single year. The methods that are being used are increasing every single year. If something were to happen, not only would we have a financial impact, but we have a reputational impact. For a financial institution, a reputational impact could be just as devastating as a financial one.

    Umbrella helps us with that overall security. It gives one less attack vector for the bad guys to get into. We're protecting those end-user devices and we're protecting those end-users from going to places that could be malicious. The fact that it's doing that for those end-users increases our overall security without us having to rely specifically on end-user education in that particular attack vector.

    For leaders who are looking to increase resilience within their organizations, I would say that what is necessary is to do as much security, in-depth, as you can. That includes using Umbrella to protect your users and using lots of other security products and being able to secure every aspect of your organization.

    I would rate Umbrella absolutely a 10 out of 10. It's literally a lifesaver when it comes to being able to protect our endpoints.

    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    PeerSpot user
    Simon Watkins - PeerSpot reviewer
    Senior Network Architect at Prosperity 24.7
    Video Review
    MSP
    Top 10
    100% availability, excellent support, and helpful for filtering out web requests we don't want
    Pros and Cons
    • "The feature that we find most valuable is to be able to filter out those web requests that you don't want."
    • "With any Cisco product, it's the licensing side of things that needs improvement."

    What is our primary use case?

    We are a Cisco premier integrator, and I've worked for Prosperity for approximately seven months now. We just set up a new networking team predominantly servicing clients within the financial services industry.

    We offer various products within the Cisco Secure product line, for example, Cisco Secure Firewall, AnyConnect, and Umbrella. As a Cisco partner, we predominantly deploy Cisco equipment, be it LAN switching or routers. Deploying Cisco Secure products makes sense because then we have one vendor in the network.

    How has it helped my organization?

    When we're deploying Cisco Umbrella, we're predominantly utilizing the DNS Essentials or the DNS Advantage license. We use it as a first layer of defense on the network because everything relies on DNS these days, so if you can capture that traffic and analyze it or analyze those DNS requests, you can very quickly start filtering out things like Command-and-Control and whether there's malware on the environments or shadow IT, for example. So, it can capture and categorize the apps that people use, and if you were to block something, you can very easily block it.

    As a Cisco partner, the value we bring to our customers is our years of experience, and our customers can rely on us. We've got a saying in our company that if we look after our clients, we look after our colleagues, and we look after our customers, then we'll all prosper; hence the name Prosperity 24/7. That's our sort of motto, but it's very true. Our customers can trust us. We've got the experience. We've got the links to Cisco. We do all the training, so customers don't have to worry. It's about wrapping the customer up in a blanket and going, "Everything's going to be okay. We're here."

    The benefit we get from our Cisco partnership is credibility within the marketplace because everybody has heard of Cisco, and it's probably one of the most deployed network manufacturers in the world involved in so many verticals. There's always a product there. I've been looking at so many products this week at Cisco Live, for example, that anything you can think of is there. There's always new innovation. It's an innovative company.

    What is most valuable?

    The feature that we find most valuable is to be able to filter out those web requests that you don't want. In a corporate environment, it can be damaging. It can be damaging to organizations as well. You don't want people going to certain sites. Also, the malware side of things and the Command-and-Control side of things are valuable because you can have serious reputational damage to your organization if there's malware in your environment. To be able to block that at its source is very important.

    Umbrella is a constantly evolving product set in terms of what they had maybe four years ago compared to now. The number of features they're developing and facilities within that cloud platform are amazing. Things like data loss prevention (DLP) have been released in the last couple of years. It probably has remote browser isolation (RBI) as well, but I'll have to check that one. So, it's a constantly evolving product set. Our clients might start off on a lower tier of the Umbrella, but over time, they'll go, "Actually I want that feature." And then they'll go from DNS Essentials to DNS Advantage, and then they might start looking at Secure Internet Gateway (SIG), for example, which is just the secure web gateway (SWG). So, there's something for everybody, and as a layer of defense in your network, it's a great product.

    What needs improvement?

