Cisco Umbrella Reviews

The most valuable features are the dashboard, visibility, and reporting capabilities. Our customers can see how much Umbrella is protecting their organization. If you don't know what you've got, you can't protect it. With Umbrella, we get visibility and see the protection that it's providing. We can get PDF reports on a weekly basis of any malware activities and any denial of service or command-and-control-type activities.

Cisco Umbrella is very simple to administer, and that's what our customers really like. They don't want the complexity that's normally associated with security.

Cisco Umbrella definitely reduced our clients' mean time to repair. It does what it says it does, and it does it effectively.

Cisco Talos is the secret sauce. It's the threat intelligence that feeds security solutions such as Cisco Umbrella. You can have a security solution, but if it is not backed by an organization like Talos and has not been fed, watered, and looked after, then it will be pointless.

Our clients have been able to consolidate applications and tools related to DLP, CASB, web proxy, and SSL decryption. These are natively built into the Umbrella platform. We're now on the cusp of looking at SASE and, maybe, migrating away from the traditional on-premises firewalls and merging more toward the cloud. In the future, as we start the transition to zero-trust network architecture as well as SASE it will certainly help our customers consolidate a lot of their existing tools.

The firewall capabilities could be better. Cisco is starting to introduce some layer 7 capabilities now, but there's still some room to grow. They should continue with the development of Umbrella so that it is a full-blown cloud-managed firewall solution.

We've been using and selling Cisco solutions since Cisco acquired OpenDNS.

We like to use technology first ourselves. It makes it easier to talk about it and sell it. Also, it's a good reference for customers to see that we actually use it internally. Umbrella has been a fantastic solution for us and our customers.

The initial deployment could take a couple of days depending on the deployment model. Cisco Umbrella could be up and running quickly. You can instantly point your DNS servers to use Umbrella's DNS as its recursive DNS, and immediately, you'll be protected by Umbrella. You can take it further and get more granular controls by using AD integration, which can take a little bit longer. From an engineering point of view, it's a very light touch, which is unusual for security solutions. They're normally pretty complex. Cisco Umbrella, however, is a simple but powerful solution.

Given that it's a cloud-delivered platform, Cisco takes care of the upgrades. It requires a pretty light touch in terms of maintenance.

I think Cisco Umbrella is priced well. We have a mix of customers with different verticals such as education. We have clients in the commercial space as well. Umbrella is at a good price point for all of our customers.

We choose to sell Cisco because it has done phenomenally well in terms of some of its acquisitions and the way they've integrated Umbrella. It could be a flagship security solution for Cisco. It's been a game-changer for us and has opened up new avenues and new revenue streams as well.

As a Cisco Secure reseller, we're able to articulate the benefits of the solution to the customer because we are a technically-led organization. We've got a lot of in-house skills within the cybersecurity space. We don't sell for the sake of selling. We want to provide the right solution, and Umbrella is absolutely the right solution as far as we're concerned. It is the leader, especially from a DNS level protection.

Cisco Umbrella is a phenomenal security solution. It's got the right balance between complexity and ease of use. Therefore, I would rate it at nine out of ten.

I had an agreement with OpenDNS which was the original owner of the solution, and I was selling it as an MSP. In Spain, I offer it to a company called Ares Capital. At the start, it was designed to filter URLs for sites that management didn't want the people to access, such as adult sites and social media sites that may cause a loss of work time. A few years later, the solution introduced the ability to filter malware sites. We used that not as an accessory characteristic, but as the main characteristic. We moved from filtering unwanted sites to filtering malware and virus-infected sites. We still use some filtering for unwanted sites, but mostly for security reasons.

Cisco Umbrella was designed to allow hybrid work. When the COVID pandemic started, we didn't have to do anything at all because the computers were already set up for remote work. With Cisco, it doesn't matter where the computer is as long as the computer is using the DNS servers that Cisco Umbrella works with. If it's part of a laptop or wherever you are in the world, it works exactly the same as being in the office. 

It is very important the solution provides a single pane of glass management for our organization in order to help manage the complex software and programs that companies use. This saves a lot of time for managers.

The single pane of glass management optimizes the user experience by allowing the user to access restricted sites much faster and easier from a centralized location.

Cisco Umbrella helps us remediate threats quickly. The solution doesn't work with our internal network, it instead works with the DNS servers that are located all around the world. This means Cisco Umbrella doesn't have any effect on our network whatsoever. In fact, Cisco Umbrella is totally different from other solutions that are locally based, which filter on routers or firewalls. The solution acts as an outside firewall. The rules that are set up on the Cisco Umbrella management site affect the connection between the computers everywhere, but it doesn't slow them down.

The employee morale has improved with Cisco Umbrella because they don't need to be as cautious when visiting sites knowing that the solution is taking care of their security for them. The only thing that could happen to an employee is that they may need to access a site that is blocked and they have to report that blocked site. When a site is blocked for an employee, a page appears on their computer and they can report that blocked site from there. The employee can send the administrator a direct message requesting access. A blocked site occurs infrequently and the administrator can unblock the site quickly.  

