Cisco Umbrella Reviews

We're using Cisco Firepower to replace the ASAs as perimeter firewalls to the university's network. We're predominantly using Cisco Umbrella for web filtering of staff and student web traffic that is generated from the university campuses.

Cisco solutions are simple, efficient, and effective. We're definitely seeing that our users are protected by using these solutions. We're using Cisco Umbrella to protect around 1,500 staff and about 15,000 to 16,000 students. At any one time, on our campus, we could have 3,000 student endpoints protected and about 1,500 members of staff with laptops who are working hybrid since COVID. So, they're protected when they're on campus and when they're off campus. As a university in Edinburgh with three main campuses, we have two internet connections where firewalls protect us from bad stuff on the internet.

Cisco solutions have invariably saved us time. Without them, we would've had ransomware attacks and cyber attacks. So, they have helped protect us as much as they can. I don't have the metrics, but it's a university, so we're probably quite often under attack.

Our operating expenditures (OpEx) haven't really reduced. With moving to subscription-based, our OpEx has probably gone up rather than our CapEx coming down. 

The insight into what our users are doing via Cisco Umbrella is valuable. Knowing that we're protecting our users as they leave our network is also valuable now because we've got more hybrid working. With Cisco Umbrella and Cisco Secure clients on all our hybrid working laptops, we know that our staff is secure even when they're working from home.

They should provide more integrations and bring things together so that there is a more standard feel to their platform. We also use Cisco ISE, and it has a very different feel from Cisco Umbrella. We also have some Meraki products which feel very different from others. It's like you have to learn something new with every product you buy.

We've had Cisco ASAs, but we're just in the process of replacing them with Firepower, so Firepower is quite new. We've been using Cisco Umbrella since 2020.

We have a good Cisco partner called Ping Network Solutions in Scotland, so anytime we need to reach out for a bit of advice, we can ask them. We had good pre-sale support with Cisco as well to ensure that we get the right products that match our requirements. I'd rate their customer service a nine out of ten.

Positive

Instead of Cisco Umbrella, we used Zscaler for web filtering, but we've always had Cisco firewalls.

When we switched in 2020, Zscaler didn't seem to be developing their product as well. It didn't match our requirements anymore.

I was involved in its deployment although I had a technical team working underneath me. It was easier than Zscaler because Zscaler made us have two instances, one for staff and one for students. It was very complicated, and we had to route traffic in different ways. Being able to do it by DNS with Cisco Umbrella was just easy.

I managed the team that was deploying it. My role involved making decisions about what traffic and which groups of users we put through first, some early field tests, and things like that.

We did it all by ourselves.

We have seen an ROI. With Zscaler, we had more operational issues than we've had with Cisco Umbrella.

You get what you pay for.

We use Cisco Firepower, and we use Cisco Umbrella. Currently, these two products are not very integrated. We don't have the complete suite of Cisco solutions. We just have two that aren't joined. We also work with other technology partners, such as Microsoft, but in terms of the perimeter of our network, it has always been a solid product like the Cisco firewall.

I'd rate Cisco Umbrella a nine out of ten.

We use Cisco Umbrella to protect our DNS queries and the traffic going out.

Cisco Umbrella is transparent to my users; they are unaware of its presence. The documentation they use is solely for the IT staff. It is functioning exceptionally well, to the point where I no longer require extensive documentation for its operation.

It has reduced malware and mitigated risks associated with email links and various other factors, resulting in cost savings.

Cisco Umbrella helps secure our infrastructure, enabling us to effectively detect and remediate threats. Apart from host-based firewalls or malware attempting to bypass threat detection, we currently do not have any other alternatives. Although there may be competing solutions available, we have been using Umbrella, and it has served us well.

Cisco Umbrella helps free up IT staff time indirectly by reducing the number of calls we receive regarding malware or bad calls.

Our organization improved its cybersecurity resilience by effectively blocking threats with Cisco Umbrella.

We used one feature, which is aimed at protecting our users from accessing malware-infected websites and encountering associated problems.

I am unsure if Cisco Umbrella offers a Windows option for running the server. However, since I am not familiar with Linux, I had to rely on someone else to handle that aspect. I'm not completely convinced that using Windows would be a superior solution, as Linux is generally regarded as more stable. However, it would benefit individuals like myself who are unfamiliar with Linux.

I have been using Cisco Umbrella for seven years.

I haven't needed to reboot the servers for years due to their excellent stability.

For the size we have, Cisco Umbrella has worked out really well in terms of scalability.

The solution that was previously used was acquired by Cisco and turned into Umbrella.

I have seen a return on investment using Cisco Umbrella.

The pricing model is easier compared to some of the other solutions, and it is also competitive.

