Cisco Umbrella Reviews

I am a Solutions Architect in a mining company, and the size of the company is around five to 10,000 employees.

We wanted to replace an existing solution and give a better experience to our users, and we wanted to have a superior solution that could give us insights into how secure our users are and what their browsing behaviors are to track down and narrow down issues. Of course, the first and foremost use case is protecting our users. Cisco Umbrella gave us all those things in one and having it integrated into our environment was a very seamless process, and we're very happy using it right now.

It gives you a single pane of glass to see what's going on with your environment and your DNS queries. It has consolidated a lot of previous efforts into the visibility of what's going on.

It saves time. You're protecting your users in a manner that you don't need to do anything after. If, for example, somebody tries to open a malicious website or tries to download something, it just won't allow that. That's it. Previously, there were loopholes and ways for users to get around the proxy, which gives you more work. In that sense, we're saving the support team's time. When you're investigating a problem, it quickly gives you insights into what you're looking for as simple as possible. You can see when a user was accessing a website, was it blocked or was it allowed? Of course, you could test connectivity for specific users and computers. That saves time in troubleshooting. It saves hours per week in comparison to the previous solution. 

The agent that gets installed on the endpoints or on people's laptops and devices is a Cisco AnyConnect Umbrella module. It's one of the most impressive things because you are able to protect your users anywhere they are.

Its reliability and the response time of the support team can be better. 

In terms of features, I know Cisco Umbrella has a lot of potential, and I'm not sure if we're using it to its full potential. I'm not aware of all the functionality, and for the functionality for which we're using it, it has been great. There probably is one place for improvement. We'll love to see any new features, new functionalities, and maybe better integration with other cloud platforms, but for us, it's good as it's now.

We've been using Cisco Umbrella for around four and a half years.

In terms of availability, we've seen it down a couple of times. It has become very stable recently, but we've seen it down. Maybe that's one area that they can improve on. It was not for a long time, but it caused a little panic among our users.

Scalability is happening with ease with Cisco Umbrella because you're either deploying another appliance in your branch office or another office, or you're pointing the endpoints to the existing appliances in your head office or any other place, and you're good to go. It's very scalable and easy to use, and you can have a new office ready in a day or less.

It's great. We've had some cases and issues, but they were resolved quickly and in a timely manner, and we're happy with it. I'd rate them an eight out of ten. They could be a little quicker, but technically, they're great.

Positive

The previous solution was a proxy solution. I'd not state the name of the solution, but it was a proxy solution. It was heavy. It was slow, and there was no easy way for tracking old things. And of course, you can't protect your users outside of the company environment.

I found it easy to implement. Cisco Umbrella has great documentation and great support teams, and implementing it was very easy for us. We just deployed the appliances, and we got through the initial basic policies. We were prepared to do it, so for us, it was very easy.

We did it ourselves. The documentation was good. We're experienced architects and network-oriented guys, so for us, it was just a great experience doing it.

The return on investment is in terms of time savings. It saves time and helps focus on other important things instead of digging into problems with users.

Because we're mostly Cisco-oriented, the solution was obvious. It was already integrated with all of our equipment. We already had Cisco AnyConnect, so it was just a matter of adding the module to it. We're Cisco-oriented, and that was just an obvious choice.

Do your math and check the competitors, but in the end, you won't find a much better solution that's already integrated with your Cisco environment. If you are a Cisco company, that's the way to go.

I'd rate Cisco Umbrella an eight out of ten. 

In my previous company, there was a gap in being able to put controls on users when they were away from the network. We thought, "Okay, Umbrella can do this for us," and it was at a reasonable cost for our security budget.

With Umbrella, it didn't matter if the users were in the office or they were going to go out. When I trained them I said, "If you go to Target, Starbucks, or anywhere else you can get on a hotspot, you're going to be covered with our rules, so we can make sure you're protected and that our company device is protected."

It gave our users, from all of our sites, something like a first line of defense, including monitoring all the exit points of our offices. We also used Cisco AnyConnect on everybody's laptop so that any time they were out, we were making sure to secure their machine and keep an eye on it.