The most valuable feature is the ability to filter malware sites that could infect clients or allow them to download infected files.

Cisco Umbrella is one of the best solutions in the market because it's very simple to use and very simple to set up. We require some knowledge of filtering rules, but it doesn't take that long to get familiarized with them. We can manage all the working locations, even if they are far away from a single point and the solution is easy to use. The vendor is a pioneer in the central management of security compared to other antivirus companies.

Cisco Umbrella provides a single pane of glass management.

 Cisco Umbrella doesn't slow the network down because it filters outside of the network.

Cisco Umbrella is not a solution that we can rely on for everything, but for the cost, it is a valued layer of defense that we can depend on. Cisco Umbrella's resilience complements any antivirus solution well. The main advantage of Cisco Umbrella is that it stops attacks from happening before they reach the antivirus solution.

Cybersecurity resilience is important to our organization because we provide software-driven services. We need to contact people from all over the world, We need to be able to navigate through many different sites safely. This gives peace of mind to our customers. We visit thousands of websites every year and it is important to have a solution that takes into account that we are not visiting the same websites repeatedly.

The rule-making process for blocking sites or for blocking characteristics can use some simplification. For example, types of malware. This would make it easier to use because it has a learning curve.

There is a possibility of creating users that have explicit permissions to access sites that nobody else should access. This process can be cumbersome and it would be helpful if there was an easier way to create users and assign roles to special users.

Cisco could ease the process of defining the number of licenses and the price considering the number of licenses we require. Currently, we have to get a quote for anything over 100 licenses.

I have been using the solution for ten years. Before the solution was acquired by Cisco it was OpenDNS Enterprise.

The solution is extremely stable. 

Maintaining network connectivity is very easy. We have not had any downtime in over 10 years. Cisco Umbrella doesn't work directly through the network. It works with the DNS servers that are outside of the network. The network itself doesn't affect it at all. Cisco Umbrella doesn't affect the internal workings, hardware, software, switches, or routers. As long as we have set up the DNS correctly in the computers, either locally or through Active Directory, everything works no matter what happens with our network.

The solution is scalable. We started off with around 40 computers and now have over 200.

I contacted technical support two or three times by email because I had doubts about a rule, but it was pretty straightforward. They responded back within 24 hours. I'm not sure if we can contact them now by phone because I have only used the email method.

Positive

Previously, we were using an antivirus company for antiviral protection. The problem with antivirus is that it's reactive. It does not proactively avoid infection. Cisco Umbrella is proactive because it blocks sites before we may get an infection. We don't react to infections; we proactively avoid infections. Although there are solutions now that do the same, Cisco Umbrella was the first to market.

The initial setup is straightforward and only required one person. Setting up the solution usually takes between 30 minutes to an hour. However, the rules are always changing, so we never truly finish setting it up. We're always changing the configuration of the sites by blocking or allowing or adding new sites to the blacklist or whitelist. 

To change the local DNS settings to use the Cisco Umbrella service, we only need to make a few changes. If the computers are connected to Active Directory, we can deploy the configuration through Active Directory so we don't have to mess with anything else. The solution is based on the cloud, so we get a lot of detail and granularity in what sites the computers can access. However, if we want more detail, we can install a small agent on the computer so they can report to the servers.

The implementation was completed in-house.

We have definitely seen a return on investment given the low cost of the solution.

Cisco has a set price for a single license up to 100, but whenever we get over 100, we have to ask for a quote. Sometimes requesting quotes makes the process a little harder because people's trust waivers when having to ask for quotes. We want to see the prices upfront.

I give the solution a nine out of ten.

The solution is very good, one of the best in the market because it is so easy to use and so easy to manage even from far away distances. The company has four locations, one in Madrid, one in Valencia, another in Alicante, and one in Barcelona. The solution allows me to manage all the sites from one location easily.

Given the rise in attacks and virus infections all over the world recently, it is important to have layers of security. The less intrusive solutions are better for us. I believe that Cisco Umbrella is a solution that everybody should have because the solution is easy to set up and manage. Cisco Umbrella gives us peace of mind, which is why I believe it is a great solution. I had problems in Spain when I tried to set up Cisco Umbrella for other companies but this was because people didn't know about the solution or trust it as much as they should.

Initially, we implemented the solution for the central branch in Madrid, and after that, we implemented it in the regional branches. We then differentiated between departments, and in the end, we were managing departments and offices.

As a Cisco partner, try to test things on our own before we position the product to our customers or educate partners on it. So, the primary use case was to test things out and to be our own first customer. We started using it internally for our own purposes to secure our access to the internet with Umbrella.

We use Cisco Umbrella to secure internet connectivity and especially to focus on the threats introduced through web browsing. This is because most of the applications the workers use are browser-based.

The traffic, by default, is typically encrypted with HPS, and we use Cisco Umbrella to get more insight into that traffic. The classical security appliances have very low visibility into them. This is where we see Cisco Umbrella have the most traction.