I rate Cisco Umbrella a nine out of ten.

I recommend that people try Cisco Umbrella because I believe it is the best option available.

I have never needed to utilize technical support because the solution has consistently functioned effectively.

We use Umbrella to front-end all of our DNS requests and that way they protect any of our end-users from going to any kind of malicious site. It doesn't matter if they're in-house in one of our locations, or if they're remote and working from home. That was the biggest part was the fact that we could protect our end-users, even when they're not in the office.

We were actually trying to solve other challenges, which included just to protect the onsite, but once COVID hit, it pretty much made it a very easy transition for us. At one point, when COVID was at its highest peak, we had everyone working remotely. We didn't have to worry about how we were going to restrict our access on the internet, because Umbrella was already handling that for us.

It made us more secure, which is a very important thing for a financial institution.

The support for hybrid work was the biggest thing. It protects our users, whether they're in the office or they're out of the office. We get the same policy in both locations. We can assign policies based on individual group memberships and it travels with them no matter where they go. It helps no matter where they are.

Since it's based on user DNS requests, it's right from the endpoint all the way through the network to be able to identify those locations and restrict access if necessary. It's not just the malware sites, which is very important, but it's also just content in general. There are business reasons for restricting access to certain content.

Since we implemented Umbrella, we are seeing a fairly significant amount of threats being blocked. A good 20 percent of all the activity, on average, that we see is actually being blocked by Umbrella, because it's either violating policy or it's some kind of malware.

Both monitoring the activity, so that we can investigate anything that may pop up, and the ability to restrict the access, or filter out what content end-users can view or go to [are valuable features of Umbrella]. Also, the fact that it blocks them from any known malicious locations.

It works really well and the best part about it is the fact that it's transparent to the users until they try to go somewhere that's either restricted because of content or restricted because of the fact that it's malicious. Then they simply get a popup and that's all there is to it. So from their perspective, it's very easy. They don't have to do anything in order for it to work.

There is a single portal that we go to that handles being able to set up policy, look at activity, or even manually add sites that we think that we want to restrict, even if it's not considered a particular category or a particular malware. The single-pane-of-glass management is very important. We have a very small team. We can't spend a lot of time going from product to product to product to either investigate or set up policy. We need to have one place that we can go to and set everything up.

It's really easy. It's an easy portal to go to, it's cloud-based, so we can get to it from anywhere. The ability to set up the policy is pretty straightforward. There are a lot of tie-ins with other products, like SecureX and other things, that make it just as easy.

It's cloud-based, so as long as you can get to the cloud, you're golden.

The only thing I can think of is that I'd like to see a little more flexibility in policy creation. The way that policy is currently structured is like a "first hit succeeds" kind of policy. It would be nice if it were more hierarchical.

I have been using Cisco Umbrella for about four years now.

It's been extremely stable. In the last four years, I do not recall a single outage. There has been nothing that I can think of that actually affected the performance of the system at all in the last four years.

We've never had an issue with scale. We've scaled it up to every user that we have in-house. When we deployed the gateways, we deployed two for HA purposes, but from a scale perspective, it's DNS queries. It doesn't take much. Our whole organization is on it.

Support for Umbrella is very good. There's a way to contact them directly from within the portal and we use that periodically.

I give them about a nine out of 10. There are issues with Cisco's tech support, like all the rest of them.

Positive

Umbrella was actually the first [solution we used in this area]. Once we discovered that that was a big hole we had—we didn't have anything that was controlling content for our internal end-users—we could run into problems with regulation, problems with compliance. It could run into issues with HR, as well as security issues associated with malware. We knew it was a hole, that we were missing. Umbrella filled that hole for us.

There were two pieces of the deployment. One was the cloud deployment, which got us set up in the cloud to begin with. We also had gateways that were installed on-prem, in-house.

We were able to get the gateways up and running in about an hour. The cloud deployment was all done by the Umbrella organization on the back-end side. To deploy to the end users, all we needed to do is set up a policy that said, "This is what you use for DNS." Once that was set up, we were done. Deploying that was done in a group policy and that group policy was pushed in a matter of minutes. The entire solution was probably deployed in just a few hours.

We did it all ourselves. Cisco handled the back-end side with the portal itself, but the rest of it, we did ourselves.

I think we got our return on investment within the first month of its use, because of the increased security that we had in the organization; the ability to have a product that is protecting our end-users. We do educate our end users today, but Umbrella doesn't require us to go through as in-depth an education process to say, "Okay, you're going to have to do the research. You're going to have to figure out what sites are bad. You're going to have to figure out where not to go." We don't have to do any of that. That's all handled by Umbrella. We just need to let them know that we're protecting them on the back-end side.

Its value exceeds its pricing.