Having a single pane of glass allowed us to quickly monitor and find out what was happening at that moment. We could see active connections going to a public address on the internet. At one point there were so many of them, thousands and thousands to one public address, which was more than normal. I had to contact Cisco support, and say, "This is what I'm seeing. Something's not right," and they said, "You're right." In the main screen, we switched over to investigation and we found that it was a bad actor. The bad actor was checking for domains that are flying around, and he found a few of ours that weren't paid for. He bought them and then he started controlling where they were going by redirecting them. That raised a big red flag for our company. They never had any idea that that had been going on for a very long time.

There were other bad actors who had some of our domain names as well. I had to work with legal and we actually purchased back a few domain names from people. As a result, we taught our guys internally, "When you do a domain and you're going to do tests in the lab, make sure that we put purchase orders in. It's so cheap, let's buy them so that we have control of them, and not allow this again." That was a big awakening.

Another benefit of Cisco Umbrella was related to our wireless. If we had a vendor come to our company, I'd have to get permission for him to use our wireless. I'd have to put in a ticket with his machine name, the IP he would have, and ask for a two-hour window. But I could tell that vendor, "In the same way that you are helping us with the product we purchased from your company, we're going to help protect you at no charge. When you get on our wireless, we're going to have it set up so that everything you do is monitored, just like everybody else here in the company. Even though you don't work for our company, you'll be protected and that will help protect us." They would stare at me, and I'd say, "I know a lot of companies don't do that, but we're doing that because we want to make sure you have a good experience and that we have a good experience by staying safe."

I was able to make use of Cisco Umbrella because it acts like a proxy. The company also had content security, which I used on-prem with Blue Coat products. Any time someone went off the network, the AnyConnect client had the Umbrella agent built in, and it would realize when their computer connected that they were not on the corporate network. It would monitor and they would have pretty close to the same rules that they had to follow when they were in the office, regarding what kind of website browsing they could do.

The single pane of glass management was one of the really good features. From that single pane, not only could you look at what was happening security-wise, such as what was being blocked by domains and IPs, but you could check for your roaming users. With a deployment of AnyConnect, or just the Umbrella agent, on 5,000 machines, you could watch the main glass and see how many roaming users were out there that had it on their machines. And even if they were in the office, it was always active, talking to Cisco's cloud.

You could see numbers. I was able to watch, as we were deploying, how many people were getting the agent. I could see activity such as how many blocks we were getting, what types of blocks they were, and whether they were in categories. I would ask why those users were going to those categories that they shouldn't be going to. Maybe we needed to just refresh them with an email saying, "Hey, remember, we don't do this kind of thing."

Cisco's Umbrella client product is superb. It worked so well for us and was easy to deploy.

The design of the screens could be improved. Sometimes you're trying to look for information, for what you think is critical that should be on that first screen of the dashboard so that you can quickly take screenshots to have people help out, but you have to hop between screens to find little pieces of evidence.

They should work with their customers to find out, when they're troubleshooting, if they're going through multiple screens just to get little pieces of information. Maybe they could design an overall security screen for an event and pull that stuff in so that it's on one screen, rather than having to go search for it. Right now, you're always going back and looking on the left-hand side, going down the column, and trying to remember where something you need is. You have to click all over the place to go find what you're looking for.

I used it at my previous company for about four years.

It was always up. We never had any problems. It was always there.

Scaling was very simple. Since we were using a VPN, we had Cisco AnyConnect on all the user machines, with Umbrella built into it, and that deployment was just blasted out and it was seamless.

The Cisco Umbrella support group was wonderful; very strong. I loved it. I never had one issue with them. They were willing to be there with us, and walk us through things every bit of the way.

Positive

We didn't have a whole lot going on in terms of security and when I got a new manager, he asked, "How do we protect the people when they're out in a store?" That's when we saw that's where the flaw was. We were protecting everything on-prem but the gap we found was that when users were traveling around, we were not seeing where they were going. We were holding them to a standard internally, but when they were outside they were doing whatever they wanted.