In general, it increases the security level. It helps us prevent threats from being accessed. Also, the visibility into internet bounce traffic is increased. So, in general, it increases the overall internet security of the organization.

One valuable feature is definitely its simplicity in terms of deployment. It is very easy to integrate it into the environment without any heavy lifting. Users didn't notice that we implemented it. You can start with a very low monitoring mode and start observing what Cisco Umbrella sees.

In terms of helping workers feel safe, secure, supported, and included, the solution is pretty transparent to the end user in most cases. They don't necessarily get any confidence from it, but it's supposed to be that way. It's supposed to be as transparent as possible. However, when the end-user accesses a site that is blacklisted or treated as potentially suspicious, he or she will see a warning displayed. This gives them additional confidence that somebody else is taking care of the details and that they can confidently browse around. If they come across a suspicious site, they know that they will get a warning or advice on how to proceed.

Cisco Umbrella supporting hybrid work environments is important. Within our organization, even before COVID, a lot of us worked remotely from time to time. For companies that we work with, it has become a reality with COVID. Before, everybody was working on site, and now, that's no longer the case. It is important to have flexibility and know that even if we work from home or from another place we're still secure.

For all Umbrella-related things, it does provide single-pane-of-glass management, but it's one component. If I look at the typical employee, he is only one piece of the puzzle. Other solutions, like, for example, AnyConnect for remote access, are managed separately. For Umbrella-specific items, it's a single interface for management. For monitoring, policies, and troubleshooting a specific case, everything is in one place. I don't need to go through the logs to know where to look.

My organization is not very large, and I'd say my colleagues are pretty proficient. So, it's not a high priority to have single-pane-of-glass management, but it's always good if solutions are capable of integrating together. If by enabling single-pane-of-glass management the workflow is simplified and the day-to-day operations are a little easier, then that's something we definitely want to benefit from.

The administrator user experience is definitely optimized by single-pane-of-glass management, especially if the personnel are busy. Then, it helps if all the relevant details are in one place.

In terms of maintaining network connectivity, Umbrella on its own is pretty user-friendly. It is easy to set up and maintain. It's one of its strong suits.

For the branch and campus, it's very simple to apply and maintain network connectivity. For the home environments, there are options to integrate it into the employee's PC as well. Cisco Umbrella supports different methods for different environments so that you can achieve the level of implementation that you need. It's where it should be.

It's very efficient in securing the infrastructure from end to end so that we can detect and remediate threats. You can simply adopt it right into the environment, and you don't need to build the rule sets on your own. It utilizes best practices, and it's very easy to set up policies such as potential malicious categories on the internet, what you want to block, what you want to filter out, etc. It's very easy to implement those.

When you go through the reports, you can see what kind of threats were blocked. Luckily, we haven't had an incident where something got through and caused a security incident.

In terms of metrics on how Cisco Umbrella has been able to remediate threats, the numbers look pretty impressive. However, it's hard to assess how serious that potential threat really was. It's hard to put actual weight on the numbers to determine how meaningful those numbers are.

The value that resilience helps offer in cyber security is pretty high. Cyber security resilience is a high priority in our organization. It's important to our customers that we handle what we do for them in a secure manner.

I'd like to see this solution more closely integrate with other products Cisco has in its portfolio.

I would also like to be able to manage the identities, for example. If you define them in ISE, it would be good to be able to use the same identities also within Umbrella. It would simplify the use of multiple products within the organization from the same vendor.

I've been using it for about three years now.

Stability-wise, Cisco Umbrella is pretty robust. The uptime statistics are very high. There are, generally, no issues with stability.

Our organization isn't very large, but it's pretty scalable for larger organizations. At the moment, it's not a limiting factor.

Technical support is one of Cisco's strong suits. In my experience, the Umbrella team has been very quick to turn around requests. It's even been above average by Cisco's standard compared to the turnaround time for other Cisco solutions and products.

I would give Cisco's support a rating of nine on a scale from one to ten.

Positive

We deployed it by configuring local devices to redirect the DNS request to the SAS service Umbrella provides.

The solution is cloud-based. You just send your DNS request or your traffic to it. You can start with a monitoring-only mode. So for example, you can redirect the DNS request and start observing what Umbrella recognizes. Later, you can start defining the policies, setting up the enforcements, etc. You can very quickly get to the first results.

Actual ROI numbers are really hard to measure and determine. Generally, we see that customers who implement Cisco Umbrella and start using it tend to renew their licenses. They adopt the product, and they recognize the value it brings. I think this shows that there was a return of investment for them and that it achieved the desired level.

Licensing with Cisco can be a little complex, but I think it's comparable with that of other similar products. It's always hard to put a price on security, but the price is fair for the value it provides.

We're a Cisco partner, and we work with a lot of Cisco solutions. So, it was pretty easy for us to decide what we wanted to try and test. We didn't really do competitive selection and assessment, and it was pretty straightforward for us to go with Umbrella.