We looked around to see what was available. There were a lot of content filtering solutions available, but one of the things that Umbrella brings, in addition to content filtering, is that awareness of known threat sites. Their tie-in with Talos, Talos being that organization that does all that research and feeds that into Umbrella, means that we not only have known malware sites from six months ago, but we're getting feeds from Talos within hours.

The impact on our employees' morale has been good. Anytime the employees understand that we're doing something from a technology standpoint to secure the organization more, that makes them happy. It's something that they don't have to concern themselves with as much and it improves morale quite a bit.

Resilience in cyber security is extremely important. We're a financial institution, so cyber security is very high on our organizational goals, all the time. Making sure that cyber security is resilient against any of the latest attacks that are coming out is extremely important. It's a constant thing. Cyber attacks are increasing every single year. The methods that are being used are increasing every single year. If something were to happen, not only would we have a financial impact, but we have a reputational impact. For a financial institution, a reputational impact could be just as devastating as a financial one.

Umbrella helps us with that overall security. It gives one less attack vector for the bad guys to get into. We're protecting those end-user devices and we're protecting those end-users from going to places that could be malicious. The fact that it's doing that for those end-users increases our overall security without us having to rely specifically on end-user education in that particular attack vector.

For leaders who are looking to increase resilience within their organizations, I would say that what is necessary is to do as much security, in-depth, as you can. That includes using Umbrella to protect your users and using lots of other security products and being able to secure every aspect of your organization.

I would rate Umbrella absolutely a 10 out of 10. It's literally a lifesaver when it comes to being able to protect our endpoints.

With Cisco Umbrella, our clients usually always start with simple needs such as URL filtering and move to providing a consistent experience whether the employees are at home or in the office. We also have clients with a large Cisco Meraki portfolio. Umbrella ties into Cisco Meraki. You can log into one place, configure your policies for your users when they're away from home, but then those policies can be pushed down to the Meraki deployments. So if you've got 100 branch offices, which some of our clients do, it's one click to edit a policy and have it be effective in all of the branches. It will also be effective for the home users. Through a single pane of glass, you can have a consistent policy everywhere. This comes down to the integration that Cisco has built into the different products.

Cisco Umbrella's integration with other solutions has been a great feature in terms of ease of administration. Administration and troubleshooting are faster. The single pane of glass is great as well. Another great feature of Cisco Umbrella is remote browser isolation. With this feature, you open a virtual browser, and it's seamless to the user. If the user ends up going to a bad website that's passed a policy and something bad tries to download, it will not download into the machine because it is a virtual window somewhere in the cloud. You are protected by this feature.

The integration between Cisco Secure products is a lot better now than it used to be, especially with Cisco SecureX knitting everything together. Previously, they were solutions on their own with a single dashboard, and it made troubleshooting difficult. You may have contained a threat from one place but not in another place. Cisco has worked hard over the last three or four years to allow these products to inter-operate, which makes troubleshooting and finding threats a lot faster.

The benefit we have seen from using the Cisco Secure suite is the threat response. When you have a product on its own, there might be a threat, and you can click a button, deal with it, and think it's done, but you would have to rely on someone to go and check the other products. With integration, you don't have to do that. You can log into a single dashboard like SecureX, which fits everything together. Even Umbrella ties in with Meraki, Cisco Secure Firewall, and Endpoint. Thus, you can be quite confident that if you contain the threat in one place that it's automatically contained in other places as well.

Threat hunting with Cisco Secure is easy with Cisco Threat Response and SecureX. When the suite of products are tied in with SecureX, you can then dive into one dashboard when there is an alert. With a couple of clicks, it will launch Cisco Threat Response. You will be able to stop the threat at the endpoint or firewall and also see what other devices are potentially compromised. If it's bad software, you can make sure that if it's detected again that it's never allowed into your network. The client that's compromised can be shut off completely. Before integration, you either wouldn't have been able to do that or it would've been a long-winded process. Then, the damage might have already been done because the threat response came too late. Integration has enabled faster threat responses.

I would like to see more integrations with more products. Some of the integrations need to be simpler as well. For example, the integration with Cisco Secure Firewall could be simpler.

It would be good to make reporting simpler. For those who don't use SecureX, it would be good to make Umbrella really simple to use upfront. It's not a difficult product, but it can be daunting for someone who isn't exposed to it because there are so many options.

We've been using Cisco Secure products for 20 years, and we've been offering Cisco Umbrella since its inception.

We use several Cisco Secure solutions including Firewall, Analytics, Umbrella, Endpoint, and Client.

As an intermediary between Cisco and our customers, the value we add is not only the experience but also the relationships we hold within Cisco. We may know the answer to a customer's question because of our experience. If we don't, our relationship within Cisco is such that we can go straight to the person we need to ask. It shortens the process, and we can deliver the solution faster than the customer going directly to Cisco.

