Cisco Umbrella Reviews

We use Cisco Umbrella in our clients' companies.

The most valuable features of this solution are the Web Filtering and the APT. The APT is something that I find to be very good in Cisco.

The detection of wireless attacks or targeted attacks reports many false rates. This is an area that needs some improvement.

It should be more specific. This can help the customers to know the exact incident details.

The intel logs and the incident proactive security incidents for targeted attacks are also something that needs to be improved.

If the security issues are taken care of it would be better.

I have been working with Cisco Umbrella for two years.

This solution is stable. There are no issues with stability.

It's a scalable solution.

I am not managing this area. I have not contacted technical support.

We have worked with Forcepoint and vScaler.

I would recommend vScaler. On the Cloud front, the product is quite stable, and it is easy to manage.

vScaler and Cisco Umbrella are comparable.

I was not a part of the installation and deployment.

I have not received any complaints, it appears that it was seamless.

The price could be lower.

The web filtering works well. On the endpoint, the implementation should be properly planned, meticulously planned, to avoid missing any configuration that could cause major issues.

I would rate Cisco Umbrella a seven out of ten.

We use it to provide cloud-based security services for our customers.

We've found it to be stable and good for our customers.

It's a very new product, so it's quite immature at the moment. It can be more user friendly.

We took it in our company a couple of months ago.

It is stable.

It is very scalable. We've got it for very big customers. We probably have several thousand users.

I have not personally interacted with them because we have staff that does that on our behalf.

We switched because we just wanted to be in the Cisco ecosystem, not specifically because other products from other companies were not good enough.

I wasn't involved in that.

There is a subscription cost.

I would recommend this solution to others. We plan to keep using this solution.

I would rate Cisco Umbrella a seven out of ten.

The solution is mainly used for remote workers, for people that are outside the enterprise premises, in order to have security while they work on the road.

With many of our customer's end-users on the road, it was easy for their machines to get infected or to lose information. After we installed this product, these issues were drastically reduced and the number of infections dropped month over month.

It provides security for the remote workers and it helps to improve enterprise security in a very easy way.

We mainly enjoy web software protection capabilities. It prevents the end-users from getting into bad sites or sites that potentially could have malware or could be phishing. It helps end-users avoid the wrong sites.

The solution works very smoothly.

The user interface is good.

The implementation is pretty easy.

I can't think of a place where there is a gap in features. It seems to cover everything.

The pricing is a bit high. Being outside of the USA, we have issues with the exchange rate.

The solution could use more intelligence.

They likely could combine some of the AMP features that they already have in other AEM's for anti-malware purposes.

I've been using the solution for two years at this point.

The stability of the solution is excellent. It's very reliable.

Cisco technical support is one of the best on the market. We're quite satisfied with their level of support.

That said, as the solution is pretty easy to use and very stable, we haven't really used too much technical support.

The setup is not too complex. It's pretty straightforward. They make configuration and onboarding relatively easy.

Deployment only takes a matter of days. You simply deploy the agent to the active directory, to all the installations and you're done.

I sell it as a managed service provider. Therefore, the solution is installed for our clients. They don't have to worry about that aspect.

I don't know exactly which version of the solution we are using, however, we do use the most advanced license that's available currently.

As a managed service provider, we deal with organizations of all sizes, from small companies to large enterprises. 

Overall, I'd rate the solution nine out of ten. It works well, has an easy installation, and offers good protection.

We are a reseller and Cisco Umbrella is one of the products that we sell to our customers. We offer it as a managed service provider. This product provides security for remote workers and it helps to improve enterprise security in a very easy way.

It is mainly used for remote workers and for people that live outside the enterprise premises. It gives them security while they are on the road.

Because our clients' end-users are mainly on the road, it is very easy for them to get infected and lose information. After we installed the Cisco Umbrella solution, importantly, they have reduced the number of infected cases per month.

The most valuable feature is the website protection capabilities because it prevents end-users from entering bad sites that potentially have malware or could be used for phishing. Ultimately, it helps users avoid the wrong sites.

It is very easy to integrate.

I would like to see more intelligence built into Umbrella.

In the future, they should combine some of the Cisco AMP features that they already have, for anti-malware purposes.

We have been working with Cisco Umbrella for more than two years.

