I work at a large university. I am currently researching DNS security solutions.
If you had to choose one or the other, would you choose Cisco Umbrella or Palo Alto Networks DNS Security as your DNS solution, and why?
Thank you for your help.
I would choose Umbrella first. Firstly, it's 100% cloud-based (private Cisco cloud) from the ground up, with no need for a new appliance, firewall, or server and they have their own DNS servers worldwide in an anycast configuration that has never ever been down. Those DNS servers do the filtering for you so the university network won't be affected by filtering. It's highly scalable and you can choose between different packages with other Cisco security products integration or more advanced information. Umbrella uses data from many different security sources, even AI so it actually filters sites even before they get publicly reported as malicious. It's a very proactive solution. It's very easy to set up initially from a central location even though you may set up different networks with their own filtering rules. You can set it up initially with basic filtering rules very fast and make it more complex later on. They offer special education institutions discounts even though the solution is already very competitive cost-wise. They invented DNS security and have been working on it longer than anyone by far. I've been using it for over 10 years, even before it was bought and enhanced by Cisco's own products (the solution was named OpenDNS Enterprise before) with no problems whatsoever. The other vendors have yet to catch up with them IMO. Their support is very good although you seldom have to use it. By the way, you may contact many universities and other educational institutions which have been using their solution for a long time for advice. Another big advantage is you can take advantage of it even in a hybrid working solution. Even if your students or faculty access or work from another location they will still be protected through the use of an agent. And you can integrate login through the active directory. To summarize, no other product compares for versatility IMO.