I would rate Cisco Umbrella at nine on a scale from one to ten.

I use Cisco Umbrella mainly for content filtering. We use it to ensure that my users don't access something they shouldn't be accessing. It's just like pushing and scan prevention.

There are a countless number of attacks that Cisco Umbrella prevented from happening in our organization.

Suppose we see a very silly entry where a bad actor tries to impersonate a good website or service we continuously use. They buy the domain, misspell it somehow, and then inject that in a link. Suppose my email scanning tools did not detect or notice that for one reason or another, and we identified it later. We immediately block impersonating users from accessing services over Cisco Umbrella-controlled devices.

iOS devices and mobiles are huge in my environment right now, and I cannot run them on Cisco Umbrella 24/7. Each user has one desktop but three or four mobile devices on two iPads, and a phone or multiple phones and an iPad, or vice versa. I'd like to turn on my Cisco Umbrella on the network level, at least on my office premise. However, my security team would like to keep all devices on-network and off-network to be connected or managed by Cisco Umbrella all the time. So their use cases are higher and stronger than my mobile ones. Sometimes we try to work around my mobile ones with MDM, but sometimes it would be way more flexible to have both running side-by-side.

Also, in the Apple services or the Apple space, between my Cisco Umbrella and between my Apple updates, something breaks. I'm not sure if it's because of a policy that my company did before I joined them or if it's something that's happening due to a conflict in the configuration somewhere. So we always have to completely get the device or the endpoint out of any filtration to get the policies. We get everything pushed properly from Apple to the device and provision it afterward. Then we add the Cisco Umbrella roaming client to it.

Cisco Umbrella has been running in my environment for about five years, and it was there even a couple of years before I joined my company.

We've never really seen any service outages or downtime with Cisco Umbrella. It is amazing for a product to be running such a long marathon for the amount of time that I have witnessed it.

Cisco Umbrella is very flexible. Before, after, and during the years of the pandemic, my environment went up and down concerning headcount and use cases. Since Cisco Umbrella is pretty flexible, it was able to scale with us.

On the technical side, we always get our questions answered in a reasonable turnover. There was an incident when I had two instances running, and I tried to research it first and run discovery with it. When I couldn't find the answer immediately, we called Cisco, and somebody over the phone was very helpful and told us within ten minutes that it wouldn't work for us.

Positive

The initial setup was pretty straightforward. The solution's documentation is great. My environment needed a little bit of customization to match the deployment configuration or documentation, and it worked fine.

We implemented Cisco Umbrella through an in-house team.

We have seen a return on investment with Cisco Umbrella regarding the working hours and the ticketing. The tickets do not have to get escalated to a network engineer or to a network person to look at. They could be worked on by someone on the app on tier one or tier two before needing an escalation if it even needs it.

I was onboarded to an environment where Cisco Umbrella was already running. I'm sure my predecessor evaluated other products during the same time, and then they decided to start and stick with Cisco Umbrella for the past six-plus years for its efficiency.

The security team deployed Cisco Umbrella in our organization. I deployed the solution briefly on my network infrastructure, and then we decided to switch that off because we noticed a conflict when we had it running at two different places.

I cannot really speak so much on the infrastructure because until recently, whenever we installed Cisco clients on a machine that's running a server, the machine broke. The reason for that is something that happens in the trust relationship between the server and the domain controller. We opened a support case with Cisco Umbrella, and they told us the server was not supported. Servers are not meant for browsing, and the environment that they are in should not be open to the entire world.

My network team is not that large. For content filtering, when a request comes in to unblock a website saying that it is misclassified, it's super easy to give enough access or limited access to the support desk agent or analyst that's getting your clients' calls. The turnover time is much quicker and much shorter. We do not have to deal with maintenance windows or change management times because it's easy to go to a portal or website and change it versus changing a configuration on a firewall. It helps a lot with hybrid environments, especially during the unprecedented times we had a couple of years ago when we all decided to work from home. My environment was 90% ready to work from home, and one of the reasons for that was Cisco Umbrella.

In a 2000-user environment, Cisco Umbrella has helped save at least 14 hours weekly.

Cisco Umbrella has changed the way that we have access to a tool. It helps us do content filtering. I do not need DNS servers running anymore on my network because I identify it on the Cisco Umbrella portal, and everybody gets the configuration within 30 seconds to a minute. I do not have to deal with DNS changes, especially for internal tools and websites.

Cisco Umbrella has helped our organization improve its cybersecurity resilience for the end clients by having that on-off network flexibility. I do not necessarily have everybody run on a VPN all the time.

The nearest product to Cisco Umbrella is not even comparable. Cisco Umbrella's feature richness and compatibility are becoming an industry standard. We do not ask if an environment has a DNS server running in it or not. Instead, today we ask whether that is a Cisco Umbrella environment.

Overall, I rate Cisco Umbrella ten out of ten.

Cisco Umbrella improves web security posture.

