Hi,

If your company is fine with cloud based approach and if you are already using office 365.over cloud then go with Cisco Cloud Email Security with Premium license + AMP Add on. Premium will give you inbound and outbound. With outbound, you will be having DLP over email. 

AMP for End Points is next generation end point security which you can go with Cloud base approach. 

For web security, WSA is a on-premises based  full web proxy while Umbrella is cloud based. WSA cannot do itself DLP but can be integrated with other DLPs. Further there are some unique features like ba bandwidth quota management which is unique to Cisco. It do also supports AMP. 

For Umbrella, it is cloud based approach that works on DNS security. There are multiple packages available with Umbrella like DNS essentials , DNS advantage and Secure Internet Gateway Essentials.  From features perspective, the Umbrella Secure Internet Gateway Essentials is somehow close to WSA in terms of features. Have a look on these packages. If you ask my opinion, then I would suggest go with Umbrella since it is easy to deploy and manage solution and can cover most of the Web security functionality. In addition, this package can offer CASB which will do DLP for some applications like Dropbox,box,webex. This is something unique in this package which you will not find in WSA. also, protection for roaming client. With WSA you cannot protect your laptops and mobile devices if you are off network unless you turn on VPN which rarely people will do. Having umbrella connector on the devices will make your devices always protected, whether you are inside or outside of your network. This is something which make people choose most of the times Umbrella over WSA and this roaming protection feature is available in all the new Umbrella packages.

For firewall, we have Next Generation Cisco Firepower appliances that are well known in market for NGFW functions + NGIPS + IPS + Content Filtering, all in one in box.

All the above  mentioned Cisco security products can be integrated with each other using the feature called AMP. AMP can share contextual information with all the products which help us to correlate event which accelerates key security functions such as investigation, detection and remediation. For such integration, we can use Cisco threat response which comes at 0$ when we buy Cisco security products. It is actually a threat hunting tool that can talk to Cisco security products.

Thank Muhammads for your suggestions it is really help full for me, so if i am using cisco Umberella which cover most of the Web security functionality. and AMP for endpoints security. then not need to deploy WSA.

because in my network the pain area is threat prevention. Email security (DLP over email), web security.

Hi,

Yes you are right! With Umbrella, There will be no need for WSA.

There is free trial available for all these products but you need to contact local Cisco rep or partner. For Umbrella, you can start instant trial by yourself. Login to https://dashboard.umbrella.com and sign up for 14 days free trial.

if am going for the NGFW (FTD), can i manage by using the virtual FMC means not need to purchase separate box to manage firepower.

after purchasing FTD i need to purchase license for IPS/IDS and web filtering or it will be inbuilt with the FTD box.

Hi,

Yes you can manage through virtual FMC but need to buy license also for virtual FMC. Firepower 1000 and 2000 series also supports on box device manager called FDM or firepower device manager which does not need any license.

There are three features that requires license with NGFW which are IPS, AMP and Content/url filtering

I hope above is clear and POV document links worked for you. Let me know for any further info:

best regards,

Awais

Please rate and mark posts accordingly if you have found any of the information provided useful.
It will hopefully assist others with similar issues in the future

Hi Muhammad,

thanks for your guidance, it is very help full for me i have prepared POC document. can you tell me about the licensing for cisco Umbrella & AMP. i have 14 day free trial for Umbrella, after this i have to purchase license to continue all the features of umbrella. Cisco Cloud Email Security with Premium license + AMP. (for AMP any additional license will be require )

Hi,

For Umbrella, we have 3 Packages, i am attaching the snapshot for the features comparsion. Out of three pakages, Umbrella DNS Advantage is the most common one but you can choose the best one that suits your needs.

For AMP4E, as of today there is one package only but they recently announce two new packages for AMP4E which will be orderable very soon. I am attachiing the features comparsion of it.