What a simple product. It's a fast deployment. Then, you can start designing how you want to do your policies and what you're going to block. But once we told them what public addressing they were going to see, within a few hours we would see them go green. We said, "It's already seeing the data. Let's start applying policies, and we can start controlling all this."

We looked at metrics. As I mentioned, one of the benefits we received was finding the bad actors who had collected our domains that weren't paid for. That helped us to put the magnifying glass to use and say, "Hey, we have something going on." 

I also worked with an outside company that Cisco purchased. I sent them our data from Umbrella and they actually mapped out our data and found bots on our network. There weren't many, but there were a few. The guy shared that with me on the screen and said, "If you buy the service to have us be part of your Cisco deployment, we'll take your data, continually analyze it, and give you reports." 

There was one bot in particular that was just sitting there. The guy at the other company said, "That bot that you're seeing, it's asleep. Look again in a few hours," and it popped up. He said, "It just woke up at that point to try to do a command call." He said, "But we're blocking them, so you're not getting any threats." We didn't know that we had bots in there, and that was a big benefit.

I also had to run numbers for reports. One of them looked at our category-blocking on Umbrella, such as blocks of alcohol sites, social media, weapons, government. I would provide monthly reports to show how many blocks we had from our users trying to go to these types of categories, and it really woke up management: "Wow. That thing is blocking." 

Our investment in this worked, and we were showing it by numbers. It wasn't only that we found bots and bad actors, but we were also controlling things  by blocking phishing and categories. It was protecting us and no one was able to get past those blocks.

The pricing was marvelous. We only had to pay for licenses and they worked a very nice deal with us. It was a much better way to go because it was within budget. It was an easy cost for us to handle.

We did not evaluate any other options. We invited Cisco to come in and do a demonstration, and it was so strong. I also come from a Cisco background of many years. In addition, the industry reviews rated them very well and we took that as our lead.

When they came in and showed us what they could do and how easy it was to monitor every one of our sites within a day, after we put in our external public addresses, it was a no-brainer. It was up and live by the next day, after just a few hours. It was easy to use and set up and we could use it like our internal proxies. We could manage the content and know what was going on and investigate things. We knew what sites people were going to. It was wonderful. Everything we needed was there. We didn't have to go any further, and we knew Cisco would have our back.

All the users understood why we were putting the security control in place, to show that not only were they going to be protected at work on company-owned devices, but whenever they would go outside, we were also going to help. We had to mitigate the chances that they would get something on their machines and make sure that we stopped anything that shouldn't come in and affect our network or expose us to anything.

With Cisco Umbrella, employee morale was very high. We hardly had any complaints at all. One of the reasons is that, when doing regular security troubleshooting, we would go to Umbrella as our first line investigation. We might find a domain or IP that was being blocked by Cisco, something they consider a risk. We would check it out and if it didn't look to be bad we could bypass the block and allow that AD group or set of users to go to that site, because they had to do business as usual. With that ability, we had very few problems, if at all. Overall, it was smooth, with everybody happy, including management. They were happy that we had our first line of defense and that it worked out very well.

I introduce Umbrella to any company that I'm involved with. Cisco is already taking the correct steps right now, as a CASB for any cloud activity as well as DLP. Once they circled around to help companies with protection when they move to the cloud, that was the right direction. I'm not using Umbrella every day anymore, but I'm a proponent of it as a first defense for your company at a reasonable cost. And you don't have hardware to manage. You just rely on Cisco, get your support contract, and work with them to have them help fix things.

I'm a firm believer in Cisco Umbrella and I would definitely use it everywhere I go. I'm speaking to companies in the health industry and telling them, "Guys, you can't just have four people working on security and think you're going to do everything in the world to protect your hospital. You're going to end up on the news." I try to introduce them to this type of solution, to at least have something there to mitigate and help out.

It's for the VPN nomad connection. We capture all the DNS requests, log them, and check them in case of troubleshooting for security or malware issues.

