As a Cisco partner, try to test things on our own before we position the product to our customers or educate partners on it. So, the primary use case was to test things out and to be our own first customer. We started using it internally for our own purposes to secure our access to the internet with Umbrella.
We use Cisco Umbrella to secure internet connectivity and especially to focus on the threats introduced through web browsing. This is because most of the applications the workers use are browser-based.
The traffic, by default, is typically encrypted with HPS, and we use Cisco Umbrella to get more insight into that traffic. The classical security appliances have very low visibility into them. This is where we see Cisco Umbrella have the most traction.
In general, it increases the security level. It helps us prevent threats from being accessed. Also, the visibility into internet bounce traffic is increased. So, in general, it increases the overall internet security of the organization.
One valuable feature is definitely its simplicity in terms of deployment. It is very easy to integrate it into the environment without any heavy lifting. Users didn't notice that we implemented it. You can start with a very low monitoring mode and start observing what Cisco Umbrella sees.
In terms of helping workers feel safe, secure, supported, and included, the solution is pretty transparent to the end user in most cases. They don't necessarily get any confidence from it, but it's supposed to be that way. It's supposed to be as transparent as possible. However, when the end-user accesses a site that is blacklisted or treated as potentially suspicious, he or she will see a warning displayed. This gives them additional confidence that somebody else is taking care of the details and that they can confidently browse around. If they come across a suspicious site, they know that they will get a warning or advice on how to proceed.
Cisco Umbrella supporting hybrid work environments is important. Within our organization, even before COVID, a lot of us worked remotely from time to time. For companies that we work with, it has become a reality with COVID. Before, everybody was working on site, and now, that's no longer the case. It is important to have flexibility and know that even if we work from home or from another place we're still secure.
For all Umbrella-related things, it does provide single-pane-of-glass management, but it's one component. If I look at the typical employee, he is only one piece of the puzzle. Other solutions, like, for example, AnyConnect for remote access, are managed separately. For Umbrella-specific items, it's a single interface for management. For monitoring, policies, and troubleshooting a specific case, everything is in one place. I don't need to go through the logs to know where to look.
My organization is not very large, and I'd say my colleagues are pretty proficient. So, it's not a high priority to have single-pane-of-glass management, but it's always good if solutions are capable of integrating together. If by enabling single-pane-of-glass management the workflow is simplified and the day-to-day operations are a little easier, then that's something we definitely want to benefit from.
The administrator user experience is definitely optimized by single-pane-of-glass management, especially if the personnel are busy. Then, it helps if all the relevant details are in one place.
In terms of maintaining network connectivity, Umbrella on its own is pretty user-friendly. It is easy to set up and maintain. It's one of its strong suits.
For the branch and campus, it's very simple to apply and maintain network connectivity. For the home environments, there are options to integrate it into the employee's PC as well. Cisco Umbrella supports different methods for different environments so that you can achieve the level of implementation that you need. It's where it should be.
It's very efficient in securing the infrastructure from end to end so that we can detect and remediate threats. You can simply adopt it right into the environment, and you don't need to build the rule sets on your own. It utilizes best practices, and it's very easy to set up policies such as potential malicious categories on the internet, what you want to block, what you want to filter out, etc. It's very easy to implement those.
When you go through the reports, you can see what kind of threats were blocked. Luckily, we haven't had an incident where something got through and caused a security incident.
In terms of metrics on how Cisco Umbrella has been able to remediate threats, the numbers look pretty impressive. However, it's hard to assess how serious that potential threat really was. It's hard to put actual weight on the numbers to determine how meaningful those numbers are.
The value that resilience helps offer in cyber security is pretty high. Cyber security resilience is a high priority in our organization. It's important to our customers that we handle what we do for them in a secure manner.
I'd like to see this solution more closely integrate with other products Cisco has in its portfolio.
I would also like to be able to manage the identities, for example. If you define them in ISE, it would be good to be able to use the same identities also within Umbrella. It would simplify the use of multiple products within the organization from the same vendor.
I've been using it for about three years now.
Stability-wise, Cisco Umbrella is pretty robust. The uptime statistics are very high. There are, generally, no issues with stability.
Our organization isn't very large, but it's pretty scalable for larger organizations. At the moment, it's not a limiting factor.
Technical support is one of Cisco's strong suits. In my experience, the Umbrella team has been very quick to turn around requests. It's even been above average by Cisco's standard compared to the turnaround time for other Cisco solutions and products.
I would give Cisco's support a rating of nine on a scale from one to ten.
We deployed it by configuring local devices to redirect the DNS request to the SAS service Umbrella provides.
The solution is cloud-based. You just send your DNS request or your traffic to it. You can start with a monitoring-only mode. So for example, you can redirect the DNS request and start observing what Umbrella recognizes. Later, you can start defining the policies, setting up the enforcements, etc. You can very quickly get to the first results.
Actual ROI numbers are really hard to measure and determine. Generally, we see that customers who implement Cisco Umbrella and start using it tend to renew their licenses. They adopt the product, and they recognize the value it brings. I think this shows that there was a return of investment for them and that it achieved the desired level.
Licensing with Cisco can be a little complex, but I think it's comparable with that of other similar products. It's always hard to put a price on security, but the price is fair for the value it provides.
We're a Cisco partner, and we work with a lot of Cisco solutions. So, it was pretty easy for us to decide what we wanted to try and test. We didn't really do competitive selection and assessment, and it was pretty straightforward for us to go with Umbrella.
I would rate Cisco Umbrella at nine on a scale from one to ten.