    With any Cisco product, it's the licensing side of things that needs improvement. Licensing changes and Cisco typically doesn't make it easy for us, but it does evolve. What's good now is that predominantly across the different product sectors within Cisco, you start off with DNS Essentials, Advantage, and even the Catalyst switches. That's now ubiquitous across the Cisco line. They've got to keep it simple on the licensing side so that when I go and talk to clients, I can say, "Right, here you go. With this license, you get these features, but you can always scale up." Once the customers experience Cisco Umbrella, then typically, they start thinking, "What else could I be doing?" You may start off with the DNS Essentials, but then you might move to SWG eventually.

    What do I think about the stability of the solution?

    Umbrella's availability is second to none. I remember attending Cisco Live in Barcelona where I went to one of the sessions, and they said that they've had a hundred percent uptime since forever basically, so I don't think they ever had an outage. They've got two DNS servers. They use Anycast, so it's available around the world. It will speed up your web browsing because you'll go to the closest data center. Umbrella pairs with the service providers, so it'll speed up your general web traffic as well.

    What do I think about the scalability of the solution?

    In our customers' environments, in terms of scalability, absolutely, it's a very simple product to deploy. It's cloud-based, so we don't have to worry about deploying resources locally. Networks rely on DNS anyway. The whole Microsoft stack, whether you open a web browser or use Teams, relies on DNS. So, it's the first step in any web transaction.

    How are customer service and support?

    I like working with Cisco products because I get excellent support. If it's four o'clock in the morning, I'm in a data center, and something has stopped working, I know I can just reach out to TAC, raise a TAC case, and get help. That's a comfort blanket that surrounds all of us Cisco engineers. We know we can call somebody, and we know we can get through to somebody who will have the answers for us.

    I would give Cisco support a solid eight or nine. It's probably difficult to give a 10 because sometimes it depends on who you get as well, but with Cisco TAC, you can always escalate cases as well. So, there's always somebody within Cisco TAC who can help you.

    How would you rate customer service and support?

    Positive

    How was the initial setup?

    In the typical deployment model, we integrate it with, for example, the Meraki product line for using Cisco Umbrella directly within the Meraki dashboard. So, you can link it to an API. That's a nice integration. You're not having separate Meraki access points or Meraki MX. You can bring it all together in one place, so you've got a single dashboard. Typically, we've done that. In the bigger organizations, we have done deployments of the virtual appliances because essentially, you want to be able to identify individual users at that point. By using the VAs, you should be able to identify users on the network, and then you can deploy policies based on those user groups.

    Cisco Umbrella can be deployed in minutes. In its simplest form, all you need to do is point at the Cisco Umbrella DNS servers, and that's it. It can be literally deployed in minutes. If you want to go to a different use case, for example, where you've got to deploy VAs, that's a bit more difficult, but there's something for everybody. It can be as simple or as complex as your environment requires.

    Which other solutions did I evaluate?

    I've always worked with Cisco. I've been working with Cisco products for the last 20 years. We do have other products that we can sell for a lower price point, for example, but typically, I like using Cisco products.

    What other advice do I have?

    To any customers who want to evaluate Umbrella, the first thing I would recommend looking at would be the product sheets within Cisco. Understand the technology, understand the features that are available, and then decide what level of Umbrella or what licensing level you require to meet your business requirements. If it's just protecting some guest WiFis, for example, then it'll be a very simple deployment. If you've got Meraki kits, you can easily link those two pieces together.

    Talos receives so much traffic. I did one of the sessions yesterday with the guys from Talos, and the amount of web traffic that comes into Talos for them to analyze is huge. So, as a repository of what's going on and a view of what's going on the Internet with this new malware, they're very quickly going to be able to react to that. Even with just the behavioral type analysis in terms of what constitutes bad behavior on a network, they can very quickly analyze and deploy a new solution. They update things like Umbrella, and as a central repository, it feeds into Talos, and then Talos can inform the rest of the security community about what's going on and what things you might need to block, so Talos overall has a positive effect for our clients. For them to do it themselves would be impossible. You need somebody on the Internet, and Talos provide that service. It's about control and visibility, and those certainly are the features that Talos can bring to the table.