Cisco Umbrella's stability and availability have been 100% uptime since inception. This stat has never gone down.

Because Umbrella is a cloud-based solution, it doesn't matter if you are putting five users through it or 5,000. All of the heavy work of processing is done on Cisco's cloud platform, and it'll always give you 100% uptime.

Deploying Umbrella is really easy. The initial deployment can be done in one to two days. More advanced deployment including creating policies is also quick and can take a few hours to two days because it is cloud-based.

You don't always have to deploy Umbrella live straightaway. Umbrella can be deployed in monitor or audit mode so you can see what's going. You can then use the data to create the policies. That is, you can deploy it without affecting anyone initially just for the visibility and then build policies on the back of it.

Testing is easy as well, which means that you can test the data you've gathered on a small set of pilot users.

To those thinking about Cisco Umbrella, my advice would be to take up the free trial. It takes just a few clicks to deploy it in monitor mode, and you won't be affecting live traffic or your user base. You will be able to see the level of data you get of what all your endpoints are doing.

Given where Umbrella is today and the benefits it offers, especially compared to the competition, I would rate it a nine out of ten.

Our partnership with Cisco is very positive, from our account management team to the systems and sales engineers, to TAC for support. This is because Cisco has a knack for getting us in front of the right person, which is so useful. Other vendors aren't always as good. With Cisco, if you say you need someone who's an expert in deploying Umbrella or Meraki, they'll get you that expert. And no matter what question you throw at them, they'll have the answer. If someone says they're going to get you an answer, they do. That's the power of the partnership with Cisco. They're sort of a trusted partner. 

The benefits we get from partnering with Cisco are first of all access to Cisco's expertise to deploy these products. This means we get to know about the products in a bit greater detail than we would of if we weren't a partner. By knowing about the products in greater detail, we can then offer them to clients. 

Being partners, you get partner benefits, discounts, and the like. But it's more the knowledge. If we know the products on a deeper level, we can offer them to a client. We can show the client the value add of Umbrella versus a competitor's product.

The benefit that Cisco gets from Vohkus being a trusted partner, is that they know when we deliver a solution, we deliver it right. We deliver it to a standard that Cisco would be happy with. Cisco benefits from this partnership as they get fewer TAC calls because if we've deployed it correctly, the customer won't have to speak with them. Equally, if we've deployed it correctly, we don't have to go speak to them, so we're cutting down on costs, but there is also the brand reputation that's being maintained. If we deployed a Cisco solution and did it badly, it'll look bad on us, but the client will think it could be the Cisco product. By us deploying it correctly with our experience and knowledge, Cisco would know that that solution's going in and the customer isn't going to think, "Oh, it's Cisco that's the problem," if something goes wrong. That brand integrity is maintained.

We use Cisco Umbrella to secure our gateway. All of the DNS forwarding coming out of the company from any site or all the DNS requests are forwarded through Cisco Umbrella, and then they determine if that is a safe address and if the content coming back is safe. They will either reject the addressing out of hand, or they'll look at the Layer 7 content and reject that from making it back to us.

We are using the Secure Internet Gateway (SIG) Advantage package. In terms of deployment, effectively, it's deployed from our private cloud. It's in our data closet on our servers.

It enables us to finally allow laptops to be used as workstations and allow data to leave the building. In the past, laptops were only used for VPN access, but they would connect back to their data inside the company. This has allowed us to have a level of confidence that they're protected as if they were behind our firewall. So, now, we've got work-from-home people who literally have their workstations with them.

We have six sites with 60 to 70 users. The baseline configuration allows for additional protection for any DNS requests as they leave those sites, and then the secondary policy is for the mobile devices as they leave the premises. When they're connected to public WiFi, they have an additional policy that kicks in for that time that they're not connected back to the company. So, when they're on public WiFi without a VPN, the tool will actually put that second policy in place that's more aggressive and offers a higher level of protection when it's not sitting behind the firewall. All that is automated. It's all built into the agent.

We don't allow WiFi inside of our network for connection to our actual business network. As soon as a device is docked, it disables WiFi on that mobile device.

When we have laptops that leave the building, they could connect to public WiFi before they establish a VPN connection back into the company. For that duration or that period of time when they're not docked in the network or on a VPN, they effectively don't have that full layer of security that I provide inside the building. This tool stands in during that period of time, and we extend the security settings through their basic firewall or their cloud-based firewall at that time. So, we do content filtering and control access, but they also are looking at new domains, IP addresses, and bad requests. They're blocking them on my behalf when a laptop is not sitting behind our security appliances.