This is a very stable product and helps to improve the security posture of the enterprise.

We have clients that range in size from small to large-sized organizations.

Cisco's support is very good and, in fact, one of the best.

Because the product is very easy to use and very stable, we have not had to rely on support from the documentation or the community.

The initial setup is quite straightforward and easy, and the deployment can be completed in a matter of days. You deploy the agent to Active Directory, for all of the installations, and you're done.

We deploy this solution for our clients because we sell it as a managed service.

Outside of the United States, we have issues with the exchange rate that increases the cost.

Overall, this product works smoothly and perfectly.

I would rate this solution a nine out of ten.

Cisco has its own cloud that they manage Umbrella on. So Umbrella is not like any part of AWS or Azure or GPP. Our use case for Umbrella all depends on our customer's requirements. Cisco Umbrella has many packages to help address these requirements. The current package which we are working on incorporating more is Cisco Umbrella SIG, which is the Secure Internet Gateway. It has just been launched as part of Umbrella and we are currently exploring its capabilities and utility for our clients.  

There are a lot of use cases for Umbrella, and for us those use cases include the following:  

• One of the more important use cases for clients is using the product as a web proxy.  
  
• A second thing would be a situation where a customer wants to block access to an employee's personal email account and allow only corporate email accounts.  
  
• A third would be the cloud-delivered firewall. This would cover a situation where a customer would create a tunnel between their on-prem firewall to the Cisco Umbrella cloud. This would make it so that all the traffic is filtered by the Cisco Cloud Firewall.  
  
• We use it to support our MDM (Mobile Device Management) integration. Umbrella can be integrated with various MDM products, like AirWatch and MobileIron, and that category of products.  
  
• Umbrella supports family integrations. So we can search for information from AWS or Azure-based clouds and we can create family-based policies using Umbrella.  
  
• Umbrella provides support for some features of Kaspersky. For example, it can tell you what all apps are running on the endpoints and it can give you granular control over those apps.  

These are only a few of the use cases which I think are most important for us and our clients at this time when using Umbrella.  

The most valuable feature which I found in Umbrella is the segmentation of personal accounts from corporate accounts. In order to work with this, Umbrella has a feature where we add the ID of the customer's Gmail account or the Azure account. That ID is then used as a filter to separate access so that only corporate Gmail will be accessible and it can block personal accounts.  

The second very valuable feature is the web proxy part which is effective in determining if a feed may be malicious.  

Data reporting is something I would like to see improved.  

Cisco is currently rolling out data centers for this type of solution. Currently, they do not have data centers everywhere. For example, they do have one in Singapore but they do not have one in India. My clients are in India and they find an issue of slowness in the services from the Singapore data center. Cisco is working on building a data center in India to address the issue but information about the completion of that project are lacking details.  

In the next release of Cisco Umbrella, I would like to see a DLP solution. That could be a feature someone can addon. But it should be a real Data Leakage Prevention solution to more securely handle the data.  

I have been working with Umbrella for around three years now.  

This product is stable and it is very easy also to scale up.  

Usually, a product is really designed for small, medium, or big companies. I think Umbrella is good to serve any size customer. The range could start from 200 users and then you have an interface that can handle anywhere up to 5,000 to 6,000 users. I think anything is possible with Umbrella as far as scaling usage because of the package and licensing options.  

If you want to increase the number of users you just have to inform Cisco to tell them to increase the seat count on Umbrella. We can renew our licenses to be in compliance with the Cisco licensing policy.  

I had worked for Juniper support before and I worked for other tech support teams and I feel that Cisco's type of support is the best. The response time has been right on and then they isolate all of the issues. It is the best product support I have seen in a long time.  

The initial setup is very simple, you can set up Umbrella within two minutes I would say. You just have to point the DNS to Umbrella and that is it. So it is very easy to deploy and set up.  

Actually, I am from the research team. We make the solution requirements, then the product moves on to the process team. Once I have made a solution, then the product team takes care of rolling out the implementation.  

As this solution is a public cloud solution, there is very little maintenance which the customer has left to do. The setup is relatively easy and it is very good for the client.  

