Cisco Umbrella Reviews

The feature that most interested me was protection against DNS-based attacks. Umbrella offers protection against malicious websites by stopping users from visiting them. This is important because of its host / endpoint protection, an important concept as businesses decentralize their operations and employees find themselves working from unmanaged sites on untrusted networks.

Employees can do their jobs and know that they'll be protected from malicious websites.

The product itself is excellent. What I'd like to see improved is the purchasing process; specifically, I'd like to see OpenDNS offer its customers the ability to purchase any number of licenses instead of a bundle.

Cisco & Open DNS don't make it easy to add additional users/licenses to an existing account. Instead they want you to go to their store (can't get to it while you're logged into your Umbrella console) and do a purchase, like you're in some line at the grocery store.

I have been using it since April 2015.

Deployment is straightforward, the product and the back end systems that support it are stable and the product is scalable as long as the customer purchases the necessary number of licenses.

The purchasing process could be easier. What I'd like to see is the ability to contact a live person at OpenDNS and over the phone be able to purchase additional licenses.

Technical support is good.

Umbrella is the first product of its type that I've used. Otherwise, my company has relied upon anti-virus products to protect hosts.

Initial setup was straightforward. I simply downloaded the client, installed it on a host and that was it.

Implementation was straightforward and was done in-house.

Regarding ROI, that falls into the category of security and that is always a tough sell to management.

What I'd like to see improved is the purchasing process, specifically I'd like to see OpenDNS offer its customers the ability to any number of licenses instead of a bundle.

Plan, plan and plan some more.

Web content filtering: Cisco ASA 5505 doesn’t have a straight content filtering feature, so we used OpenDNS and it worked like a charm. It is security beyond the firewall, and hence more beneficial, as it stops the threats before reaching the firewall and enhances security.

We were able to implement web content filtering to block unwanted traffic, and to prevent bandwidth choking and malicious attacks without deploying any hardware/software, within a few hours.

I would like the product to offer more security features, such as IPS, IDS, DDoS prevention, etc.

I have been using it for six months.

I have not yet encountered any deployment, stability or scalability issues.

Implementation was straightforward with minimal changes to existing infrastructure.

It was self-implemented.

We have tried a Linux-based proxy server, but that was complex to manage and wasn’t foolproof.

I highly recommend SMBs and enterprises use it to enhance their network security with minimal cost through the OpenDNS cloud solution.

Deployment and management are easy.

It made web filtering and malware protection easy.

I think there is some room for improvement with regard to the Windows client. While providing great protection for roaming laptops, on occasion users in the office would get the "yellow triangle" showing up over their wifi connection. It would state that the users were not connected to the internet, when in fact they were. This caused a few gripes and was difficult to troubleshoot. Other than that, not much else.

Only other suggestion might have been a URL to automate requests when checking if a blocked site is in fact a valid block.

I have been using it for two years.

Deployment and scaling are very easy. The only issue was as mentioned.

Technical support is excellent, with quick responses.

iPrism was inline, did not scale, and not easy to manage.

Initial setup was easy; just forward your DNS.

An in-house team implemented it; it was pretty straightforward. Just get the appropriate teams involved.

ROI was all about added security and a decrease in malware.

Pricing was fair.

Go for it; there is no better way to secure guest networks without any headaches.

The various powerful query options are the most valuable features of this product to me. Using the Investigate API, we can gather the detailed history of a domain, whois information, NS records, etc. All of this information helps us determine whether a domain is malicious or not.

It helps us identify malicious domains.

I would be happy if they could add the whois information of an IP. That would further help us determine whether an IP is malicious or not by identifying the domains associated with the IP, whether there are any known bad domains associated with the IP, and more.

I have been using this solution for two months.

I did not encounter any issues with deployment, stability or scalability.

We implemented it in-house.

The APIs are very powerful. You can use any programming language and integrate it with your products. It can be really handy for security analysts.

We have a number of terminals that are NOT on our MPLS network, so we depend on the OpenDNS services to provide URL filtering where we normally have no visibility or control.

