Anyone knows if Firesight security intelligence feeds from talos are the same maliciuos dns/url/ip lists used by umbrella?
In other words, can we say that a user under umbrella and a user under a firesight sensors with security intelligence applied have the same level of backlisting protection?
If the firesight is configured with a dns policy (default one has no blacklists in it) and firesight is configured with URL filtering then yes.
But if the user goes off site, they'd have to vpn into the network to maintain the firesight protection.
The umbrella option would also require 'Insight' not 'professional' in order to receive Proxy protection and not just dns.
I believe Firepower's URL categorization is still using the Brightcloud backend data source and not Talos intelligence.
Blacklists etc. should both be from Talos.