Through Cisco Umbrella, we managed to deploy our M365 system and our connection. It was very good for deploying access to those cloud systems. It was a very important requirement to check all the connections from outside when the laptops are remote, and we managed to capture all the DNS requests. It was a security requirement.

It hasn't saved us time, but we managed to deploy the connectivity to the cloud system such as Azure or M365.

We can have a full overview and a quick overview of all the DNS requests. For us, it's quite important.

Cisco Umbrella is a good solution. It meets all of our needs. They can maybe simplify the configuration. For example, sometimes, the proxy part is quite difficult, and that's why we didn't deploy that.

We've been using it for two years.

We have no issues at the moment. It has been two years, and we did not have any issues. So, for us, it's quite good.

We have about 6,000 devices. So, I have no problem with scalability.

Their support is very good. We have a lot of feedback from our partners and our Cisco contacts. They get in touch to be sure that we are using the product correctly and whether we have any questions. I have had no problem with them. It's super good. I'd rate them a ten out of ten.

Positive

We didn't use any other solution previously. It's the first time we are using such a solution.

We were already using Cisco AnyConnect, and for us, it was a simple plugin. We didn't spend much time. We did some tests. We worked with a local French team, and after that, we deployed it. For us, it was very simple to deploy.

We deployed it ourselves with the help of a partner in France. The partner company is called Nomios, and we had a good experience with them. They know a lot of Cisco products, which is very good. They are into security and network architecture.

We haven't yet seen an ROI.

Its price for us is quite expensive because it's a subscription, and we just use it for the DNS log. So, for us, it's quite expensive.

We didn't evaluate any other solution. We went for Cisco Umbrella because we already had Cisco AnyConnect. We just used the plugin, and it was very simple for us to deploy it.

I'd rate Cisco Umbrella an eight out of ten. For me, it's quite a good product. 

Cisco Umbrella improves web security posture.

Meraki features and cloud-based functionality are advanced and easy to manage centrally.

Reporting is a separate product. However, other features are embedded within the devices themselves. So, if you have one box, everything is included, which is good.

A more user-friendly interface like Kaspersky and lower costs including licensing, support, and renewals would be beneficial.

My company has been using it since 2005. 

It is a stable product. 

It is a scalable product.

The customer service and support are excellent, exceeding expectations.

Positive

I used Sophos, FortiGate, and Palo Alto firewalls.

Cisco Umbrella is manageable and well-supported by various vendors and partners, including Cisco Direct. It offers diverse technologies and features. However, now Sophos and FortiGate offer better tools and firewalls than Cisco.

Forti excels in SD-WAN services and integrates various functionalities like FortiManager, FortiAnalyzer, and Wi-Fi controller within a single device.

It is easy to implement. It is not straightforward, but it is easy. It is easier than before. 

The licensing cost is very high. We have to pay for support, renewal, and maintenance. FortiNet is cheaper compared to Cisco Umbrella. 

Consider your budget. If you can afford it, Cisco Umbrella is a stable and scalable solution.

It's a strong Cisco product.

Overall, I would rate the solution a nine out of ten. 

We are a Cisco premier integrator, and I've worked for Prosperity for approximately seven months now. We just set up a new networking team predominantly servicing clients within the financial services industry.

We offer various products within the Cisco Secure product line, for example, Cisco Secure Firewall, AnyConnect, and Umbrella. As a Cisco partner, we predominantly deploy Cisco equipment, be it LAN switching or routers. Deploying Cisco Secure products makes sense because then we have one vendor in the network.

When we're deploying Cisco Umbrella, we're predominantly utilizing the DNS Essentials or the DNS Advantage license. We use it as a first layer of defense on the network because everything relies on DNS these days, so if you can capture that traffic and analyze it or analyze those DNS requests, you can very quickly start filtering out things like Command-and-Control and whether there's malware on the environments or shadow IT, for example. So, it can capture and categorize the apps that people use, and if you were to block something, you can very easily block it.

