Overview

Cisco Umbrella is a cloud security platform that provides the first line of defense against threats on the internet wherever users go. Because it’s built into the foundation of the internet, Cisco Umbrella delivers complete visibility into internet activity across all locations, devices, and users, and blocks threats before they ever reach your network or endpoints.

By analyzing and learning from internet activity patterns, Cisco Umbrella automatically uncovers attacker infrastructure staged for current and emerging threats, and proactively blocks requests to malicious destinations before a connection is even established.

With Cisco Umbrella, you can stop phishing and malware infections earlier, identify already-infected devices faster, and prevent data exfiltration. And because it’s delivered from the cloud, Cisco Umbrella provides an effective security platform that is open, automated, and simple to use.

Check it out here: Cisco Umbrella Lab v2.2

Scenarios

Scenario 1: Deploy Umbrella, create policies, generate activity

• Exercise 1: Access Umbrella and deploy a network
• Exercise 2: Deploy Umbrella roaming client
• Exercise 3: Enable AD user identity with Umbrella roaming client
• Exercise 4: Create basic policy
• Exercise 5: Generate browsing activity and run a basic activity report
• Exercise 6: Install AnyConnect roaming client (optional exercise)
• Exercise 7: Deploy virtual appliance (optional exercise)

Scenario 2: Reporting

• Exercise 1: Security Overview
• Exercise 2: Security Activity
• Exercise 3: Activity Search
• Exercise 4: Destinations
• Exercise 5: Identities
• Exercise 6: Other reports and options

Scenario 3: Umbrella Investigate

• Exercise 1: Get additional information about a domain
• Exercise 2: Incident Investigation
• Exercise 3: Pattern Search & Proactive Research
• Exercise 4: Completing the view of an attack with AMP Threat Grid

Appendix A: Quick reference to Umbrella components and terminology

Requirements

Topology