Meraki features and cloud-based functionality are advanced and easy to manage centrally.

Reporting is a separate product. However, other features are embedded within the devices themselves. So, if you have one box, everything is included, which is good.

A more user-friendly interface like Kaspersky and lower costs including licensing, support, and renewals would be beneficial.

My company has been using it since 2005. 

It is a stable product. 

It is a scalable product.

The customer service and support are excellent, exceeding expectations.

Positive

I used Sophos, FortiGate, and Palo Alto firewalls.

Cisco Umbrella is manageable and well-supported by various vendors and partners, including Cisco Direct. It offers diverse technologies and features. However, now Sophos and FortiGate offer better tools and firewalls than Cisco.

Forti excels in SD-WAN services and integrates various functionalities like FortiManager, FortiAnalyzer, and Wi-Fi controller within a single device.

It is easy to implement. It is not straightforward, but it is easy. It is easier than before. 

The licensing cost is very high. We have to pay for support, renewal, and maintenance. FortiNet is cheaper compared to Cisco Umbrella. 

Consider your budget. If you can afford it, Cisco Umbrella is a stable and scalable solution.

It's a strong Cisco product.

Overall, I would rate the solution a nine out of ten. 

We use Umbrella to front-end all of our DNS requests and that way they protect any of our end-users from going to any kind of malicious site. It doesn't matter if they're in-house in one of our locations, or if they're remote and working from home. That was the biggest part was the fact that we could protect our end-users, even when they're not in the office.

We were actually trying to solve other challenges, which included just to protect the onsite, but once COVID hit, it pretty much made it a very easy transition for us. At one point, when COVID was at its highest peak, we had everyone working remotely. We didn't have to worry about how we were going to restrict our access on the internet, because Umbrella was already handling that for us.

It made us more secure, which is a very important thing for a financial institution.

The support for hybrid work was the biggest thing. It protects our users, whether they're in the office or they're out of the office. We get the same policy in both locations. We can assign policies based on individual group memberships and it travels with them no matter where they go. It helps no matter where they are.

Since it's based on user DNS requests, it's right from the endpoint all the way through the network to be able to identify those locations and restrict access if necessary. It's not just the malware sites, which is very important, but it's also just content in general. There are business reasons for restricting access to certain content.

Since we implemented Umbrella, we are seeing a fairly significant amount of threats being blocked. A good 20 percent of all the activity, on average, that we see is actually being blocked by Umbrella, because it's either violating policy or it's some kind of malware.

Both monitoring the activity, so that we can investigate anything that may pop up, and the ability to restrict the access, or filter out what content end-users can view or go to [are valuable features of Umbrella]. Also, the fact that it blocks them from any known malicious locations.

It works really well and the best part about it is the fact that it's transparent to the users until they try to go somewhere that's either restricted because of content or restricted because of the fact that it's malicious. Then they simply get a popup and that's all there is to it. So from their perspective, it's very easy. They don't have to do anything in order for it to work.

There is a single portal that we go to that handles being able to set up policy, look at activity, or even manually add sites that we think that we want to restrict, even if it's not considered a particular category or a particular malware. The single-pane-of-glass management is very important. We have a very small team. We can't spend a lot of time going from product to product to product to either investigate or set up policy. We need to have one place that we can go to and set everything up.

It's really easy. It's an easy portal to go to, it's cloud-based, so we can get to it from anywhere. The ability to set up the policy is pretty straightforward. There are a lot of tie-ins with other products, like SecureX and other things, that make it just as easy.

It's cloud-based, so as long as you can get to the cloud, you're golden.

The only thing I can think of is that I'd like to see a little more flexibility in policy creation. The way that policy is currently structured is like a "first hit succeeds" kind of policy. It would be nice if it were more hierarchical.

I have been using Cisco Umbrella for about four years now.

It's been extremely stable. In the last four years, I do not recall a single outage. There has been nothing that I can think of that actually affected the performance of the system at all in the last four years.

We've never had an issue with scale. We've scaled it up to every user that we have in-house. When we deployed the gateways, we deployed two for HA purposes, but from a scale perspective, it's DNS queries. It doesn't take much. Our whole organization is on it.

Support for Umbrella is very good. There's a way to contact them directly from within the portal and we use that periodically.

I give them about a nine out of 10. There are issues with Cisco's tech support, like all the rest of them.

Positive

Umbrella was actually the first [solution we used in this area]. Once we discovered that that was a big hole we had—we didn't have anything that was controlling content for our internal end-users—we could run into problems with regulation, problems with compliance. It could run into issues with HR, as well as security issues associated with malware. We knew it was a hole, that we were missing. Umbrella filled that hole for us.

There were two pieces of the deployment. One was the cloud deployment, which got us set up in the cloud to begin with. We also had gateways that were installed on-prem, in-house.