As a Cisco partner, the value we bring to our customers is our years of experience, and our customers can rely on us. We've got a saying in our company that if we look after our clients, we look after our colleagues, and we look after our customers, then we'll all prosper; hence the name Prosperity 24/7. That's our sort of motto, but it's very true. Our customers can trust us. We've got the experience. We've got the links to Cisco. We do all the training, so customers don't have to worry. It's about wrapping the customer up in a blanket and going, "Everything's going to be okay. We're here."

The benefit we get from our Cisco partnership is credibility within the marketplace because everybody has heard of Cisco, and it's probably one of the most deployed network manufacturers in the world involved in so many verticals. There's always a product there. I've been looking at so many products this week at Cisco Live, for example, that anything you can think of is there. There's always new innovation. It's an innovative company.

The feature that we find most valuable is to be able to filter out those web requests that you don't want. In a corporate environment, it can be damaging. It can be damaging to organizations as well. You don't want people going to certain sites. Also, the malware side of things and the Command-and-Control side of things are valuable because you can have serious reputational damage to your organization if there's malware in your environment. To be able to block that at its source is very important.

Umbrella is a constantly evolving product set in terms of what they had maybe four years ago compared to now. The number of features they're developing and facilities within that cloud platform are amazing. Things like data loss prevention (DLP) have been released in the last couple of years. It probably has remote browser isolation (RBI) as well, but I'll have to check that one. So, it's a constantly evolving product set. Our clients might start off on a lower tier of the Umbrella, but over time, they'll go, "Actually I want that feature." And then they'll go from DNS Essentials to DNS Advantage, and then they might start looking at Secure Internet Gateway (SIG), for example, which is just the secure web gateway (SWG). So, there's something for everybody, and as a layer of defense in your network, it's a great product.

With any Cisco product, it's the licensing side of things that needs improvement. Licensing changes and Cisco typically doesn't make it easy for us, but it does evolve. What's good now is that predominantly across the different product sectors within Cisco, you start off with DNS Essentials, Advantage, and even the Catalyst switches. That's now ubiquitous across the Cisco line. They've got to keep it simple on the licensing side so that when I go and talk to clients, I can say, "Right, here you go. With this license, you get these features, but you can always scale up." Once the customers experience Cisco Umbrella, then typically, they start thinking, "What else could I be doing?" You may start off with the DNS Essentials, but then you might move to SWG eventually.

Umbrella's availability is second to none. I remember attending Cisco Live in Barcelona where I went to one of the sessions, and they said that they've had a hundred percent uptime since forever basically, so I don't think they ever had an outage. They've got two DNS servers. They use Anycast, so it's available around the world. It will speed up your web browsing because you'll go to the closest data center. Umbrella pairs with the service providers, so it'll speed up your general web traffic as well.

In our customers' environments, in terms of scalability, absolutely, it's a very simple product to deploy. It's cloud-based, so we don't have to worry about deploying resources locally. Networks rely on DNS anyway. The whole Microsoft stack, whether you open a web browser or use Teams, relies on DNS. So, it's the first step in any web transaction.

I like working with Cisco products because I get excellent support. If it's four o'clock in the morning, I'm in a data center, and something has stopped working, I know I can just reach out to TAC, raise a TAC case, and get help. That's a comfort blanket that surrounds all of us Cisco engineers. We know we can call somebody, and we know we can get through to somebody who will have the answers for us.

I would give Cisco support a solid eight or nine. It's probably difficult to give a 10 because sometimes it depends on who you get as well, but with Cisco TAC, you can always escalate cases as well. So, there's always somebody within Cisco TAC who can help you.

Positive

In the typical deployment model, we integrate it with, for example, the Meraki product line for using Cisco Umbrella directly within the Meraki dashboard. So, you can link it to an API. That's a nice integration. You're not having separate Meraki access points or Meraki MX. You can bring it all together in one place, so you've got a single dashboard. Typically, we've done that. In the bigger organizations, we have done deployments of the virtual appliances because essentially, you want to be able to identify individual users at that point. By using the VAs, you should be able to identify users on the network, and then you can deploy policies based on those user groups.