    I'd rate Umbrella a solid nine out of ten. It's probably difficult to get any product in a 10, but they are always constantly developing it. So, if you come back in a year's time, there'll always be new features than what's available today.

    Disclosure: My company has a business relationship with this vendor other than being a customer: Reseller
    Flag as inappropriate
    PeerSpot user
    Alfonso Reimunde - PeerSpot reviewer
    Independent Business Owner at Practical Information Systems
    Real User
    Top 10
    A proactive security layer that filters outside the network that is scalable and easy to set up
    Pros and Cons
    • "The most valuable feature is the ability to filter malware sites that could infect clients or allow them to download infected files."
    • "The rule-making process for blocking sites or for blocking characteristics can use some simplification."

    What is our primary use case?

    I had an agreement with OpenDNS which was the original owner of the solution, and I was selling it as an MSP. In Spain, I offer it to a company called Ares Capital. At the start, it was designed to filter URLs for sites that management didn't want the people to access, such as adult sites and social media sites that may cause a loss of work time. A few years later, the solution introduced the ability to filter malware sites. We used that not as an accessory characteristic, but as the main characteristic. We moved from filtering unwanted sites to filtering malware and virus-infected sites. We still use some filtering for unwanted sites, but mostly for security reasons.

    How has it helped my organization?

    Cisco Umbrella was designed to allow hybrid work. When the COVID pandemic started, we didn't have to do anything at all because the computers were already set up for remote work. With Cisco, it doesn't matter where the computer is as long as the computer is using the DNS servers that Cisco Umbrella works with. If it's part of a laptop or wherever you are in the world, it works exactly the same as being in the office. 

    It is very important the solution provides a single pane of glass management for our organization in order to help manage the complex software and programs that companies use. This saves a lot of time for managers.

    The single pane of glass management optimizes the user experience by allowing the user to access restricted sites much faster and easier from a centralized location.

    Cisco Umbrella helps us remediate threats quickly. The solution doesn't work with our internal network, it instead works with the DNS servers that are located all around the world. This means Cisco Umbrella doesn't have any effect on our network whatsoever. In fact, Cisco Umbrella is totally different from other solutions that are locally based, which filter on routers or firewalls. The solution acts as an outside firewall. The rules that are set up on the Cisco Umbrella management site affect the connection between the computers everywhere, but it doesn't slow them down.

    The employee morale has improved with Cisco Umbrella because they don't need to be as cautious when visiting sites knowing that the solution is taking care of their security for them. The only thing that could happen to an employee is that they may need to access a site that is blocked and they have to report that blocked site. When a site is blocked for an employee, a page appears on their computer and they can report that blocked site from there. The employee can send the administrator a direct message requesting access. A blocked site occurs infrequently and the administrator can unblock the site quickly.  

    What is most valuable?

    The most valuable feature is the ability to filter malware sites that could infect clients or allow them to download infected files.

    Cisco Umbrella is one of the best solutions in the market because it's very simple to use and very simple to set up. We require some knowledge of filtering rules, but it doesn't take that long to get familiarized with them. We can manage all the working locations, even if they are far away from a single point and the solution is easy to use. The vendor is a pioneer in the central management of security compared to other antivirus companies.

    Cisco Umbrella provides a single pane of glass management.

     Cisco Umbrella doesn't slow the network down because it filters outside of the network.

    Cisco Umbrella is not a solution that we can rely on for everything, but for the cost, it is a valued layer of defense that we can depend on. Cisco Umbrella's resilience complements any antivirus solution well. The main advantage of Cisco Umbrella is that it stops attacks from happening before they reach the antivirus solution.

    Cybersecurity resilience is important to our organization because we provide software-driven services. We need to contact people from all over the world, We need to be able to navigate through many different sites safely. This gives peace of mind to our customers. We visit thousands of websites every year and it is important to have a solution that takes into account that we are not visiting the same websites repeatedly.