By using OpenDNS, we block sites that are looked at as malicious and cut down on incoming threats.

One thing I can mention is network security. There's no real mention about the potential of malware & virus protection for locations that we are using OpenDNS on. In certain areas, we only have a few people on-site and there’s no real need for a firewall at that point.

That would be the only thing I can think of with OpenDNS that we have NO information on.

Otherwise, for me, I think it’s a good packaged deal. I wouldn’t really change anything.

We have been using this solution since 9/25/15.

I did not encounter any issues with deployment at all. It was pretty straightforward.

Their customer service is pretty good from what I remember. We called them at one point to ask a question about one of our devices not showing up and they were pretty quick at resolving the issue.

Previously, it was the Wild West at our locations that are not on our MPLS network. They were looking at whatever they wanted as they were only on a personal wireless device. We upgraded them to a Cisco 819 or a Cradlepoint but didn’t have much in the way of filtering or DNS with their GUI.

I believe, for the most part, initial setup was straightforward. You just have to look around and set it up, link it to the device, etc. It’s not too difficult where you couldn’t just figure it out, but to be sure, we called support and they confirmed what we were doing. They even helped by showing us the policy setup area.

We implemented this ourselves. We had the access points, set them up, tested them and shipped them out.

The pricing is fair. We’re paying under $40 per license for 60 licenses.

If you have locations where there are a small number of users that doesn’t merit a dedicated line with high monthly costs, it’s quite easy and efficient to give them some kind of access point and use OpenDNS for security and filtering.

The ability to use custom categories to block out websites was valuable because the predefined categories were either too restrictive or not restrictive enough. For example, one category would block everything from social media to webmail, while another category did not block either. So to be able to customize categories made it a lot easier.

This product has made it easier for our IT team to keep employees on track to work and away from distracting websites.

Perhaps an option to be able to block only specific users would be a way to improve the free version of OpenDNS. In our department, there are multiple users that need different levels of access. For example, those who work in the advertising department need access to social media, while those in the accounting department do not. The ability to be able to set different rules for each user would have been nice to have.

I have used it for about six months.

I did not encounter any stability issues.

I did not encounter any scalability issues.

I did not need to contact technical support when using OpenDNS. The product is very self-explanatory.

This was the first product we used for filtering websites.

The initial setup was very straightforward. I did not have any issues.

I was using the free version of OpenDNS, so I am not aware of the pricing.

We were choosing between pfSense and their packages versus. OpenDNS looked easier to setup, so we went for that first. Eventually, we moved to using pfSense’s SquidGuard, because it allows us to be more precise with filtering websites.

This product is very straightforward and simple to setup. I would recommend others to just give the product a try. I am sure they will be happy with the results. OpenDNS has different filtering levels, but I found it easier to just go for the custom level versus the ones they had set up already.

OpenDNS allows us to maintain low network resource overhead on our (relatively) small network. Intuitive, flexible web filtering controls also help us enforce compliance over logically separated networks at our school for teachers, students, and non-academic staff.

Given the small to medium scale of our network architecture, our current gateway/firewall DMZ infrastructure is specced too low, and our budget too limited to accommodate more fully featured security appliances. While some organisations may utilise higher specced security appliances with powerful software features available directly on the device including user management, granular IP filtering and more, we must make do with lower spec appliances.

Furthermore, while our network is based around a gigabit fibre core, we have seen bandwidth utilisation increase greatly over the past several years due to cloud hybridisation of our infrastructure (AWS, Google Nearline, et.al.), and as a result are currently stretching the performance limits of what our current hardware stack can do. Given these limitations, the granular control which OpenDNS provides us for Web Content Filtering, malware protection and data logging are crucial in filling gaps in our network security stance.

To add, we are also an educational institution. Our standards for compliance, both internal and external, can be quite strict. We are beholden to security and compliance standards enforced by the Government of Japan, its Ministry of Education, as well as internal compliance enforced by our own Business Administration department.
This is not to mention the sort of 'soft compliance' which comes from the families of our students regarding how we handle sensitive data and personal records.