The licensing part for Umbrella is really flexible. If a customer purchases a thousand licenses, and if at any point the customer overshoots the available license count, Umbrella would not stop working for the additional users. Cisco would be informed that there is an attempt at overconsumption of the licenses and they would inform the customers that their license count has been increased. It will do this automatically. The customer can take action to renew those licenses. So it is flexible.  

There are three models for licensing. There is the Cisco Umbrella essential plan, then you have the advantage plan, and then they have the plan including SID. Every license comes with a different feature set.  

The advice that I would give someone looking at the Umbrella solution is that they can evaluate Umbrella because it is very easy to set up. You can get started discovering the product and do a little to check it out. They should make sure that all their use cases are covered by Umbrella.  

On a scale from one to ten (where one is the worst and ten is the best), I would rate Cisco Umbrella as somewhere between a seven-point-five to eight, personally. But I will give it a seven overall.  

We use Cisco Umbrella for web security and it's very good. It acts as web filtration combined with security and I am very supportive of it, especially with cybersecurity trending these days and the amount of malware and spyware out there. It's important for end-users to have some sort of protection when they're browsing the internet and this product does that. Before it lets you go, it filters and gives you the okay to move forward with the website you're looking for. A lot of customers tend to make typos when they're searching for websites, which then leads them to unknown websites that automatically download malware to their computer — now they're infected. That's why you need web security. 

We currently have about 1500 endpoints under Cisco Umbrella, but of course, we plan to increase our numbers. We offer Cisco Umbrella in our packages so whenever we get new customers on board, they get it. 

In the past, Cisco Umbrella has denied us access to secure websites. I haven't seen it lately, but they have blocked different legitimate websites. However, they have good tools that allow you to refresh and verify whether a website is legitimate or not. They have so many servers across the United States and even globally. I believe that it helps you to identify a website. 

In other words, the solution is good, we like it and we've been using it. We have a big customer of about 1,200 users and they're happy. The only thing I am not happy with is Cisco themselves. Not because of a technical or support issue, but because a division of Cisco poached one of my clients, stole them from me, which is completely unethical. When I talked to our account managers about it, they said there was nothing they could do about it because it was a different department. I said, "What do you mean different departments? This is my client and you guys went and provided them with a solution that I am already providing them?" So, that was a big deal for me. 

Also, I think Cisco Umbrella has an automatic push feature, which is the automated updating agent, but if I am wrong, they should get it.

I've been using Cisco Umbrella for roughly five years.

We have been using Cisco Umbrella for three years; it's very stable, reliable and does its job. We experience minor hiccups here and there, but it's nothing that our team cannot handle, and if for some reason they cannot, then they can always reach out to customer support.

Cisco Umbrella is very scalable. You can do anything and it's very useful for MSP. It's basically a single window that allows us to manage different servers and different clients. That's the beauty of it, no more logging in and out for different clients, which is nice.

For me personally, I consider Cisco to offer premier support. Currently, due to COVID-19, we cannot call them now for obvious reasons, but prior to COVID-19, Cisco support was one of the best, especially in regards to Umbrella. Honestly, we almost never have to contact them. I don't recall having to contact them even once over the last year or so.

For web filtration, we tried Websense before but now I believe the cloud solution is the way to go, it's much better. We had a customer and they needed to have different layers of protection, especially today with cybersecurity, and open DNS is one of them. I believe it's mandatory that you must have some sort of defense because it's is up in the air, there may be other solutions, but something needs to protect you from going to the wrong websites.

They have different setups. For example, you can integrate with the Cisco Firewall and I believe you can integrate with any platform with an agent, on each device. So, it really depends on how comfortable you feel with the setup. If you need to get more information and analytics, I believe it says the agent is the best way to go. The agent gives you every machine: for example, what has been blocked? What kind of security breaches have been attempted? Open DNS has defended this particular endpoint, but there are definitely many flexible, different integration methods to integrate a solution.

I am not sure, I don't have the numbers in front of me, but I think it's $1.00 or so per device/month.

I like this product and I'd really recommend it to everyone. Obviously, it's not the only product out there, but today, every endpoint should have multiple layers of security. You need to protect your users when they are browsing—open DNS. You need to protect them from emails, both inbound and outbound and you need to protect the endpoint from breaching. 

I would rate Cisco Umbrella a nine out of ten.

