Cisco Umbrella Reviews

We are using this solution for DNS filtering to try and make sure that users do not make ill-advised clicks and find themselves in harm's way. Once we started to implement it, we realized that just putting Cisco Umbrella appliances on the company's network was not good enough. The notebooks travel and the risk factor travels. We switched over and for some time now, we have deployed it predominantly on roaming clients.

In the current environment, it is a good thing we had deployed the Cisco Umbrella before people started to work from home because of COVID. The risk factors went up and the amount of thoughtfulness that people put into, "Is this a real message or is this phishing?" People became lax. If we did not have this solution, the number of clients that we would be dealing with attack issues would have mushroomed to a much higher level than we had to deal with. Umbrella has been a godsend for that.

The most valuable feature is the ability to block users from reaching places that they should not even try to reach has been a boon.

Once we were given a roaming client and we did not only have Umbrella servers filtering the traffic as it left the perimeter. They were giving us what we want and did not have to worry anymore, I was happy with the solution. I view it as a mature solution that delivers what we need.

One of the issues with Umbrella is as you get into endpoint detection and response, such as EDR point solutions, some of them will not integrate well with Umbrella. Sometimes when you want to use technology, such as Always On VPN, it will not work. There are some looming issues as one type of technology starts to crossover with Umbrella. That is the challenge and Umbrella should find a way to be more compatible with some of the endpoint response solutions that are coming out on the market.

I have been using this solution for a long time since it was OpenDNA which was before Cisco bought it.

There are no scalability problems with this solution. They do a good job of having updated servers around the world and at all hours of day.

One of the issues with Cisco technical support is that it is all linked to them having all of the maintenance contracts always running. If you work with a customer base where not everybody always renews their subscriptions and you need to get support but you did not sell the solution, it can make reaching the support a challenge. There is no problem with the quality of the support. However, sometimes Cisco's arcane rules regarding how they register and do tracking make it difficult for a managed service provider to get the support they need. 

We do not have a problem with getting support for Umbrella because we have a contract for that. It is trying to get support for all the various pieces of networking hardware that customers have not maintained properly difficult, Cisco is not easy to deal with in this regard. 

The initial setup is straightforward.

When talking about Cisco solutions in general there pricing model is horrible. For example, you can sell a Meraki-based solution, but if the customer starts shopping around, someone is going to have access to the pricing at a level that you cannot compete because they do not have uniform pricing. Not everybody gets fair pricing. Unless you are one of the real major corporations selling the solution your ability to compete is impossible. Cisco will acknowledge the situation and assure you next time it will be in your favor but it never becomes favorable for you. Cisco is not very good in this regard. However, Umbrella is good.

If you are not using some form of DNS filtering to guard against threats, you are not doing a good job on security in the current climate anymore. 

I rate Cisco Umbrella a nine out of ten.

We are a reseller and Cisco Umbrella is one of the products that we sell to our customers. We offer it as a managed service provider. This product provides security for remote workers and it helps to improve enterprise security in a very easy way.

It is mainly used for remote workers and for people that live outside the enterprise premises. It gives them security while they are on the road.

Because our clients' end-users are mainly on the road, it is very easy for them to get infected and lose information. After we installed the Cisco Umbrella solution, importantly, they have reduced the number of infected cases per month.

The most valuable feature is the website protection capabilities because it prevents end-users from entering bad sites that potentially have malware or could be used for phishing. Ultimately, it helps users avoid the wrong sites.

It is very easy to integrate.

I would like to see more intelligence built into Umbrella.

In the future, they should combine some of the Cisco AMP features that they already have, for anti-malware purposes.

We have been working with Cisco Umbrella for more than two years.

This is a very stable product and helps to improve the security posture of the enterprise.

We have clients that range in size from small to large-sized organizations.

Cisco's support is very good and, in fact, one of the best.

Because the product is very easy to use and very stable, we have not had to rely on support from the documentation or the community.

The initial setup is quite straightforward and easy, and the deployment can be completed in a matter of days. You deploy the agent to Active Directory, for all of the installations, and you're done.

We deploy this solution for our clients because we sell it as a managed service.

Outside of the United States, we have issues with the exchange rate that increases the cost.

Overall, this product works smoothly and perfectly.

I would rate this solution a nine out of ten.

We are in trial mode and use it for a distributed national environment. It provides category and security coverage for endpoints regardless of their location. As a mobile-first workforce, Umbrella always provides DNS-based security, even if endpoints roam in unfriendly waters. 