We were able to get the gateways up and running in about an hour. The cloud deployment was all done by the Umbrella organization on the back-end side. To deploy to the end users, all we needed to do is set up a policy that said, "This is what you use for DNS." Once that was set up, we were done. Deploying that was done in a group policy and that group policy was pushed in a matter of minutes. The entire solution was probably deployed in just a few hours.

We did it all ourselves. Cisco handled the back-end side with the portal itself, but the rest of it, we did ourselves.

I think we got our return on investment within the first month of its use, because of the increased security that we had in the organization; the ability to have a product that is protecting our end-users. We do educate our end users today, but Umbrella doesn't require us to go through as in-depth an education process to say, "Okay, you're going to have to do the research. You're going to have to figure out what sites are bad. You're going to have to figure out where not to go." We don't have to do any of that. That's all handled by Umbrella. We just need to let them know that we're protecting them on the back-end side.

Its value exceeds its pricing.

We looked around to see what was available. There were a lot of content filtering solutions available, but one of the things that Umbrella brings, in addition to content filtering, is that awareness of known threat sites. Their tie-in with Talos, Talos being that organization that does all that research and feeds that into Umbrella, means that we not only have known malware sites from six months ago, but we're getting feeds from Talos within hours.

The impact on our employees' morale has been good. Anytime the employees understand that we're doing something from a technology standpoint to secure the organization more, that makes them happy. It's something that they don't have to concern themselves with as much and it improves morale quite a bit.

Resilience in cyber security is extremely important. We're a financial institution, so cyber security is very high on our organizational goals, all the time. Making sure that cyber security is resilient against any of the latest attacks that are coming out is extremely important. It's a constant thing. Cyber attacks are increasing every single year. The methods that are being used are increasing every single year. If something were to happen, not only would we have a financial impact, but we have a reputational impact. For a financial institution, a reputational impact could be just as devastating as a financial one.

Umbrella helps us with that overall security. It gives one less attack vector for the bad guys to get into. We're protecting those end-user devices and we're protecting those end-users from going to places that could be malicious. The fact that it's doing that for those end-users increases our overall security without us having to rely specifically on end-user education in that particular attack vector.

For leaders who are looking to increase resilience within their organizations, I would say that what is necessary is to do as much security, in-depth, as you can. That includes using Umbrella to protect your users and using lots of other security products and being able to secure every aspect of your organization.

I would rate Umbrella absolutely a 10 out of 10. It's literally a lifesaver when it comes to being able to protect our endpoints.

We're actually in the process of using this to replace our current web proxies. We use both, side-by-side, at the moment. The plan in the future is to eventually get those replaced with Umbrella so that we can have an overall, overarching proxy either that's based in the cloud or whatever we need. But this currently is our most convenient way of replacing web proxies across all of our locations at our company.

It's definitely made things more centralized. Our current setup is that we have proxies, either physical or virtual, throughout our different locations. Each location has its own proxy at the moment. What's nice about Umbrella is that we can just go into the site and see all of our locations in one place and look at all of our computers, users—everything. It's not divided into separate proxies that we have to go into and figure out which person's using which proxy. Umbrella lets us just see everybody at once, which is really handy for us, and we don't have to spend too much time messing around with figuring out who's where and which location needs this change. [We can just make] changes throughout every location at once, rather than one at a time with those proxies that we currently use.

The past couple of years, [the fact that the solution helps support hybrid work has been] especially important because now we can't use those proxies if people aren't onsite. The way our network was set up was that we had it filtering through the firewall and the firewall was taking certain subnets and filtering those through the proxy. But obviously, when people work from home, we had to get a VPN connection set up. Before COVID, we did not have a work-from-home solution at the time, so everybody had to be in the office. Obviously, that all changed very quickly and Umbrella became a much bigger priority for us because that was our main replacement for those proxies at the time.

We had to expedite the process of setting it up, but what was nice about Umbrella was that it was so user-friendly, it was so easy to set up on our end, that it didn't take as much time as we thought it would. It just simplified the entire process throughout the couple of years that we have especially needed it. But what's cool about that is that now, it's a permanent part of our network. Thanks to the last couple of years, we use it all the time now. It wasn't just a temporary solution for hybrid work because now we use it for both. We have the ability to do hybrid work, but we also have the ability to use it for our employees onsite as well.

[When it comes to threat remediation] most of it is automatic so we don't really have to worry about it too much. Umbrella will just block something if it detects it as malware. That is a super convenient feature for us, that we don't have to manually review every single site. If we do have to review a site, it's nice to have that investigative tool. We put in the URL and it gives us a risk score, depending on how dangerous that site might be. That's super helpful for us to analyze that site, take a look at it, and make a decision on whether we need to block it, or if it can be unblocked. Every situation is different, but Umbrella makes that summary page very convenient for us. It allows us to make decisions much faster and more efficiently.