There are a couple of interface issues. I know that they say that there are feature enhancements that are noted. For example, we've got the Cisco Meraki security appliances, and there, we geofence our company to where we're allowed to send and receive traffic. So, in our case, by default, we only allow traffic to six different countries, which allows us to effectively prevent traffic for the majority of bad players in the world, but they don't give you an easy way to do that in Cisco Umbrella. With Cisco Meraki, I can specify or pick the countries. I can say that I want to only allow traffic from these six countries, and I'm done. With Cisco Umbrella, I have to rely on the fact that they're going to prevent traffic to other countries. They're going to decide if it's good or bad. I can't geofence out. I can plot top-level domains, but .com and .net go global. I can certainly block a China (CN) or a Russia (RU) domain, but that doesn't give me the same level of granularity. 

Apparently, Cisco Umbrella has got that as a feature request to allow an administrator to say, "I specifically only want traffic to and from these countries. Everything else should be dumped." That way, when they're sitting behind my network or they go out in the wild, they have that same level of traffic being blocked.

I have been using it for 14 to 15 years.

We've had no issues. It has done exactly what it's supposed to do.

It is cloud-based. So, scalability should not be an issue. 

Any increase in its usage is all relative to the growth of our staff. Currently, we deploy the laptops for people who need to work from home or are traveling between the banks. That's roughly about 20% of our total staff. Some people aren't going to be working from home, and some of their jobs can't be done from home. They have no need for mobile devices. If there is a need to work from home, its usage will increase. It is there if we need it to scale, but at this point, it is not scheduled to change.

Once I became a paying customer, it was much better. The preliminary training is there, but when you get into the nuances and the details of some of its capabilities, you need to talk to tech support. Once you're a paid customer, you get direct access, and then it's good. When I'm able to get a hold of them, their technical support is a 10 out of 10.

Positive

I didn't use any similar solution previously. 

I was a hundred percent involved in its deployment. We had a couple of issues. The proof of concept was done without a lot of planning. So, there were some mistakes made along the way. If I was doing it again the second time, I wouldn't make the same mistakes. 

The default configurations have your baselines. Those are never supposed to get changed, and I changed and tweaked those for our proof of concept. After a couple of weeks, I had some additional guidance from the Cisco Umbrella team. You leave the baseline configuration, and then you clone and create a new configuration that sits in front of it. So, everyone gets the baseline, and you don't change that. If you want to change it, you make a new policy and then make the changes to that. If you change the baseline default policy and you make a mistake in it, you've to back that all out. If you make it in the new policy, in the worst case, you just delete it, and automatically everyone goes back to baseline. So, there's still a policy in effect. That was a training issue that should have been resolved. Now that I've done it, if somebody asks me, I would say that this is the way you've got to do it.

It was just me taking care of its deployment. In terms of maintenance, once it's configured, unless you're retweaking and adding or removing something that was blocked, it pretty much runs itself.

I have less maintenance to resolve, fix, and reconfigure VPN clients personally, and the feedback from the end-users is that they're more productive.

We were using the free version, and we implemented the paid version about two months ago.

I'm paying a fair price, but everything is negotiable with Cisco. One of the benefits that I got by having Cisco Umbrella is the licensing of the Cisco AnyConnect VPN client. There has always been an issue for years and years with Cisco Meraki in terms of VPN clients and using the native built-in Windows client. It keeps reconfiguring itself. By using Cisco AnyConnect as the VPN client, it's not affected by Windows patching or people typing in passwords by mistake. It's more resilient and doesn't change. With just Meraki solution, there was an extra expense for the Cisco AnyConnect VPN client. By having Cisco Umbrella, that licensing is now included.

There were a couple of other options, and I discussed them with another consultant. As a regulated industry, we have to do vendor management, and vendors have to be vetted. So, Cisco was already a vetted vendor. There are other companies that do the same thing, but Cisco didn't require me to do any more vetting. They were already a vendor.

When it's configured the way it's supposed to work, it turns itself on and off based on the status of the VPN or the dock condition. Once it's configured, it does exactly what it's supposed to do. 

If you're doing a proof of concept on it, fully understand how the policies are configured and what the flow is. You should understand the hierarchical status of the policies to configure it right the first time. You don't really want to guess it.

I would rate it a 10 out of 10.

I use Cisco Umbrella mainly for content filtering. We use it to ensure that my users don't access something they shouldn't be accessing. It's just like pushing and scan prevention.

There are a countless number of attacks that Cisco Umbrella prevented from happening in our organization.