It provides centralized, device-agnostic management of the Internet experience. It has the ability to quickly block new threats. 

• Holistic approach
• DNS fronts most traffic.
• Quick console
• Instant management across platform
• Reporting is simplistic.  

• It needs better integration with external threat feeds to improve scoring. 
• I would like it to automatically feed to the customer's SIEM. 

It needs a better price point. 

We use Cisco Umbrella for protecting the web surfing channel.

When users are accessing the internet, mainly for web surfing,  Umbrella will protect the access to the internet.

The most valuable feature is the ease of use.

It's very Robust.

It offers good visibility for the Administrator. The administrator has full visibility of what is blocked or has the knowledge of where users go when they are surfing the internet.

I would like to see more integrability with other products.

If I could take this information and integrate it with other products, it would be beneficial.

We have been using Cisco Umbrella for two years.

We are using the latest version.

We have no issues with the stability of the Cisco Umbrella.

Cisco Umbrella is a scalable product.

We have 100 users in our organization who are using this solution.

Technical support is fine.

For us, the installation was very easy. 

We had the option of using the on-premises device, which would give you better visibility, but we didn't use it. This choice made the installation very easy.

The licensing fee is paid on a yearly basis.

The price is okay. I don't have any issues with the price of the Cisco Umbrella.

I would recommend this solution to others.

I would rate Cisco Umbrella an eight out of ten.

We act as an MSP for our organization, and we use this solution as part of the service. We are the parent company and we acquire insurance agencies. Typically, these agencies have between twenty and one hundred and twenty people. We do not force them to move onto our system; However, we show them what value they will receive by us taking on their network infrastructure. This includes the firewall, switches, IP phones, email platforms, etc. 

This solution allows us to manage our four hundred locations under the same umbrella, with the same configurations. It makes it easier to troubleshoot and provide the same solution to everyone.

The most valuable feature of this solution is its reliability.

Security, overall, can always be improved.

The stability is good, and we have had very few problems with the equipment. The problems that we've had have been with our carriers. I can, pretty much, put a solution in place and not even worry about it.

My impression is that this solution is very scalable. It allows us to grow. We can add fifty sites per year, easily, and not really have to redesign from the ground up.

When we need technical support, they're usually very responsive. I usually get a solution or an answer between thirty minutes and a couple of days, depending on what the technology is, and whether the issue is critical or not.

The smaller sites typically use non-enterprise grade equipment, and we switched because it is easier to manage the solution, especially when it's set up to our standards.

The initial setup can vary in complexity depending on the size of the agency, as well as other factors including what they already have in place.

We do all of our integrations in-house.

We have most definitely seen ROI. In most cases, when we take over, we're always saving on monthly costs. The turnaround investment is usually under a year.

There is a one-time cost of approximately $800 USD per user, and then a yearly support fee of about $50 per user. Our fees end up being about $150,000 USD per year.

We have one vendor, and interoperability is not an issue when we use Cisco.

This solution had been pretty good and it fits our needs. If we have business needs change then we will look at whether the current solution can do it. If not then we have to reach out and find something else.

My advice to anybody who is researching this type of solution is to do their homework when it comes to comparing products. Compare apples to apples, and ensure feature parity. I would stress that the support organization behind the product is very important. For us, any of the other products that we've used just haven't performed up to the standards of what we are doing.

I would rate this solution a ten out of ten.

We needed the product to enable a whitelist-only browsing mode for certain computers for a client. After that was implemented, I was able to configure a virtual appliance (which became the DNS server) to connect to a local AD server and relate traffic to an AD user name. From there, we could track and monitor where users were going and perform web content filtering to prevent video streaming and certain social media sites. This in turn positively affected productivity.

I don’t remember the specific examples of data I was trying to filter out but it was related to ads being hosted by a CDN such as Akamai. Links and images were being hosted there for quicker localized delivery yet the users were not actually going to those sites. Due to that it was showing that those sites were being visited the most, which wasn’t the case.

There was a positive effect on productivity because we could track and confront the users that were frequently using social media or streaming video during the work day. They weren’t wasting as much time after OpenDNS was implemented.

It gave us new capabilities and made users accountable for their browsing while at work.

I would like to have the ability to prevent certain sites/data from showing on the reports. I have had this feature request open for a couple of years. It would be useful to have for filtering out unuseful data.

I have been using this solution for the past two years. I previously used the free solution 6-8 years ago.