We use Cisco Umbrella to provide protection for our end-users. It prevents unauthorized access to their systems, as well as halts access to compromised sites, such as a ransomware site. Essentially, all of the malicious activity is prevented.

The most valuable feature for us is the DNS-based protection. It is the only type that is available in India.

The interface is very easy to handle. Even a person with limited knowledge can quickly learn to work with it.

Deep packet inspection features should be implemented. This solution does not give us full, 360-degree protection.

They should have a local data center available in India.

I have been working with Cisco Umbrella for four months.

I haven't experienced any instability.

This is a highly scalable product.

I have been in contact with the Cisco technical support, once or twice. They were not big issues, however. Overall, I am satisfied with the support.

Prior to Cisco Umbrella, we were using on-premises solutions. The capability is good except that a cloud-based solution can be more easily provided to all of our end-users. 

The initial setup is straightforward and there is no complexity to it. This is a cloud-based system, so just install it, mount it, and the policies get applied. The installation requires that you log into the portal using your ID, and then it just starts working.

Zscaler has a local data center available, which is something that Cisco can't offer us at this time.

This is a good product, although it does not have the features that I was looking for. At this time, it does not have the capabilities that are relevant to the Indian market. As such, we are thinking about uninstalling it and switching products.

The suitability of this solution depends on the industry and requirements. It is important to remember that if you start with a product or approach, you may end up switching to something different. That said, if you want to begin with Cisco Umbrella to deal with malware then you can always change later if it doesn't perfectly fit your environment. This is what we are doing.

If I were rating this product on a single capability then it would do very well. However, rating it on multiple capabilities, then there is definitely room for improvement.

I would rate this solution a six out of ten.

The primary use case for this solution is for DNS based attacks and for malware protection. It has a malware protection engine.

If you install Cisco Umbrella Clients on the remote PC, you can do URL filtering, malware protection, and you can check the health and status of the device itself.

All of the DNS Queries are sent to Cisco Umbrella and you have more visibility of what users are asking, as well as what users are accessing over the Internet. 

You have all of the details and all of the information of what the users are accessing, even before they get access to the website. For example, if one website is malicious and it has some malware and some viruses in it, and a user sends a request to this URL, it will be reported in the Cisco Umbrella Cloud before the user gets the response back from the webserver. 

It will protect, give you more robustness, and faster responses, compared to any firewalls or any of the proxy web servers.

Based on the DNS, Web proxy, and other servers, it waits until after the DNS request. It will put in its action after the user gets it by the webserver when the response is coming back. 

In the end, the response from the malicious server will come into your network. Cisco Umbrella cloud has stopped it before that. You have one more layer of security on top of the URL filtering or on top of that server response.

The deployment was for two thousand plus users. We have multiple sites, and we have some remote users in different locations.

Cisco Umbrella is a fitting solution for DNS-based attacks and malware protection. It is a very good solution for that, and especially for remote users.

The most valuable feature is that it prevents DNS-Based attacks, which is quite common these days.

The DNS Query is first sent by the user and then it will communicate to the URL. If you are requesting for some URL it process also to an IP.

The basic functionality of Cisco Umbrella is to save this type of request and to have a more secure way to communicate the DNS Query back to the user. Any attack based on the DNS Query is stopped by Cisco Umbrella.

If you have a proxy, for example, if my DNS server is 172.19.222.21 and I make a server on the same IP or different IBN with the same DNS name, I can make a proxy and the user request will come to me and I can send this user any way I want. So based on these types of attacks, Cisco Umbrella protects the user.

The user requests a lot of DNS queries. Even if you don't know it or if the user is not accessing any URL, the laptops or any PC keep on accessing different URL's and you are not aware of it or if it is good or not. Cisco Umbrella gives you the visibility and you know what is happening from this laptop or this endpoint.

Cisco Umbrella does not have a Malware Protection engine itself. It would be useful if they had a malware protection engine running inside their own VM.

They have some VM appliances with the installing enterprises for limited access for the DNS proxy to the cloud. If they had this feature running inside the VM, it would be much better.

It would improve this solution to have applications hosted on the cloud.