Suppose we see a very silly entry where a bad actor tries to impersonate a good website or service we continuously use. They buy the domain, misspell it somehow, and then inject that in a link. Suppose my email scanning tools did not detect or notice that for one reason or another, and we identified it later. We immediately block impersonating users from accessing services over Cisco Umbrella-controlled devices.

iOS devices and mobiles are huge in my environment right now, and I cannot run them on Cisco Umbrella 24/7. Each user has one desktop but three or four mobile devices on two iPads, and a phone or multiple phones and an iPad, or vice versa. I'd like to turn on my Cisco Umbrella on the network level, at least on my office premise. However, my security team would like to keep all devices on-network and off-network to be connected or managed by Cisco Umbrella all the time. So their use cases are higher and stronger than my mobile ones. Sometimes we try to work around my mobile ones with MDM, but sometimes it would be way more flexible to have both running side-by-side.

Also, in the Apple services or the Apple space, between my Cisco Umbrella and between my Apple updates, something breaks. I'm not sure if it's because of a policy that my company did before I joined them or if it's something that's happening due to a conflict in the configuration somewhere. So we always have to completely get the device or the endpoint out of any filtration to get the policies. We get everything pushed properly from Apple to the device and provision it afterward. Then we add the Cisco Umbrella roaming client to it.

Cisco Umbrella has been running in my environment for about five years, and it was there even a couple of years before I joined my company.

We've never really seen any service outages or downtime with Cisco Umbrella. It is amazing for a product to be running such a long marathon for the amount of time that I have witnessed it.

Cisco Umbrella is very flexible. Before, after, and during the years of the pandemic, my environment went up and down concerning headcount and use cases. Since Cisco Umbrella is pretty flexible, it was able to scale with us.

On the technical side, we always get our questions answered in a reasonable turnover. There was an incident when I had two instances running, and I tried to research it first and run discovery with it. When I couldn't find the answer immediately, we called Cisco, and somebody over the phone was very helpful and told us within ten minutes that it wouldn't work for us.

Positive

The initial setup was pretty straightforward. The solution's documentation is great. My environment needed a little bit of customization to match the deployment configuration or documentation, and it worked fine.

We implemented Cisco Umbrella through an in-house team.

We have seen a return on investment with Cisco Umbrella regarding the working hours and the ticketing. The tickets do not have to get escalated to a network engineer or to a network person to look at. They could be worked on by someone on the app on tier one or tier two before needing an escalation if it even needs it.

I was onboarded to an environment where Cisco Umbrella was already running. I'm sure my predecessor evaluated other products during the same time, and then they decided to start and stick with Cisco Umbrella for the past six-plus years for its efficiency.

The security team deployed Cisco Umbrella in our organization. I deployed the solution briefly on my network infrastructure, and then we decided to switch that off because we noticed a conflict when we had it running at two different places.

I cannot really speak so much on the infrastructure because until recently, whenever we installed Cisco clients on a machine that's running a server, the machine broke. The reason for that is something that happens in the trust relationship between the server and the domain controller. We opened a support case with Cisco Umbrella, and they told us the server was not supported. Servers are not meant for browsing, and the environment that they are in should not be open to the entire world.

My network team is not that large. For content filtering, when a request comes in to unblock a website saying that it is misclassified, it's super easy to give enough access or limited access to the support desk agent or analyst that's getting your clients' calls. The turnover time is much quicker and much shorter. We do not have to deal with maintenance windows or change management times because it's easy to go to a portal or website and change it versus changing a configuration on a firewall. It helps a lot with hybrid environments, especially during the unprecedented times we had a couple of years ago when we all decided to work from home. My environment was 90% ready to work from home, and one of the reasons for that was Cisco Umbrella.

In a 2000-user environment, Cisco Umbrella has helped save at least 14 hours weekly.

Cisco Umbrella has changed the way that we have access to a tool. It helps us do content filtering. I do not need DNS servers running anymore on my network because I identify it on the Cisco Umbrella portal, and everybody gets the configuration within 30 seconds to a minute. I do not have to deal with DNS changes, especially for internal tools and websites.

Cisco Umbrella has helped our organization improve its cybersecurity resilience for the end clients by having that on-off network flexibility. I do not necessarily have everybody run on a VPN all the time.

The nearest product to Cisco Umbrella is not even comparable. Cisco Umbrella's feature richness and compatibility are becoming an industry standard. We do not ask if an environment has a DNS server running in it or not. Instead, today we ask whether that is a Cisco Umbrella environment.

Overall, I rate Cisco Umbrella ten out of ten.

The most valuable features are the dashboard, visibility, and reporting capabilities. Our customers can see how much Umbrella is protecting their organization. If you don't know what you've got, you can't protect it. With Umbrella, we get visibility and see the protection that it's providing. We can get PDF reports on a weekly basis of any malware activities and any denial of service or command-and-control-type activities.

Cisco Umbrella is very simple to administer, and that's what our customers really like. They don't want the complexity that's normally associated with security.