    What needs improvement?

    The rule-making process for blocking sites or for blocking characteristics can use some simplification. For example, types of malware. This would make it easier to use because it has a learning curve.

    There is a possibility of creating users that have explicit permissions to access sites that nobody else should access. This process can be cumbersome and it would be helpful if there was an easier way to create users and assign roles to special users.

    Cisco could ease the process of defining the number of licenses and the price considering the number of licenses we require. Currently, we have to get a quote for anything over 100 licenses.

    For how long have I used the solution?

    I have been using the solution for ten years. Before the solution was acquired by Cisco it was OpenDNS Enterprise.

    What do I think about the stability of the solution?

    The solution is extremely stable. 

    Maintaining network connectivity is very easy. We have not had any downtime in over 10 years. Cisco Umbrella doesn't work directly through the network. It works with the DNS servers that are outside of the network. The network itself doesn't affect it at all. Cisco Umbrella doesn't affect the internal workings, hardware, software, switches, or routers. As long as we have set up the DNS correctly in the computers, either locally or through Active Directory, everything works no matter what happens with our network.

    What do I think about the scalability of the solution?

    The solution is scalable. We started off with around 40 computers and now have over 200.

    How are customer service and support?

    I contacted technical support two or three times by email because I had doubts about a rule, but it was pretty straightforward. They responded back within 24 hours. I'm not sure if we can contact them now by phone because I have only used the email method.

    How would you rate customer service and support?

    Positive

    Which solution did I use previously and why did I switch?

    Previously, we were using an antivirus company for antiviral protection. The problem with antivirus is that it's reactive. It does not proactively avoid infection. Cisco Umbrella is proactive because it blocks sites before we may get an infection. We don't react to infections; we proactively avoid infections. Although there are solutions now that do the same, Cisco Umbrella was the first to market.

    How was the initial setup?

    The initial setup is straightforward and only required one person. Setting up the solution usually takes between 30 minutes to an hour. However, the rules are always changing, so we never truly finish setting it up. We're always changing the configuration of the sites by blocking or allowing or adding new sites to the blacklist or whitelist. 

    To change the local DNS settings to use the Cisco Umbrella service, we only need to make a few changes. If the computers are connected to Active Directory, we can deploy the configuration through Active Directory so we don't have to mess with anything else. The solution is based on the cloud, so we get a lot of detail and granularity in what sites the computers can access. However, if we want more detail, we can install a small agent on the computer so they can report to the servers.

    What about the implementation team?

    The implementation was completed in-house.

    What was our ROI?

    We have definitely seen a return on investment given the low cost of the solution.

    What's my experience with pricing, setup cost, and licensing?

    Cisco has a set price for a single license up to 100, but whenever we get over 100, we have to ask for a quote. Sometimes requesting quotes makes the process a little harder because people's trust waivers when having to ask for quotes. We want to see the prices upfront.

    What other advice do I have?

    I give the solution a nine out of ten.

    The solution is very good, one of the best in the market because it is so easy to use and so easy to manage even from far away distances. The company has four locations, one in Madrid, one in Valencia, another in Alicante, and one in Barcelona. The solution allows me to manage all the sites from one location easily.

    Given the rise in attacks and virus infections all over the world recently, it is important to have layers of security. The less intrusive solutions are better for us. I believe that Cisco Umbrella is a solution that everybody should have because the solution is easy to set up and manage. Cisco Umbrella gives us peace of mind, which is why I believe it is a great solution. I had problems in Spain when I tried to set up Cisco Umbrella for other companies but this was because people didn't know about the solution or trust it as much as they should.

    Initially, we implemented the solution for the central branch in Madrid, and after that, we implemented it in the regional branches. We then differentiated between departments, and in the end, we were managing departments and offices.

    Which deployment model are you using for this solution?