Our cyber team is a bit different from our network team. We have a separate team for that, but it's nice because they also use Umbrella for a lot of that, depending on what the site is. We use the investigative tool for the risk score, but it also comes with a few other tools, and part of that is just so that they can assess what's safe and what's not safe and what might be detected as malware. Obviously, they have other tools for that as well, so Umbrella is just one cog in the big system. But it definitely allows for easier communication between our teams because we both use it and we can both understand it. It's user-friendly enough so that we can make decisions with them based on what Umbrella tells us and how we interpret that information depending on the site, the situation, the risk score, everything.

We have a lot of employees, a few tens of thousands. We get probably hundreds [of threats blocked] every day. I wouldn't be able to give an exact number on how many are blocked. The main ones we look at are the ones that people request us to specifically look at because they might not think that something was supposed to be blocked, or something is not working properly, and we can go in and investigate that. But there are probably hundreds to thousands of blocks per day on the sites, across all of our locations. That automation allows us to relax a little bit easier and know that our network is much safer with Umbrella on it than it is off. The automatic side of it is basically saving our jobs. That really helps, and we're able to look at anything. Overall, as a program, it has saved us a ton of time and stress by not having to worry about malware or viruses or anything malicious.

One of the coolest features, for me at least, is to be able to type in a website and have it  give an overall summary of how safe that website appears. Part of that is just so that we can investigate. And if there's any sort of confusion between our cyber team and us, we can look further into that site and dive more into that risk score that Umbrella gives us. We can just analyze [those sites] and make sure that we're unblocking safe sites and blocking sites that we deem could be harmful for our employees.

I would say it provides single-pane-of-glass management. We still, of course, use those old WSAs, but in the long run, our plan is to get those replaced with Umbrella. We have locations in Japan, Korea, China. So it's a little bit more difficult to go through one proxy for all of those, especially because it's a bit slower. What's nice is, [with] Umbrella being in the cloud, we can just go into the site, see everything from the management console in that page. Nothing is slow [and] nothing is hosted by us so that we don't have to worry about network issues or management issues. Everything is just laid out right in front of us from the Umbrella dashboard on the internet, in the cloud. And that makes it super helpful for us to just manage all that from one spot across all of our locations across the world.

We aren't a very big team, so that's the main thing. Going through filtering web traffic or blocking sites or unblocking sites, whatever we need to do, can be a bit tedious, especially when we have all these different locations and we would have to go into each location specifically to perform these tasks. Umbrella, being one pane for managing, being all-encompassing, allows us to quickly go in, make a change, and it applies to either every location, if we want it to, or we can have policies in place that only apply to certain users or certain computers. And that makes it super useful for us because we're not messing around with jumping into all these different locations and manually doing each and every one individually. It is extremely helpful for us and it improves efficiency exponentially.

I have personally been using Cisco Umbrella for almost a couple of years. Our company implemented it about five or six years ago. Most of that time was spent getting it set up, but we've really been using it more within the last two or three years now, so it's still pretty new to us at the moment.

[In terms of maintaining network connectivity] obviously it depends on the situation. With Umbrella, it's a bit easier, for sure. There are times where Umbrella, on their side, is having an issue and we're notified of that issue. But in that case, there isn't really much on our side that we can do. To that extent though, the pros outweigh the cons. It's pretty rare that Umbrella is having a problem. The way that our network is set up is that we can reroute traffic pretty quickly using our other Cisco devices, so it's not usually a big issue for us. We have fewer problems with Umbrella than we do with our physical WSA proxies that we currently use, because that is something that we would have to troubleshoot on our end, and we're not always there on site to be able to do that. Then we have to go through someone else who's over there and they have to console us in and we have to troubleshoot whatever's going on over there.

With Umbrella, it's nice to have them tell us what's going on so that we're aware of the situation. If there are any problems, then we'd know what the issue was and how we could work around it. That makes it a bit simpler for us.

Network connectivity isn't really a huge issue for us with Umbrella, specifically. Our use case mainly is just for blocking internet traffic, making groups. We have social media groups where we allow certain computers in places to have access to certain social media sites that we wouldn't normally do. We have other sites being blocked, depending on their use case. That's mainly our function with Umbrella. Internet connectivity is usually not a huge issue regarding Umbrella with us, but if it ever is, it's nice that they communicate the issue to us, [so] that we can work around it.

In my experience with Umbrella support, sometimes the response times take a bit more time than we would like. Obviously, it depends on how they're contacted. But usually, when I contact them via phone, their support team is great. They help me out with everything. But sometimes, if you go through email, it can take quite a while to get a response. Obviously, if it's through email, the issue's probably not as pressing as it would be through a phone call, but the response times could be a little bit better. Email, I usually just avoid. I usually just call them now.

They're super helpful. In terms of response times, it could be a little bit better. Some issues are more urgent than others, but if it's an urgent issue, obviously we just call. Sometimes it takes a little bit [of time] for them to get back. I would probably rate them a seven out of ten.

Neutral

We've had to deploy connectors across certain locations, but [in] all the locations we have a domain controller and that needs to be deployed on those domain controllers throughout all of our different places. I've done a couple of deployments. Most of it was already deployed just by the time I got here. 