It has been our experience that the following features available within OpenDNS have helped us meet compliance reporting requirements quite readily:

• Botnet Protection
• Malware Protection
• Internet-Scale Malware/Botnet Protection- Phishing Protection
• Stats and Logs

The management interface for these features is highly user friendly and it is simple and easy to make configuration changes on the fly. This is important to us as specific security policies can and do change on a weekly or even daily basis. The size of our department also dictates that we do not have any single engineer dedicated to network security (or even networking) and so it is crucial that each of our members have the ability to log in and manage this service when needed.

All in all, I can not recommend OpenDNS as a one-size-fits-all solution for security and compliance, especially for larger organisations. I can, however, strongly recommend that any Systems and Network Engineering team consider this product on its merits regardless of scope. Personally speaking, this tool has proven itself invaluable in allowing myself and my team to perform our duties efficiently and securely.

Because we have a small sysadmin team, the less time we need to devote to responding to threats, parsing data logs and putting out fires, the better. OpenDNS saves us time in this regard, as well as providing fast and easy configuration control.

Difficult to answer as we haven't yet pushed the outer limits of what this product can do.

Nonetheless, one thing to keep in mind when using OpenDNS is how it will interact with your internal network and DNS architecture. You run the risk of breaking any local subnet DNS lookups in a domain-bound enterprise environment. While this criticism can be applied to other third-party DNS providers, it is nonetheless one reason for withholding a perfect rating.

Additionally, OpenDNS will handle server caching differently than your local service provider. This can cause service slowdown or interruptions, and generally prevents OpenDNS from becoming the "one-size-fits-all" solution that some would like it to be.

Finally, although this has never posed a problem in our environment specifically, OpenDNS has been known to grab NXDOMAIN records and redirect traffic to their own internal ad pages. Some people may find this unethical; however, that might depend upon whether you are utilising paid or unpaid services from OpenDNS as well.

I have been using for over a year.

We currently have OpenDNS deployed across two sites providing coverage to more than 500 active clients. No problems so far. We will be further expanding this year and hope to leverage OpenDNS web filtering at our new sites as well.

On the rare occasions we have used it, technical support has been prompt and professional, if a bit lacking in personal touch.

Previous infrastructure relied on router/gateway-installed software for filtering and security. It simply isn't enough for a modern network, especially not one as complicated and security-conscious as education.

With a basic understanding of networking, implementation should be straightforward. For non-technical people, there is probably enough documentation floating around that basic configuration is possible for anybody motivated enough.

An in-house team implemented it.

Implementation was a no-brainer. We do recommend notifying and educating users in advance of implementation to avoid potential headaches caused by sudden changes to filtering policies and such.

ROI for OpenDNS: time saved, checkboxes ticked, and organizational leadership satisfied.

Get a quote! You also need to weigh any licensing costs against potential risk factors. (I.e., what is the potential cost factor of not implementing this or other solutions?) OpenDNS licensing structure and policy is generally straightforward and easy to understand. In our case, managing a network in use by students, many of them younger, necessitates certain compliance and security implementations not found in typical corporate environments.

Plan out your security coverage and filtering strategy in advance of purchasing and implementation. Think about what role you expect OpenDNS to fill in your security architecture. Do you have Layer 3 security in place? Where do your vulnerabilities lie and what threats can you expect to counter?

We use Cisco Umbrella for monitoring and more.

I like that it integrates with the infrastructure. I also like the kind of data and intelligence that's built-in. It helps create innovative reports for security. 

It could be more secure. It would be better if they provided a transferring proxy as an add-on and more integration.

I have been dealing with Cisco Umbrella for two and a half years.

Cisco Umbrella is a stable solution.

Cisco Umbrella is very scalable at the cloud level. All you have to do is increase the internet bandwidth and pay for the license. 

Technical support is excellent.

The initial setup was pretty straightforward. It was simple. 

The price depends on the use case, and it's a bit linear. But it depends on the customer's strategy and how Cisco plans to optimize the costs. 

I would recommend this solution to potential users.

On a scale from one to ten, I would give Cisco Umbrella a ten.