    Public Cloud

    If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

    Other
    Disclosure: My company has a business relationship with this vendor other than being a customer: MSP
    Flag as inappropriate
    PeerSpot user
    Dan Brunnquell - PeerSpot reviewer
    Director Of Information Technology at a financial services firm with 11-50 employees
    Real User
    Top 5Leaderboard
    Works exactly how it's supposed to and gives confidence that when our laptops leave the building, they are protected as if they were behind our firewall
    Pros and Cons
    • "When we have laptops that leave the building, they could connect to public WiFi before they establish a VPN connection back into the company. For that duration or that period of time when they're not docked in the network or on a VPN, they effectively don't have that full layer of security that I provide inside the building. This tool stands in during that period of time, and we extend the security settings through their basic firewall or their cloud-based firewall at that time. So, we do content filtering and control access, but they also are looking at new domains, IP addresses, and bad requests. They're blocking them on my behalf when a laptop is not sitting behind our security appliances."
    • "There are a couple of interface issues. I know that they say that there are feature enhancements that are noted. For example, we've got the Cisco Meraki security appliances, and there, we geofence our company to where we're allowed to send and receive traffic. So, in our case, by default, we only allow traffic to six different countries, which allows us to effectively prevent traffic for the majority of bad players in the world, but they don't give you an easy way to do that in Cisco Umbrella. With Cisco Meraki, I can specify or pick the countries. I can say that I want to only allow traffic from these six countries, and I'm done. With Cisco Umbrella, I have to rely on the fact that they're going to prevent traffic to other countries. They're going to decide if it's good or bad."

    What is our primary use case?

    We use Cisco Umbrella to secure our gateway. All of the DNS forwarding coming out of the company from any site or all the DNS requests are forwarded through Cisco Umbrella, and then they determine if that is a safe address and if the content coming back is safe. They will either reject the addressing out of hand, or they'll look at the Layer 7 content and reject that from making it back to us.

    We are using the Secure Internet Gateway (SIG) Advantage package. In terms of deployment, effectively, it's deployed from our private cloud. It's in our data closet on our servers.

    How has it helped my organization?

    It enables us to finally allow laptops to be used as workstations and allow data to leave the building. In the past, laptops were only used for VPN access, but they would connect back to their data inside the company. This has allowed us to have a level of confidence that they're protected as if they were behind our firewall. So, now, we've got work-from-home people who literally have their workstations with them.

    We have six sites with 60 to 70 users. The baseline configuration allows for additional protection for any DNS requests as they leave those sites, and then the secondary policy is for the mobile devices as they leave the premises. When they're connected to public WiFi, they have an additional policy that kicks in for that time that they're not connected back to the company. So, when they're on public WiFi without a VPN, the tool will actually put that second policy in place that's more aggressive and offers a higher level of protection when it's not sitting behind the firewall. All that is automated. It's all built into the agent.

    We don't allow WiFi inside of our network for connection to our actual business network. As soon as a device is docked, it disables WiFi on that mobile device.

    What is most valuable?

    When we have laptops that leave the building, they could connect to public WiFi before they establish a VPN connection back into the company. For that duration or that period of time when they're not docked in the network or on a VPN, they effectively don't have that full layer of security that I provide inside the building. This tool stands in during that period of time, and we extend the security settings through their basic firewall or their cloud-based firewall at that time. So, we do content filtering and control access, but they also are looking at new domains, IP addresses, and bad requests. They're blocking them on my behalf when a laptop is not sitting behind our security appliances.

    What needs improvement?

    There are a couple of interface issues. I know that they say that there are feature enhancements that are noted. For example, we've got the Cisco Meraki security appliances, and there, we geofence our company to where we're allowed to send and receive traffic. So, in our case, by default, we only allow traffic to six different countries, which allows us to effectively prevent traffic for the majority of bad players in the world, but they don't give you an easy way to do that in Cisco Umbrella. With Cisco Meraki, I can specify or pick the countries. I can say that I want to only allow traffic from these six countries, and I'm done. With Cisco Umbrella, I have to rely on the fact that they're going to prevent traffic to other countries. They're going to decide if it's good or bad. I can't geofence out. I can plot top-level domains, but .com and .net go global. I can certainly block a China (CN) or a Russia (RU) domain, but that doesn't give me the same level of granularity. 