[In] my experience of how deployment went, it was very easily laid out, very simple. The instructions were super clear. I didn't have any issues with that. As more of a newcomer to the entire industry, this has been much easier than I expected it to be. Umbrella, as a product, is very simply laid out, very user-friendly. I couldn't praise it enough for helping me out with my job. 

While the support [can] sometimes take a while, overall they're super helpful, they make it very easy and they make you feel like you're not doing anything wrong. They're super friendly and make everything super easy for you. Umbrella as a product, overall, is very user-friendly, as a newcomer to my company.

The plan is to replace those physical proxies that we have. In terms of return on investment, getting rid of those across each location [has been valuable]. In terms of the efficiency with time, it's definitely saved us a lot of time and money troubleshooting different issues and securing the network and helping people access what they need to access. Just in terms of time and efficiency, it definitely has a return on investment.

Trying to replace those physical ones as well, getting rid of those, just having this be the all-encompassing way of filtering traffic and unblocking, of making policies, it definitely saves us a lot of time with the solution that's offered.

In terms of [our employees] feeling supported, they have the ability to submit a request to us very easily. When they get blocked from a site, it's not just one page saying you're not allowed here. They have the ability to submit a request to us so that we can look further into that site. That makes our employees feel more included in the process of helping the company access the sites that it needs to use, [as does our] communicating with those employees [about] why a site might be blocked; or a site that needs to be blocked based on what they find and what they're doing for their job. The important thing is that they're able to talk to us in case there's a site that they think that they need to access and helps them feel included in the entire process.

Like I mentioned earlier, it's one cog in the big system that we have out of our solutions for cybersecurity. We also use products like AMP, we have certain firewalls that also block certain things, the way they're configured. But overall, Umbrella, if we're talking about users on the internet, using sites or accessing different websites, is a big help in determining what exactly they need. We can go into Umbrella and help them understand why something might be blocked, or if they need to get into something, we can make certain policies within Umbrella. It's obviously just one tool out of the many that we have, so these configurations are pretty involved and even I don't know how they all work. It's divided amongst our team. For cybersecurity in general, it's great. It simplifies it. It's very useful in terms of the automation and how it blocks everything, and how all that stuff is interconnected. I would say that it is a lifesaver for us.

As somebody who is pretty familiar with networks and just learning everything, but being an inexperienced network manager, I would say that it makes the entire process very painless, very super simple to understand. In my experience, it's a nine out of ten.

We're using that solution to essentially sort DNS attacks. We also use it to add that increased layer of protection at the DNS level for our customers. That's what we're using it for right now. We're trying to cut back on cyberattacks, malware, phishing, man and control callbacks, et cetera.

We had a fairly large DNS attack and that made us realize we needed basic DNS protection in place, however, we wanted something that was a little more advanced. That really pushed us over the edge for that enhanced DNS protection. It's got that ease of installation and billing along with just being a great product that's been tried and tested. That made our decision.

When we had that DNS attack, we saw a huge spike in issues. It's definitely gone down by a fair amount since implementation. We're seeing 800 fewer trouble tickets compared to the previous year. We can see (via the dashboard now) that we have billions of threats coming in every day. We're adding that extra layer of security for our customers. We're breathing a little easier now as it's actively protecting against all these threats that are coming in every day.

It helps us lead processes and blocks malicious DNS queries daily, which is very beneficial. We've seen a reduction of about eight hundred trouble tickets compared to the previous year. The customers are having a better overall experience as less bandwidth is being taken up by DNS acres. We're not having to constantly police that part of our network. It's a little bit of a better process and a better experience for our customers. 

We use the Easy Connect product, which works well.

The solution enables you to extend data protection to devices and remote users or distribute the locations. However, most of our use for the product is at the DNS level for our entire network and not really at the device level. We do have another added layer from a different company for the device security component.

The solution is pretty flexible.  

With the reduction of trouble tickets, it would be reasonable to say the solution has saved us money on security operations. 

Umbrella discovers new vulnerabilities every year. That's absolutely important to us. As our technology changes, the way we're attacked changes and will continue to change. It's important for us to be made aware of new threats and protect against them. 

The pricing could be improved.

I've been using it for almost a year, since February 2023.

I did not previously use another solution to this extent. 

We've seen an ROI with our trouble ticket call volumes going down. We've saved an estimated $30,000 so far this year.

Start working with your rep early and budget well in advance. Billing is fairly straightforward, but can be expensive.

We're customers and end-users.

We do not plan to purchase any additional security solutions in our environment in the near future. We have other layers of products in place already. 

For someone who's researching threat detection and prevention solutions, I'd have them consider Cisco Umbrella. You can see the threats that are being blocked, and you can help customers understand that you're doing everything you can to make sure that their online experience is safe and protected. People are working from home. People are doing telemedicine. There's a lot of more sensitive information being shared online. That in and of itself is a good selling point. You want to make sure that your customers are as protected as possible.

I'd rate the solution nine out of ten.