I did not encounter any issues with deployment, stability or scalability. I had a Sales Engineer assist with the setup for one portion, but was able to figure out the rest with no issues.

No

Excellent

Excellent, their Sales Engineer was very helping in getting the AD sync setup.

No

Initial setup was straightforward. Any questions I had were already answered on the forums.

A vendor team was only needed for one small portion, which was setting up the virtual appliance. I would recommend trying to figure out the setting on your own first before reaching out to support. I found it very simple.

We were able to resell the service for a 100-200% profit.

Due to past experience, I knew it would do what we needed and the website has an intuitive interface, so there was no reason to research alternatives.

The primary use case for this solution is for DNS based attacks and for malware protection. It has a malware protection engine.

If you install Cisco Umbrella Clients on the remote PC, you can do URL filtering, malware protection, and you can check the health and status of the device itself.

All of the DNS Queries are sent to Cisco Umbrella and you have more visibility of what users are asking, as well as what users are accessing over the Internet. 

You have all of the details and all of the information of what the users are accessing, even before they get access to the website. For example, if one website is malicious and it has some malware and some viruses in it, and a user sends a request to this URL, it will be reported in the Cisco Umbrella Cloud before the user gets the response back from the webserver. 

It will protect, give you more robustness, and faster responses, compared to any firewalls or any of the proxy web servers.

Based on the DNS, Web proxy, and other servers, it waits until after the DNS request. It will put in its action after the user gets it by the webserver when the response is coming back. 

In the end, the response from the malicious server will come into your network. Cisco Umbrella cloud has stopped it before that. You have one more layer of security on top of the URL filtering or on top of that server response.

The deployment was for two thousand plus users. We have multiple sites, and we have some remote users in different locations.

Cisco Umbrella is a fitting solution for DNS-based attacks and malware protection. It is a very good solution for that, and especially for remote users.

The most valuable feature is that it prevents DNS-Based attacks, which is quite common these days.

The DNS Query is first sent by the user and then it will communicate to the URL. If you are requesting for some URL it process also to an IP.

The basic functionality of Cisco Umbrella is to save this type of request and to have a more secure way to communicate the DNS Query back to the user. Any attack based on the DNS Query is stopped by Cisco Umbrella.

If you have a proxy, for example, if my DNS server is 172.19.222.21 and I make a server on the same IP or different IBN with the same DNS name, I can make a proxy and the user request will come to me and I can send this user any way I want. So based on these types of attacks, Cisco Umbrella protects the user.

The user requests a lot of DNS queries. Even if you don't know it or if the user is not accessing any URL, the laptops or any PC keep on accessing different URL's and you are not aware of it or if it is good or not. Cisco Umbrella gives you the visibility and you know what is happening from this laptop or this endpoint.

Cisco Umbrella does not have a Malware Protection engine itself. It would be useful if they had a malware protection engine running inside their own VM.

They have some VM appliances with the installing enterprises for limited access for the DNS proxy to the cloud. If they had this feature running inside the VM, it would be much better.

It would improve this solution to have applications hosted on the cloud.

I would like to see the application that they promised. If you have an application running inside your environment, with multiple portals, as an example, we have our employee portal, ERP and some other portals. These portals will be accessed through the Cisco Umbrella Cloud, and the deployment will be a VPN-based deployment, Cisco Umbrella Cloud will be connected to your enterprise and afterward, you can just click on this application using Cisco Umbrella Cloud subscription, and you will have the access to your application anywhere in the world, and you don't have to publish it. You will save public IPs, and a lot of bandwidth because publishing requires bandwidth. 

All of the users from outside will be coming inside your environment and will be accessing the web servers, so there is no need to publish.

It will be some time before this feature is introduced. They are working on it and it is still not ready.

I would like to see IPS-based solutions. To have an IPS solution inside the Cisco Umbrella cloud. 

If there were an IPS product built inside the solution, it would be very good. It would be a one-box solution. With this one-box solution, you wouldn't need any extra security layers,  and you don't need any WAN solution.

There is a solution called Carbon Black. This solution can do sandboxing solution inside the PC. It checks the application which you are accessing, and what you are installing on your PC. It checks everything. It does a compliance check.

If these types of features are available on the Cisco Umbrella, so you wouldn't need any other solutions installed on your PC. It would be one solution that does everything together.  I would, like to see this.