    Apparently, Cisco Umbrella has got that as a feature request to allow an administrator to say, "I specifically only want traffic to and from these countries. Everything else should be dumped." That way, when they're sitting behind my network or they go out in the wild, they have that same level of traffic being blocked.

    For how long have I used the solution?

    I have been using it for 14 to 15 years.

    What do I think about the stability of the solution?

    We've had no issues. It has done exactly what it's supposed to do.

    What do I think about the scalability of the solution?

    It is cloud-based. So, scalability should not be an issue. 

    Any increase in its usage is all relative to the growth of our staff. Currently, we deploy the laptops for people who need to work from home or are traveling between the banks. That's roughly about 20% of our total staff. Some people aren't going to be working from home, and some of their jobs can't be done from home. They have no need for mobile devices. If there is a need to work from home, its usage will increase. It is there if we need it to scale, but at this point, it is not scheduled to change.

    How are customer service and support?

    Once I became a paying customer, it was much better. The preliminary training is there, but when you get into the nuances and the details of some of its capabilities, you need to talk to tech support. Once you're a paid customer, you get direct access, and then it's good. When I'm able to get a hold of them, their technical support is a 10 out of 10.

    How would you rate customer service and support?

    Positive

    Which solution did I use previously and why did I switch?

    I didn't use any similar solution previously. 

    How was the initial setup?

    I was a hundred percent involved in its deployment. We had a couple of issues. The proof of concept was done without a lot of planning. So, there were some mistakes made along the way. If I was doing it again the second time, I wouldn't make the same mistakes. 

    The default configurations have your baselines. Those are never supposed to get changed, and I changed and tweaked those for our proof of concept. After a couple of weeks, I had some additional guidance from the Cisco Umbrella team. You leave the baseline configuration, and then you clone and create a new configuration that sits in front of it. So, everyone gets the baseline, and you don't change that. If you want to change it, you make a new policy and then make the changes to that. If you change the baseline default policy and you make a mistake in it, you've to back that all out. If you make it in the new policy, in the worst case, you just delete it, and automatically everyone goes back to baseline. So, there's still a policy in effect. That was a training issue that should have been resolved. Now that I've done it, if somebody asks me, I would say that this is the way you've got to do it.

    What about the implementation team?

    It was just me taking care of its deployment. In terms of maintenance, once it's configured, unless you're retweaking and adding or removing something that was blocked, it pretty much runs itself.

    What was our ROI?

    I have less maintenance to resolve, fix, and reconfigure VPN clients personally, and the feedback from the end-users is that they're more productive.

    What's my experience with pricing, setup cost, and licensing?

    We were using the free version, and we implemented the paid version about two months ago.

    I'm paying a fair price, but everything is negotiable with Cisco. One of the benefits that I got by having Cisco Umbrella is the licensing of the Cisco AnyConnect VPN client. There has always been an issue for years and years with Cisco Meraki in terms of VPN clients and using the native built-in Windows client. It keeps reconfiguring itself. By using Cisco AnyConnect as the VPN client, it's not affected by Windows patching or people typing in passwords by mistake. It's more resilient and doesn't change. With just Meraki solution, there was an extra expense for the Cisco AnyConnect VPN client. By having Cisco Umbrella, that licensing is now included.

    Which other solutions did I evaluate?

    There were a couple of other options, and I discussed them with another consultant. As a regulated industry, we have to do vendor management, and vendors have to be vetted. So, Cisco was already a vetted vendor. There are other companies that do the same thing, but Cisco didn't require me to do any more vetting. They were already a vendor.

    What other advice do I have?

    When it's configured the way it's supposed to work, it turns itself on and off based on the status of the VPN or the dock condition. Once it's configured, it does exactly what it's supposed to do. 