Cisco Umbrella can be deployed in minutes. In its simplest form, all you need to do is point at the Cisco Umbrella DNS servers, and that's it. It can be literally deployed in minutes. If you want to go to a different use case, for example, where you've got to deploy VAs, that's a bit more difficult, but there's something for everybody. It can be as simple or as complex as your environment requires.

I've always worked with Cisco. I've been working with Cisco products for the last 20 years. We do have other products that we can sell for a lower price point, for example, but typically, I like using Cisco products.

To any customers who want to evaluate Umbrella, the first thing I would recommend looking at would be the product sheets within Cisco. Understand the technology, understand the features that are available, and then decide what level of Umbrella or what licensing level you require to meet your business requirements. If it's just protecting some guest WiFis, for example, then it'll be a very simple deployment. If you've got Meraki kits, you can easily link those two pieces together.

Talos receives so much traffic. I did one of the sessions yesterday with the guys from Talos, and the amount of web traffic that comes into Talos for them to analyze is huge. So, as a repository of what's going on and a view of what's going on the Internet with this new malware, they're very quickly going to be able to react to that. Even with just the behavioral type analysis in terms of what constitutes bad behavior on a network, they can very quickly analyze and deploy a new solution. They update things like Umbrella, and as a central repository, it feeds into Talos, and then Talos can inform the rest of the security community about what's going on and what things you might need to block, so Talos overall has a positive effect for our clients. For them to do it themselves would be impossible. You need somebody on the Internet, and Talos provide that service. It's about control and visibility, and those certainly are the features that Talos can bring to the table.

I'd rate Umbrella a solid nine out of ten. It's probably difficult to get any product in a 10, but they are always constantly developing it. So, if you come back in a year's time, there'll always be new features than what's available today.

We have a centralized security policy. For the end user traffic from the firewall to go out to the Internet, it traverses through the secure SD-WAN going back to the data center. It passes a lot of proxies, firewalls, and different security checks. Hence, there are some performance issues. Therefore, we asked Cisco to come in and see if there were any products that could improve this situation for the local Internet breakout, and this was the solution that they brought to the table.

We have a remote location that uses Viptela SD-WAN in conjunction with Umbrella.

It adds a lot of value to the environment. The end user has been much happier with their application performance after using it. I don't see any drawbacks with this solution. 

Hybrid work is also kind of important. Some users may be working from home these days, especially after COVID, as they don't necessarily have to come back to the centralized location for security checks. They can have security going out local from their home environment as well. 

The performance has been greatly improved, especially for some of the end users who kept creating tickets and complaining that it was really slow when everything had to go through the central tool for security checks. Now, everything is locally broken out. Also, security now has all the right filters and malware checks.

The malware piece protects the network from malicious attacks. We have had a lower case of security breaches. Therefore, that brings a lot of value to the table.

The content filtering piece is something that really ties back to what my customer is using because they do have some sites that they don't want end users to go to, in order for the security to be locally available, allowing the users to break out to the Internet. The content filtering is a key piece that our customers want to test and use. So, we tested, and it was successful.

The single-pane-of-glass management is very important. Management wants to look at a single frame, then expand it to get the information that they need, without relying on engineers to take it out. Sometimes, engineers need to go down multiple levels to get the information and package it, and then it is possibly not the information that they are looking for. So, it has to be done again.

I have been using the solution for about six months.

We haven't encountered any issues.

The scalability is good. There aren't any limitations with its scalability. We can scale it out.

We have had some tech cases. However, a lot of times we have our account engineers who help out. They are very savvy and knowledgeable. If something is unknown, they will reach out to internal Cisco for help. They are pretty good. I would give them 9 out of 10.

Positive

We did previously use a different solution. 

We wanted to do the local breakout, but our previous solution wasn't able to do it. We spent quite a bit of time testing the other solution, but it just didn't work. This is why we reached out to Cisco.

We did some testing. Network connectivity was a bit of a challenge at the beginning, but we were able to get the right help from Cisco. The POC probably took a month or so

Application performance has greatly improved and there are less operational issues. Productivity has been going up because we have less operational issues. Also, we have happy customers.

