Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Create a new blog
527
Views
2
Helpful
1
Comments

The First Line of Defence With Cisco Umbrella

Blue_Bird
VIP
VIP
‎09-19-2024 08:05 AM

Are DNS Servers Secure?

Many of today’s sophisticated attacks rely on DNS activity. Malware, ransomware, phishing, and other scams often use DNS to stage the internet infrastructure used to support each stage of their attacks.

For example:

  • DNS tunneling is often used to deliver payloads encoded in DNS queries and responses, exfiltrate data from compromised networks, and execute command and control attacks
  • DNS beaconing is often used to establish communication with a command and control server using only DNS, which is almost always allowed in a network

 

Cisco Umbrella is a security solution that evolved from OpenDNS and the OpenDNS acquisition. The Cisco Umbrella is basically a cloud deliver solution that blocks malicious destinations using DNS.

Gopinath_Pigili_0-1726755137085.pngGopinath_Pigili_1-1726755173216.png

It can be accomplished by forwarding DNS queries to the umbrella cloud on assistant DNS servers, or by running the Umbrella virtual appliances, or using things like, you know, the Windows, or Mac OSX roaming clients, or the Cisco security connector for iOS for example.

Umbrella looks at the patterns of DNS requests from devices, and uses them to detect compromised systems, commanding control callbacks, malware and phishing attempts, algorithm-generated domains, domain co-occurrences, newly registered domains, and malicious traffic and payloads, that never reach their target. Your company will get first line of defence with Cisco Umbrella.

Global Infrastructure

The Cisco Umbrella global infrastructure includes dozens of data centers around the world, that resolve more than 100 billion DNS requests, from millions of users every day. Umbrella data centers are peered with more than 500 of the top ISPs, and content delivery networks, to exchange BGP routes, and ensure that requests are routed efficiently, without adding any latency over regional DNS providers

Gopinath_Pigili_2-1726755240937.png

Anycast

Umbrella uses Anycast, specifically whenever it comes to Anycast, it's actually used in order to provide reliability of the recursive DNS services and the servers that they actually have.

All data centers announce the same IP address and all the requests are transparently sent to the fastest and the lowest latency data center that is actually available, you know, closer to you.

The Cisco Umbrella anycast IP addresses are 208.67.222.222 and 208.67.220.220

Secure Internet Gateway

When Cisco Umbrella servers receive a DNS request, they first identify which end customer the request came from, and which policy to apply. Next, Cisco Umbrella determines whether the request is safe or whitelisted, malicious or blacklisted, or risky. Safe requests are allowed to be routed as usual, and malicious requests are routed to a block page.
Risky requests can be routed to the cloud-based proxy for deeper inspection. This concept of cloud-based proxy is the basis for the Secure Internet Gateway, or SIG.

Traditional web proxies or gateways examine all internet requests, which adds latency or complexity. The Cisco Umbrella Secure Internet Gateway proxy intercepts and inspects only requests for risky domains.

Gopinath_Pigili_3-1726755656458.pngGopinath_Pigili_0-1726757159283.png

 

Cisco Umbrella Investigate

Cisco Umbrella Investigate provides organizations access to global intelligence that can be used to enrich security data in events or help with incidence response. Global intelligence includes and Cisco Talos threat intelligence and third-party intelligence.

Investigate provides the most complete view of an attacker's infrastructure and enables security teams to discover malicious domains, IP addresses and file hashes and even predict emerging threats.

With the integration of Cisco AMP Threat Grid, data in Investigate, intelligence about an attacker's infrastructure can be complemented by AMP Threat Grid intelligence about malware files, providing a complete view of the infrastructure used in an attack.

Gopinath_Pigili_0-1726814751324.png Gopinath_Pigili_1-1726814840386.png

 

 

 

Umbrella DNS is the simplest way to protect your users everywhere in minutes. You can go through the following link that guides you to Setting up your recursive DNS:

https://umbrella.cisco.com/products/recursive-dns-services

Cisco is offering 14-day free trail of Umbrella dns service. For more details, please go through the following link:

https://signup.umbrella.com/?utm_content=automated-free-trial&_gl=1*zo9oaw*_gcl_aw*R0NMLjE3MjY3NDk4NjguQ2p3S0NBandsNi0zQmhCV0Vpd0FwTjZfa3BjN1FrOHRGVnlTSXR5STdFX2tsZnVSSDRpMVlLdkxqUVNFbzBWVEl4WFlTX3l3VHVEbmxSb0NyVk1RQXZEX0J3RQ..*_gcl_au*NDU1Mzk0NTg4Lj...

To know more about Cisco Umbrella product packages, please use the following link:

https://umbrella.cisco.com/info/package-comparison-and-consultation?utm_medium=search-paid&utm_source=google&utm_campaign=UMB_APJC_IN_EN_GS_Branded_Cisco_T1&utm_content=SIG-FY24-Q1-Umbrella-Content-product-package-comparison-download&_bt=688735406797...

 

 

 

1 Comment
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Popular Articles
Customers Also Viewed These Support Documents