It's quite stable. It's a very stable product, and, it's quite straightforward. We deployed this solution a year ago with no issues afterward. We didn't get any complaints. There are some categories, and filtering that will block you for something which is not malicious, but it is considered as a threat to Cisco Umbrella. You will need to white list some IP address or some URLs manually if it's under your corporate use for some reason.

This solution is quite scalable. It is a cloud-based solution. If your users are spread all over the world they can access Cisco Umbrella using an internet connection and it's quite straightforward. The scalability is quite robust and we can implement it anywhere in the world.

We are using this solution every day. Even if I try to access something now from my corporate laptop, the request will go to Cisco Umbrella, the DNS is configured as Cisco Umbrella.

Currently, we don't plan to increase our usage because we don't have more users at this time. If we scale or we are expanding and we have more offices, in the future we will increase the number of endpoints or number of users.

As we are running our virtual environment in our enterprise, it's not a problem. Normally if you are going to implement VMs, it will be a large scale deployment. If you have more than 2000 or 3000 users and you want a faster response from Cisco Umbrella, you have this VM.

If you have this type of environments, of course, you have a virtual environment, you have any hypervisor like VMware or Hyper-V and you have a big compute, you can manage two VMs from that. It's not an extra cost.

We have four people who have access to Cisco Umbrella. However, it doesn't require much administrative work. It does its job, and only needs a one-time concentration, afterward, all that needs attention is checking to if there are any blocks on anything.

If Cisco Umbrella blocks a user, they will notify the user. The user will get a message that they are locked under this condition and this category. The user will then notify us and complain that they have been blocked. We will check the status on the Cisco Umbrella portal and proceed to whitelist it if, it is a legitimate request.

The technical support is quite good. This solution itself is not complex and everything is cloud-based. If there are issues or if something indicates that you cannot manage two portals, you can just open a claim with Cisco Umbrella and they will support you. 

The only concern is that if something goes wrong, or, something is getting blocked and if something is not as per your requirements, you don't have any visibility. You will never know what was done to correct the issues. Because it is cloud-based, they will not show you what they are doing on the server level. Without having the visibility for the solution itself you will never know what actual solution is working behind the scene.

Before Cisco Umbrella, we were using the Infoblox solution. It was not an easy or flexible solution. Infoblox is an on-premises solution that requires a VPN, or all of the users need to connect to a VPN, just to get the DNS resolutions. This was not easy, and it was not easy to implement.

The initial setup was quite straightforward. When you subscribe to the Cisco Umbrella services they give you some public IPs. With these IPs you have a few options:

• You can copy these IPs and user features for the DNS and the communication will happen directly through the cloud. 
• You can install the VMs in your corporate environment having all of the communication through the VMs and the VMs will communicate to the cloud. 
• You can install a Cisco Umbrella application on your PC and install the external script that has the public IP for the DNS for the Cisco Umbrella.

The deployment strategy was straightforward, and it took approximately two days for deployment.

Because we had over two thousand users, we created a script on SSCM. This is a software center manager for Microsoft, making the script accessible to all of the users. This script changed all the DNS IPs to the Cisco IP addresses. Once this was complete, we installed the Virtual machines, which are the DNS proxies for Cisco Umbrella and we configured the public IPs for Cisco Umbrella. These were the only two steps that were required, taking two days for two-thousand-plus users. It was quite simple, but, if you had to do it manually, it might take some time having to do one at a time for more than two thousand users.

If you have some automation, it is quite easy.

It has a public cloud and it is like a hybrid type of deployment. We have umbrella VMs installed in our enterprise areas, in DNS, in our remote offices, and our main HQ.

These VMs, are like proxy DNS servers. They will save a URL resolution and has a policy-based engine as well. For example, if you are searching google.com or something that is being searched quite frequently, it will store that data, and it doesn't communicate to the cloud every time, giving you a faster response with limited cloud access.

Our service provider is Cisco. They have their Telos Cloud, hosting the Cisco Umbrella Solution.

After this deployment, you need to do quite a lot of fine-tuning because there will be many false positives blocks, especially if you're using the malware engine. It will keep blocking some ADME files that are used in your corporate environment, or if it's an in-house developed application, it will be blocked because the code of the application is not registered with the Cisco Umbrella Cloud, It will keep on blocking, until you whitelist that code and whitelist that UUID, just to have this application running.

We did the implementation ourselves with some assistance from Cisco support. We didn't have any on-site engineer to do the deployment or implementation.

It only took two people for the installation process. I was on the network and phone system side and another colleague was installing the service on the Cisco Umbrella Solution.

We require four people who maintain Cisco Umbrella. 

