Unlike proxying all web traffic, Cisco Umbrella DNS-Layer protection use “selective” proxy mechanism to intercepts the web traffic, in Cisco Umbrella terms this feature is called “Intelligent” proxy.
Umbrella classify all domains into three category - Good, Bad and Grey.
Umbrella's intelligence is able to determine what gets proxied; thus, not all traffic is proxied.
-Domains that are bad: those are stopped immediately by Umbrella at the DNS Layer.
-Domains that are good: Cisco Umbrella returns the ip address of the legimate website and never proxied.
-Domains that are on the grey list and present a risk: Cisco Umbrella returns the IP address of the Intelligent Proxy, Umbrella cloud proxy servers uses the ip address in the range 146.112.0.0/16.
To summarize, Cisco Umbrella DNS Layer Security with Intelligent Proxy is called Selected Proxy. Because proxying or not web traffic is done automatically based on the reputation of the domain (Good and Bad not proxied, Grey is proxied). This is why we call it Selected Proxy.
Unlike with Selective Proxy using Intelligent Proxy at the DNS Layer. Cisco Umbrella includes a new layer of security called Secure Web Gateway or SWG. This component provides a Full Proxy of all web traffic. SWG is your Web Security Appliance in Cisco Umbrella. Unlike with Intelligent Proxy feature at the DNS Layer Security, Secure Web Gateway provides additional security such as :
- Threat Grid sanboxing
- Application Visibility Control
- Granular logs Web Transaction and
- File Type Control
DNS Layer Security is implemented using DNS Policies and you can decide to enable or not Intelligent Proxy in each policy.
Secure Web Gateway is implemented using Web Policy.