Cisco Umbrella definitely reduced our clients' mean time to repair. It does what it says it does, and it does it effectively.

Cisco Talos is the secret sauce. It's the threat intelligence that feeds security solutions such as Cisco Umbrella. You can have a security solution, but if it is not backed by an organization like Talos and has not been fed, watered, and looked after, then it will be pointless.

Our clients have been able to consolidate applications and tools related to DLP, CASB, web proxy, and SSL decryption. These are natively built into the Umbrella platform. We're now on the cusp of looking at SASE and, maybe, migrating away from the traditional on-premises firewalls and merging more toward the cloud. In the future, as we start the transition to zero-trust network architecture as well as SASE it will certainly help our customers consolidate a lot of their existing tools.

The firewall capabilities could be better. Cisco is starting to introduce some layer 7 capabilities now, but there's still some room to grow. They should continue with the development of Umbrella so that it is a full-blown cloud-managed firewall solution.

We've been using and selling Cisco solutions since Cisco acquired OpenDNS.

We like to use technology first ourselves. It makes it easier to talk about it and sell it. Also, it's a good reference for customers to see that we actually use it internally. Umbrella has been a fantastic solution for us and our customers.

The initial deployment could take a couple of days depending on the deployment model. Cisco Umbrella could be up and running quickly. You can instantly point your DNS servers to use Umbrella's DNS as its recursive DNS, and immediately, you'll be protected by Umbrella. You can take it further and get more granular controls by using AD integration, which can take a little bit longer. From an engineering point of view, it's a very light touch, which is unusual for security solutions. They're normally pretty complex. Cisco Umbrella, however, is a simple but powerful solution.

Given that it's a cloud-delivered platform, Cisco takes care of the upgrades. It requires a pretty light touch in terms of maintenance.

I think Cisco Umbrella is priced well. We have a mix of customers with different verticals such as education. We have clients in the commercial space as well. Umbrella is at a good price point for all of our customers.

We choose to sell Cisco because it has done phenomenally well in terms of some of its acquisitions and the way they've integrated Umbrella. It could be a flagship security solution for Cisco. It's been a game-changer for us and has opened up new avenues and new revenue streams as well.

As a Cisco Secure reseller, we're able to articulate the benefits of the solution to the customer because we are a technically-led organization. We've got a lot of in-house skills within the cybersecurity space. We don't sell for the sake of selling. We want to provide the right solution, and Umbrella is absolutely the right solution as far as we're concerned. It is the leader, especially from a DNS level protection.

Cisco Umbrella is a phenomenal security solution. It's got the right balance between complexity and ease of use. Therefore, I would rate it at nine out of ten.

I had implemented Cisco Umbrella at a previous company. I'm now working at another company where I'm not using this solution. We've got another solution here.

The policy of the company was to make sure all outgoing traffic was sent through a filtering service, and OpenDNS, and then Cisco Umbrella, was chosen for that purpose. Once it was taken over by Cisco Umbrella, it had far more capacity and far more functionality written into it. 

In terms of the deployment model, I just used Cisco services. It would be through Cisco's private cloud. My site wasn't big enough. So, I didn't deploy the Cisco service on-premises. 

It was really valuable to me in protecting the outgoing data of the company. It was good for reporting. Every computer had the Cisco Umbrella program installed. So, I had good reporting on any issues related to outgoing data, such as whether there were any phishing or dodgy sites connected. It protected that part of the business.

A combination of Cisco ASA, Cisco Umbrella, and Cisco AMP connecting to the SecureX portal gave me all-around security for the site because they all reported into a central reporting server. If there were any issues, I could have got full details, even if a crypto locker attempt was made. I never had any security incidents that I'm aware of. So, it was a very effective tool.

It kept itself updated. So, I didn't have to worry about continuing to push out new installs of the program.

I felt safe, supported, and secure, and so did the owner of the company. It worked silently in the background, and no one else really knew it was working on their computers. When we went into lockdown with COVID, I was happy knowing that all the computers that left the business had the app installed and were going to be functioning securely. We got no viruses and no issues on any computer on the network, which is quite unusual. A lot of other people or a lot of other companies I spoke to reported that they had quite a few issues.

It worked 100% in terms of applying and maintaining network connectivity consistently across all workplaces. We never had any issues. The only issues we had were when sites might have been blocked because they were suspected of being within a filtering group. It would report back to the user and say, "This site is currently blocked by your administrator. Please click this button. An email will be sent to your administrator, and they can resolve the issue." I would then get the email, and I'd look at the site, and then I'd release it through whitelisting. It was very user-friendly in that regard.

It certainly helped to remediate threats more quickly because I was able to stay free of any virus outbreaks. It definitely locks out that part of the transmission where the virus will go out and attempt to download a package.

