Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2282
Views
0
Helpful
4
Replies

Help with Umbrella Blocking

scisco
Level 1
Level 1

‎02-02-2023 12:04 PM - edited ‎02-02-2023 12:22 PM

We turned on content monitoring and have blocked all the listed (by Talos) cloud storage websites, but now we are seeing users finding lesser known storage websites to get around the Talos list. Is there a proactive way to handle this? We only recently found out by looking at the log of websites visited by users on our network.

Labels:
0 Helpful
4 Replies 4

Konstantinos9
Cisco Employee
Cisco Employee

‎02-03-2023 06:17 AM

Hi,

For sites that appear not to be categorized or not properly categorized, you can open a support ticket and ask for the domain to be investigated and categorized. You may also use the Block Lists to block those domains.

Another option, since you can find these domains in the reports, would be to try using the Application control. Have you enabled Application control? and if yes, have you checked if those services appear under cloud storage or a similar category? Blocking the category from application control could be what you're looking for.

Both for content categories and application control, I would suggest also to review some similar categories, like "file transfer" etc.

Let me know if the above is helpful.

Thanks

Konstantinos

0 Helpful

scisco
Level 1
Level 1
In response to Konstantinos9

‎02-03-2023 12:41 PM

We currently have the content category enabled to block file transfer websites (enforcing the list of websites in umbrella). If a website is not categorized or tagged on this list we are struggling to block this.

Just to clarify when you say using the application control. Are you saying the website the user visits would also show up in the application log as a potential file service category? Think I'm a bit confused here. Could you give me a very simple example of how this would work?

0 Helpful

Aref Alsouqi
VIP
VIP

‎02-03-2023 06:34 AM

Or another option would be to use the allow only mode on Umbrella. What this basically does is blocking everything with the exception for whatever you allow. It is kinda the way around of what you are doing right now.

0 Helpful

scisco
Level 1
Level 1
In response to Aref Alsouqi

‎02-03-2023 12:30 PM

Is allow only mode the same as blocking newly seen websites feature? Basically block everything and then we determine exceptions 

0 Helpful
Customers Also Viewed These Support Documents