    If you're doing a proof of concept on it, fully understand how the policies are configured and what the flow is. You should understand the hierarchical status of the policies to configure it right the first time. You don't really want to guess it.

    I would rate it a 10 out of 10.

    Which deployment model are you using for this solution?

    Private Cloud
    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    PeerSpot user
    Anthony Smith - PeerSpot reviewer
    Principal Security Consultant at Vohkus
    Video Review
    Reseller
    Top 5Leaderboard
    Has easy single-pane-of-glass administration and is stable and scalable
    Pros and Cons
    • "Cisco Umbrella's integration with other solutions has been a great feature in terms of ease of administration. Administration and troubleshooting are faster. The single pane of glass is great as well. Another great feature of Cisco Umbrella is remote browser isolation. With this feature, you open a virtual browser, and it's seamless to the user. If the user ends up going to a bad website that's passed a policy and something bad tries to download, it will not download into the machine because it is a virtual window somewhere in the cloud. You are protected by this feature."
    • "I would like to see more integrations with more products. Some of the integrations need to be simpler as well. For example, the integration with Cisco Secure Firewall could be simpler. It would be good to make reporting simpler. For those who don't use SecureX, it would be good to make Umbrella really simple to use upfront. It's not a difficult product, but it can be daunting for someone who isn't exposed to it because there are so many options."

    What is our primary use case?

    With Cisco Umbrella, our clients usually always start with simple needs such as URL filtering and move to providing a consistent experience whether the employees are at home or in the office. We also have clients with a large Cisco Meraki portfolio. Umbrella ties into Cisco Meraki. You can log into one place, configure your policies for your users when they're away from home, but then those policies can be pushed down to the Meraki deployments. So if you've got 100 branch offices, which some of our clients do, it's one click to edit a policy and have it be effective in all of the branches. It will also be effective for the home users. Through a single pane of glass, you can have a consistent policy everywhere. This comes down to the integration that Cisco has built into the different products.

    What is most valuable?

    Cisco Umbrella's integration with other solutions has been a great feature in terms of ease of administration. Administration and troubleshooting are faster. The single pane of glass is great as well. Another great feature of Cisco Umbrella is remote browser isolation. With this feature, you open a virtual browser, and it's seamless to the user. If the user ends up going to a bad website that's passed a policy and something bad tries to download, it will not download into the machine because it is a virtual window somewhere in the cloud. You are protected by this feature.

    The integration between Cisco Secure products is a lot better now than it used to be, especially with Cisco SecureX knitting everything together. Previously, they were solutions on their own with a single dashboard, and it made troubleshooting difficult. You may have contained a threat from one place but not in another place. Cisco has worked hard over the last three or four years to allow these products to inter-operate, which makes troubleshooting and finding threats a lot faster.

    The benefit we have seen from using the Cisco Secure suite is the threat response. When you have a product on its own, there might be a threat, and you can click a button, deal with it, and think it's done, but you would have to rely on someone to go and check the other products. With integration, you don't have to do that. You can log into a single dashboard like SecureX, which fits everything together. Even Umbrella ties in with Meraki, Cisco Secure Firewall, and Endpoint. Thus, you can be quite confident that if you contain the threat in one place that it's automatically contained in other places as well.

    Threat hunting with Cisco Secure is easy with Cisco Threat Response and SecureX. When the suite of products are tied in with SecureX, you can then dive into one dashboard when there is an alert. With a couple of clicks, it will launch Cisco Threat Response. You will be able to stop the threat at the endpoint or firewall and also see what other devices are potentially compromised. If it's bad software, you can make sure that if it's detected again that it's never allowed into your network. The client that's compromised can be shut off completely. Before integration, you either wouldn't have been able to do that or it would've been a long-winded process. Then, the damage might have already been done because the threat response came too late. Integration has enabled faster threat responses.

    What needs improvement?

    I would like to see more integrations with more products. Some of the integrations need to be simpler as well. For example, the integration with Cisco Secure Firewall could be simpler.