I would like to see the application that they promised. If you have an application running inside your environment, with multiple portals, as an example, we have our employee portal, ERP and some other portals. These portals will be accessed through the Cisco Umbrella Cloud, and the deployment will be a VPN-based deployment, Cisco Umbrella Cloud will be connected to your enterprise and afterward, you can just click on this application using Cisco Umbrella Cloud subscription, and you will have the access to your application anywhere in the world, and you don't have to publish it. You will save public IPs, and a lot of bandwidth because publishing requires bandwidth. 

All of the users from outside will be coming inside your environment and will be accessing the web servers, so there is no need to publish.

It will be some time before this feature is introduced. They are working on it and it is still not ready.

I would like to see IPS-based solutions. To have an IPS solution inside the Cisco Umbrella cloud. 

If there were an IPS product built inside the solution, it would be very good. It would be a one-box solution. With this one-box solution, you wouldn't need any extra security layers,  and you don't need any WAN solution.

There is a solution called Carbon Black. This solution can do sandboxing solution inside the PC. It checks the application which you are accessing, and what you are installing on your PC. It checks everything. It does a compliance check.

If these types of features are available on the Cisco Umbrella, so you wouldn't need any other solutions installed on your PC. It would be one solution that does everything together.  I would, like to see this.

It's quite stable. It's a very stable product, and, it's quite straightforward. We deployed this solution a year ago with no issues afterward. We didn't get any complaints. There are some categories, and filtering that will block you for something which is not malicious, but it is considered as a threat to Cisco Umbrella. You will need to white list some IP address or some URLs manually if it's under your corporate use for some reason.

This solution is quite scalable. It is a cloud-based solution. If your users are spread all over the world they can access Cisco Umbrella using an internet connection and it's quite straightforward. The scalability is quite robust and we can implement it anywhere in the world.

We are using this solution every day. Even if I try to access something now from my corporate laptop, the request will go to Cisco Umbrella, the DNS is configured as Cisco Umbrella.

Currently, we don't plan to increase our usage because we don't have more users at this time. If we scale or we are expanding and we have more offices, in the future we will increase the number of endpoints or number of users.

As we are running our virtual environment in our enterprise, it's not a problem. Normally if you are going to implement VMs, it will be a large scale deployment. If you have more than 2000 or 3000 users and you want a faster response from Cisco Umbrella, you have this VM.

If you have this type of environments, of course, you have a virtual environment, you have any hypervisor like VMware or Hyper-V and you have a big compute, you can manage two VMs from that. It's not an extra cost.

We have four people who have access to Cisco Umbrella. However, it doesn't require much administrative work. It does its job, and only needs a one-time concentration, afterward, all that needs attention is checking to if there are any blocks on anything.

If Cisco Umbrella blocks a user, they will notify the user. The user will get a message that they are locked under this condition and this category. The user will then notify us and complain that they have been blocked. We will check the status on the Cisco Umbrella portal and proceed to whitelist it if, it is a legitimate request.

The technical support is quite good. This solution itself is not complex and everything is cloud-based. If there are issues or if something indicates that you cannot manage two portals, you can just open a claim with Cisco Umbrella and they will support you. 

The only concern is that if something goes wrong, or, something is getting blocked and if something is not as per your requirements, you don't have any visibility. You will never know what was done to correct the issues. Because it is cloud-based, they will not show you what they are doing on the server level. Without having the visibility for the solution itself you will never know what actual solution is working behind the scene.

Before Cisco Umbrella, we were using the Infoblox solution. It was not an easy or flexible solution. Infoblox is an on-premises solution that requires a VPN, or all of the users need to connect to a VPN, just to get the DNS resolutions. This was not easy, and it was not easy to implement.

The initial setup was quite straightforward. When you subscribe to the Cisco Umbrella services they give you some public IPs. With these IPs you have a few options:

• You can copy these IPs and user features for the DNS and the communication will happen directly through the cloud. 
• You can install the VMs in your corporate environment having all of the communication through the VMs and the VMs will communicate to the cloud. 
• You can install a Cisco Umbrella application on your PC and install the external script that has the public IP for the DNS for the Cisco Umbrella.

The deployment strategy was straightforward, and it took approximately two days for deployment.