Usually when we have a good solution, we share it with our peers who can then bring it to their customer's attention, if they need to solve the same problem.

I would rate this solution anywhere between 8 and 9 out of 10 because it addresses the needs of my customer, but leaving room for improvement.

Our primary use case for Cisco Umbrella is for content filtering and for different access lists. We have different lists for different departments of what they can access.

It makes it really easy to accomplish content filtering. We don't have to do a lot of customization. You just click the box for the content category and it's up to date. 

This ability is very important to my organization because we're in the financial sector and security is at a premium. 

Cisco Umbrella is pretty straightforward and simple to use. We recently did social media blocking and it was really easy for our marketing department to access it. It's pretty straightforward. 

It helped free up IT staff for other projects. It saves us a lot of time by blocking potential breaches. It's very reliable.

Umbrella has definitely helped us improve our cybersecurity resilience by blocking malicious links and adware.

I would like for them to continue building on IPS and IDS functionalities. 

We have been using Cisco Umbrella for five years. 

It's been very reliable. I haven't had any issues with it. 

The scalability is easy. It's deployed through group policies. 

We're a Cisco shop. We have a lot of their products.

We have seen ROI through its pop-up blocking. 

We hope that Cisco will help us consolidate tools more than it is now by incorporating more IPS and IDS functionality. 

My advice to someone considering Cisco Umbrella would be to focus on how easy is to use the GUI and how easy it is to navigate. You pretty much just click a box and the content categories work. 

I would rate Cisco Umbrella a ten out of ten. 

If your needs vary by department, I would advise making different groups for different departments. It's easier to do it that way than to set it up and go back to tie it to different AV groups. 

We use it to protect our users from getting to any known bad domains.

It does what it's supposed to do, protecting us from getting to somewhere that we shouldn't.

The solution also helps us remediate threats more quickly. Examples are when an email campaign comes in with malicious links, or if they're on a website like Facebook which is full of junk that doesn't need to come through.

Domain blocking is among the most valuable features. It keeps people from accidentally clicking on something they shouldn't. Also, if I see an email that comes through, I can pick out bad domains that we want to block and make custom policies to block them.

In addition, when it comes to hybrid work it's pretty effective. We've got the agents. We can protect people inside our building and, when they're using their laptops out in the field, they're still protected. It's working well.

The single pane of glass management is also pretty helpful because we don't have to hunt for what we're trying to work on.

Getting to some of the reporting features is something that could be improved. When I am tracking someone that has done something, my first hint is usually an email, because I've got those scheduled to come in every so often. But then I've got to log in, dig into that user, find the time period, and then export it. There's a lot of waiting involved through all of those steps.

It would be helpful if there were an embedded link in the email so that when it says it blocked something in particular, I wouldn't have to click through five or six different things to get what was blocked in that email. With a link like that, I could just click from within the notification email and it would take me straight to that page.

I've been using Cisco Umbrella for five years.

I haven't had any issues when using it.

Scaling it is pretty easy. Every time we need to put it on a machine, it's just part of the deployment process.

There are a lot of features that I haven't used. They've been doing a lot of work on it recently and I was talking to one of our Cisco reps who talked about some things we can do with it that we're not doing yet.

I haven't had to use technical support.

It's continuously deployed because, if we wipe out a computer, we've got to put the agent back on it. If we have to put it on a Windows machine, it's easy. If we're trying to deploy it to a Mac through Meraki, it's impossible. The method of deployment for a Mac, and the features available in Meraki, are not compatible at all. Getting it to the point where you could deploy a Cisco product with a Cisco product would be beneficial.

Umbrella is pretty invisible to our employees. Most of them don't know we're using it. There isn't a lot of user training involved, as long as your security people can get in there and do what they need to do.

It's a great tool because you can effectively block a lot of things that can infect your machines. People don't realize they're getting something that's malicious.

Overall, it has been pretty helpful for what we're using it for.