    It would be good to make reporting simpler. For those who don't use SecureX, it would be good to make Umbrella really simple to use upfront. It's not a difficult product, but it can be daunting for someone who isn't exposed to it because there are so many options.

    For how long have I used the solution?

    We've been using Cisco Secure products for 20 years, and we've been offering Cisco Umbrella since its inception.

    We use several Cisco Secure solutions including Firewall, Analytics, Umbrella, Endpoint, and Client.

    As an intermediary between Cisco and our customers, the value we add is not only the experience but also the relationships we hold within Cisco. We may know the answer to a customer's question because of our experience. If we don't, our relationship within Cisco is such that we can go straight to the person we need to ask. It shortens the process, and we can deliver the solution faster than the customer going directly to Cisco.

    What do I think about the stability of the solution?

    Cisco Umbrella's stability and availability have been 100% uptime since inception. This stat has never gone down.

    What do I think about the scalability of the solution?

    Because Umbrella is a cloud-based solution, it doesn't matter if you are putting five users through it or 5,000. All of the heavy work of processing is done on Cisco's cloud platform, and it'll always give you 100% uptime.

    How was the initial setup?

    Deploying Umbrella is really easy. The initial deployment can be done in one to two days. More advanced deployment including creating policies is also quick and can take a few hours to two days because it is cloud-based.

    You don't always have to deploy Umbrella live straightaway. Umbrella can be deployed in monitor or audit mode so you can see what's going. You can then use the data to create the policies. That is, you can deploy it without affecting anyone initially just for the visibility and then build policies on the back of it.

    Testing is easy as well, which means that you can test the data you've gathered on a small set of pilot users.

    What other advice do I have?

    To those thinking about Cisco Umbrella, my advice would be to take up the free trial. It takes just a few clicks to deploy it in monitor mode, and you won't be affecting live traffic or your user base. You will be able to see the level of data you get of what all your endpoints are doing.

    Given where Umbrella is today and the benefits it offers, especially compared to the competition, I would rate it a nine out of ten.

    Our partnership with Cisco is very positive, from our account management team to the systems and sales engineers, to TAC for support. This is because Cisco has a knack for getting us in front of the right person, which is so useful. Other vendors aren't always as good. With Cisco, if you say you need someone who's an expert in deploying Umbrella or Meraki, they'll get you that expert. And no matter what question you throw at them, they'll have the answer. If someone says they're going to get you an answer, they do. That's the power of the partnership with Cisco. They're sort of a trusted partner. 

    The benefits we get from partnering with Cisco are first of all access to Cisco's expertise to deploy these products. This means we get to know about the products in a bit greater detail than we would of if we weren't a partner. By knowing about the products in greater detail, we can then offer them to clients. 

    Being partners, you get partner benefits, discounts, and the like. But it's more the knowledge. If we know the products on a deeper level, we can offer them to a client. We can show the client the value add of Umbrella versus a competitor's product.

    The benefit that Cisco gets from Vohkus being a trusted partner, is that they know when we deliver a solution, we deliver it right. We deliver it to a standard that Cisco would be happy with. Cisco benefits from this partnership as they get fewer TAC calls because if we've deployed it correctly, the customer won't have to speak with them. Equally, if we've deployed it correctly, we don't have to go speak to them, so we're cutting down on costs, but there is also the brand reputation that's being maintained. If we deployed a Cisco solution and did it badly, it'll look bad on us, but the client will think it could be the Cisco product. By us deploying it correctly with our experience and knowledge, Cisco would know that that solution's going in and the customer isn't going to think, "Oh, it's Cisco that's the problem," if something goes wrong. That brand integrity is maintained.

    Disclosure: My company has a business relationship with this vendor other than being a customer: Reseller
    Flag as inappropriate
    PeerSpot user
    Buyer's Guide
    Download our free Cisco Umbrella Report and get advice and tips from experienced pros sharing their opinions.
    Updated: May 2023
    Buyer's Guide
    Download our free Cisco Umbrella Report and get advice and tips from experienced pros sharing their opinions.