It worked silently and didn't use too many computer resources. It was really silent in its operation on the network. It had a really good impact on me. I'd love to put it in my new company, but we've gone down a different pathway. That's being resolved through Office 365 now, and I'm not proposing to change that technology.

I wanted to ensure that all outgoing traffic went through Cisco AMP servers. So, if we did get a crypto locking incident or any malicious sites that wanted to direct traffic to particular websites, they would be unable to do that because they would be blocked by the Cisco Umbrella DNS servers.

It also did website filtering for preventing access to porn sites and gambling sites. It had all other standard features. It had a good section where you could whitelist and blacklist websites.

I was able to implement it myself. It was really easy to install. You could install it on a server locally if you want to. If you have the biggest site, you would do that, but for my site, it was just directing all the traffic out through the Cisco Umbrella DNS. It was really handy. When the owners of the company went overseas, I knew that they would be secure because even if they were not on the company network, they would still go through the Cisco Umbrella servers. It was a complete solution for protecting the company with outgoing data.

The other useful feature was that if we were to get a malicious actor onto a server or service running somewhere, it would still have to go out through the Umbrella servers. So, it would more likely be blocked through there. It had multiple features that were super handy.

It had the ability to do a lot of app control. So, every single app that went through that portal was registered, but there is a general issue with the whole app control. As soon as you add a mobile phone to your network, all of the apps get registered through the system, and you can approve, reject, or just let them go through. When I looked at it, it was impossible to manage app control. There was just so much data. I didn't apply that service because I just didn't have the time to manage it. It would be good if there was a way to categorize applications. However, that's dangerous too because you can be turning off an app in a group because you don't know what it is doing. It could be a vital company app. So, App control is the main area in which they need to keep working.

Originally, Cisco Umbrella was called OpenDNS. I have used OpenDNS and Cisco Umbrella for about six years.

It is very stable. I never had any issue with it.

It is highly scalable. You don't even have to install it on your computers. You just change your DNS, and it'll start to work internally immediately. I never had any issues with performance or anything like that. I'm sure it would suit larger companies as well, but larger companies would install their own Umbrella service on their own systems and deal with the capacity that way. So, it is very scalable.

Their support is good. They always got back to me and answered issues. They showed me how to do my own debugging. They were always very professional and helpful. I would rate them a 10 out of 10.

Positive

We previously used proxy servers, but I wanted a more modern interface, and that's why I chose Umbrella.

It was super easy. I'm a general IT person, and I was able to deploy it. I read the documentation, changed some settings, changed the DNS on my servers, and then rolled it out to the team. It was a pain-free implementation.

I deployed it. It was pretty intuitive. I didn't have a consultant help me. I was able to implement the solution myself and manage it myself. That's a really good rating for an application. There are different systems you get to manage these days, and you can't have training on all of them. Because I rolled it out, I knew I rolled it out properly, and the system was working effectively. It was good. I liked using it.

The return on investment was that we kept the company secure. Nothing happened, which is the ultimate return on investment.

It was a little bit expensive on a per seat basis, but the company I was running was only a midsize Australian company, and it was a reasonable budget per computer for that system.

It started off being a free product, and then Cisco bought it, and it went to a reasonable price. I was using Cisco AMP as well. So, my per computer cost was reasonably high, but for a small company, it was within an acceptable level.

Not having reviewed other systems, I can't tell how they compare, but I know that when you do special security licensing with Microsoft, it is on par. So, it is probably standard within the industry.

At the time, we were using OpenDNS, and then OpenDNS went to Cisco Umbrella. Because we'd had such success with OpenDNS, we just stayed on with the product. So, I didn't evaluate any other products at that time.

It is just another layer that you need to wrap around your company to keep it safe unless you could just shut off that possible attack vector from external parties.

To leaders who want to build more resilience within their organization, I would say that they've got to keep doing it, and they've got to keep working on it. I'm constantly looking for better ways to secure the company. Cisco Umbrella would be a very useful addition to their set of tools. 

A part of my plan in the long term was to implement the full suite. I never got around to that, but it was really good to know that I could go right down to app-level control. It was a very successful product, and I'd certainly recommend it to any business looking to just add another layer of security around their company.

In terms of providing a single pane of glass management, security does involve multiple systems, and I could log them all into the Cisco SecureX system. From there, I could get my single point where I could resolve issues with viruses, et cetera. So, in itself, it was a single pane of glass for DNS protection. It was fine, but I don't think there is ever going to be a single pane of glass anywhere. You're always going to have many different systems that you're using, but overall, it had a lot of features. It did the job it needed to do.

I would rate it a 9 out of 10. It is just app control that I want them to develop more.