Because we had over two thousand users, we created a script on SSCM. This is a software center manager for Microsoft, making the script accessible to all of the users. This script changed all the DNS IPs to the Cisco IP addresses. Once this was complete, we installed the Virtual machines, which are the DNS proxies for Cisco Umbrella and we configured the public IPs for Cisco Umbrella. These were the only two steps that were required, taking two days for two-thousand-plus users. It was quite simple, but, if you had to do it manually, it might take some time having to do one at a time for more than two thousand users.

If you have some automation, it is quite easy.

It has a public cloud and it is like a hybrid type of deployment. We have umbrella VMs installed in our enterprise areas, in DNS, in our remote offices, and our main HQ.

These VMs, are like proxy DNS servers. They will save a URL resolution and has a policy-based engine as well. For example, if you are searching google.com or something that is being searched quite frequently, it will store that data, and it doesn't communicate to the cloud every time, giving you a faster response with limited cloud access.

Our service provider is Cisco. They have their Telos Cloud, hosting the Cisco Umbrella Solution.

After this deployment, you need to do quite a lot of fine-tuning because there will be many false positives blocks, especially if you're using the malware engine. It will keep blocking some ADME files that are used in your corporate environment, or if it's an in-house developed application, it will be blocked because the code of the application is not registered with the Cisco Umbrella Cloud, It will keep on blocking, until you whitelist that code and whitelist that UUID, just to have this application running.

We did the implementation ourselves with some assistance from Cisco support. We didn't have any on-site engineer to do the deployment or implementation.

It only took two people for the installation process. I was on the network and phone system side and another colleague was installing the service on the Cisco Umbrella Solution.

We require four people who maintain Cisco Umbrella. 

This is a good solution, and there are many advantages to this solution. 

There is a return of investment. 

If you have this solution you don't need a big firewall or many security solutions in your environment. Because it's a cloud-based solution, you can access this over the cloud anywhere in the world. You don't need to build a big infrastructure. It will give you more return on the cost than you are putting on it.

We have Cisco ELA, it's an enterprise agreement, which covers everything under security, that is offered by Cisco Umbrella. With this, we have the complete Cisco Umbrella portfolio. We have everything related to security from Cisco Umbrella. This also includes the Cisco Umbrella suites.

We are paying yearly for all of the Cisco Umbrella applications and appliances.

Cisco has a model called ELA. With ELA, if you buy the solution you will have the complete security portfolio and you can pay it yearly or after three years, it depends on the contract.

It's a subscription-based solution. If you're running multiple solutions it is more cost-effective. For example, currently we have Cisco Umbrella, IronPort, WSA, Cisco CWS Cloud, and we have Cisco's FTD solution. If we were running these solutions separately it would be more expensive. 

If you are doing a VM deployment and you have a VM appliance, you will need some compute. 

The only additional cost will be for a server.

We evaluated another solution but the Cisco Umbrella solution is much more compelling. It doesn't have the on-premises appliances or any restrictions for the user to connect through the corporate environment.

If the user is anywhere and the user is connecting to the internet, they will make a micro VPN through the cloud and it will connect to the VMs in our corporate environment automatically. It doesn't require any manual configuration nor does the user have to initiate anything on the PC.

The other solution has a touch button application, on the PC. If you click it, it will create a channel with the appliance in your HQ or your remote office and then you will be able to connect to the internet or you can resolve DNS with queries. 

As this solution was not flexible, the management chose not to go with it.

If somebody is looking toward the Cisco Umbrella solution or if they have an NGIPS, NG firewalls, next-generation firewall solutions and if they are looking for DNS-based security, and if they are implementing it then Cisco Umbrella is a good solution.

Keep that in mind that it will make a lot of noise, users will be blocked at the beginning and many of the URLs will be blocked. It will need to be fine-tuned.

The fine-tuning is required one month after implementation. You will need to fine-tune the OpenDNS Cisco Umbrella database, just to have all the URLs there for your corporate environment, because there will be some false positive blocks. These issues will have to be fixed yourself. You will need to make sure that you are doing it. Other than that, it is a quite straightforward solution.

I would rate this solution an eight out of ten.

If the suggestions are implemented I would then rate it a ten out of ten. They would be one of the first companies on the market doing this. You will not find anyone on the market with any DNS security solutions like this for Cisco Umbrella. They are the market leaders for DNS-based security at the moment. If they have these suggestions in their portfolio it would be the best solution, covering every point of its endpoint security.