This is a good solution, and there are many advantages to this solution. 

There is a return of investment. 

If you have this solution you don't need a big firewall or many security solutions in your environment. Because it's a cloud-based solution, you can access this over the cloud anywhere in the world. You don't need to build a big infrastructure. It will give you more return on the cost than you are putting on it.

We have Cisco ELA, it's an enterprise agreement, which covers everything under security, that is offered by Cisco Umbrella. With this, we have the complete Cisco Umbrella portfolio. We have everything related to security from Cisco Umbrella. This also includes the Cisco Umbrella suites.

We are paying yearly for all of the Cisco Umbrella applications and appliances.

Cisco has a model called ELA. With ELA, if you buy the solution you will have the complete security portfolio and you can pay it yearly or after three years, it depends on the contract.

It's a subscription-based solution. If you're running multiple solutions it is more cost-effective. For example, currently we have Cisco Umbrella, IronPort, WSA, Cisco CWS Cloud, and we have Cisco's FTD solution. If we were running these solutions separately it would be more expensive. 

If you are doing a VM deployment and you have a VM appliance, you will need some compute. 

The only additional cost will be for a server.

We evaluated another solution but the Cisco Umbrella solution is much more compelling. It doesn't have the on-premises appliances or any restrictions for the user to connect through the corporate environment.

If the user is anywhere and the user is connecting to the internet, they will make a micro VPN through the cloud and it will connect to the VMs in our corporate environment automatically. It doesn't require any manual configuration nor does the user have to initiate anything on the PC.

The other solution has a touch button application, on the PC. If you click it, it will create a channel with the appliance in your HQ or your remote office and then you will be able to connect to the internet or you can resolve DNS with queries. 

As this solution was not flexible, the management chose not to go with it.

If somebody is looking toward the Cisco Umbrella solution or if they have an NGIPS, NG firewalls, next-generation firewall solutions and if they are looking for DNS-based security, and if they are implementing it then Cisco Umbrella is a good solution.

Keep that in mind that it will make a lot of noise, users will be blocked at the beginning and many of the URLs will be blocked. It will need to be fine-tuned.

The fine-tuning is required one month after implementation. You will need to fine-tune the OpenDNS Cisco Umbrella database, just to have all the URLs there for your corporate environment, because there will be some false positive blocks. These issues will have to be fixed yourself. You will need to make sure that you are doing it. Other than that, it is a quite straightforward solution.

I would rate this solution an eight out of ten.

If the suggestions are implemented I would then rate it a ten out of ten. They would be one of the first companies on the market doing this. You will not find anyone on the market with any DNS security solutions like this for Cisco Umbrella. They are the market leaders for DNS-based security at the moment. If they have these suggestions in their portfolio it would be the best solution, covering every point of its endpoint security.

Custom whitelist/blacklist/block page allows us as consultants to tune web content filtering for the SMB market.

OpenDNS supplements other security solutions to allow for blocking through DNS requests, which is common for malware to use to bypass other security mechanisms.

This product needs policy scheduling for enforcement by category. Notice in all the packages, there’s no scheduling. In the Insights or Platform package offerings, you can now essentially have multiple ‘policies’ per AD user or network group. What’s missing is that I still can’t set enforcement to block certain website use at this time of day or these days of the week. For instance, a company may allow streaming audio sites for music only for night shift workers to help them keep awake and versus dayshift workers.

I have been using the web-based, small-teams edition since 2007 (nine years).

We have never encountered issues with general deployment.

We would rate customer service and tech support after the Cisco acquisition a 5 out of 10.

We’ve used and deployed ZScaler, Websense, and other UTM-based blocking solutions. This product is not always the best if you need complex policy and scheduling, and other user soft-pass through authentication.

Initial OpenDNS setup is straightforward if you have a static IP address and you apply the DNS forwarders appropriately. This is literally a five-minute-or-less change.

We always implement for ourselves and for others in-house because of ease of use. Implementation-wise, companies should be aware that changing DNS forwarders might impact their global DNS operational needs. OpenDNS servers are also slower than something like Google DNS.

Pricing needs to be reduced for SMB based on the blocking capabilities and the lack of other features that you just cannot do in DNS, such as authentication-based filtering.

Also, scalability-wise, the pricing is more of a challenge for enterprise-class environments because of the pricing model.

OpenDNS is either a good complement to your existing web content filtering solution at the enterprise level, or it is a good free or easy-to-deploy alternative for home and SMB use.