Cisco Umbrella Reviews

In my previous company, there was a gap in being able to put controls on users when they were away from the network. We thought, "Okay, Umbrella can do this for us," and it was at a reasonable cost for our security budget.

With Umbrella, it didn't matter if the users were in the office or they were going to go out. When I trained them I said, "If you go to Target, Starbucks, or anywhere else you can get on a hotspot, you're going to be covered with our rules, so we can make sure you're protected and that our company device is protected."

It gave our users, from all of our sites, something like a first line of defense, including monitoring all the exit points of our offices. We also used Cisco AnyConnect on everybody's laptop so that any time they were out, we were making sure to secure their machine and keep an eye on it.

Having a single pane of glass allowed us to quickly monitor and find out what was happening at that moment. We could see active connections going to a public address on the internet. At one point there were so many of them, thousands and thousands to one public address, which was more than normal. I had to contact Cisco support, and say, "This is what I'm seeing. Something's not right," and they said, "You're right." In the main screen, we switched over to investigation and we found that it was a bad actor. The bad actor was checking for domains that are flying around, and he found a few of ours that weren't paid for. He bought them and then he started controlling where they were going by redirecting them. That raised a big red flag for our company. They never had any idea that that had been going on for a very long time.

There were other bad actors who had some of our domain names as well. I had to work with legal and we actually purchased back a few domain names from people. As a result, we taught our guys internally, "When you do a domain and you're going to do tests in the lab, make sure that we put purchase orders in. It's so cheap, let's buy them so that we have control of them, and not allow this again." That was a big awakening.

Another benefit of Cisco Umbrella was related to our wireless. If we had a vendor come to our company, I'd have to get permission for him to use our wireless. I'd have to put in a ticket with his machine name, the IP he would have, and ask for a two-hour window. But I could tell that vendor, "In the same way that you are helping us with the product we purchased from your company, we're going to help protect you at no charge. When you get on our wireless, we're going to have it set up so that everything you do is monitored, just like everybody else here in the company. Even though you don't work for our company, you'll be protected and that will help protect us." They would stare at me, and I'd say, "I know a lot of companies don't do that, but we're doing that because we want to make sure you have a good experience and that we have a good experience by staying safe."

I was able to make use of Cisco Umbrella because it acts like a proxy. The company also had content security, which I used on-prem with Blue Coat products. Any time someone went off the network, the AnyConnect client had the Umbrella agent built in, and it would realize when their computer connected that they were not on the corporate network. It would monitor and they would have pretty close to the same rules that they had to follow when they were in the office, regarding what kind of website browsing they could do.

The single pane of glass management was one of the really good features. From that single pane, not only could you look at what was happening security-wise, such as what was being blocked by domains and IPs, but you could check for your roaming users. With a deployment of AnyConnect, or just the Umbrella agent, on 5,000 machines, you could watch the main glass and see how many roaming users were out there that had it on their machines. And even if they were in the office, it was always active, talking to Cisco's cloud.

You could see numbers. I was able to watch, as we were deploying, how many people were getting the agent. I could see activity such as how many blocks we were getting, what types of blocks they were, and whether they were in categories. I would ask why those users were going to those categories that they shouldn't be going to. Maybe we needed to just refresh them with an email saying, "Hey, remember, we don't do this kind of thing."

Cisco's Umbrella client product is superb. It worked so well for us and was easy to deploy.

The design of the screens could be improved. Sometimes you're trying to look for information, for what you think is critical that should be on that first screen of the dashboard so that you can quickly take screenshots to have people help out, but you have to hop between screens to find little pieces of evidence.

They should work with their customers to find out, when they're troubleshooting, if they're going through multiple screens just to get little pieces of information. Maybe they could design an overall security screen for an event and pull that stuff in so that it's on one screen, rather than having to go search for it. Right now, you're always going back and looking on the left-hand side, going down the column, and trying to remember where something you need is. You have to click all over the place to go find what you're looking for.

I used it at my previous company for about four years.

It was always up. We never had any problems. It was always there.

Scaling was very simple. Since we were using a VPN, we had Cisco AnyConnect on all the user machines, with Umbrella built into it, and that deployment was just blasted out and it was seamless.

The Cisco Umbrella support group was wonderful; very strong. I loved it. I never had one issue with them. They were willing to be there with us, and walk us through things every bit of the way.

Positive

We didn't have a whole lot going on in terms of security and when I got a new manager, he asked, "How do we protect the people when they're out in a store?" That's when we saw that's where the flaw was. We were protecting everything on-prem but the gap we found was that when users were traveling around, we were not seeing where they were going. We were holding them to a standard internally, but when they were outside they were doing whatever they wanted.

What a simple product. It's a fast deployment. Then, you can start designing how you want to do your policies and what you're going to block. But once we told them what public addressing they were going to see, within a few hours we would see them go green. We said, "It's already seeing the data. Let's start applying policies, and we can start controlling all this."

We looked at metrics. As I mentioned, one of the benefits we received was finding the bad actors who had collected our domains that weren't paid for. That helped us to put the magnifying glass to use and say, "Hey, we have something going on." 

I also worked with an outside company that Cisco purchased. I sent them our data from Umbrella and they actually mapped out our data and found bots on our network. There weren't many, but there were a few. The guy shared that with me on the screen and said, "If you buy the service to have us be part of your Cisco deployment, we'll take your data, continually analyze it, and give you reports." 

There was one bot in particular that was just sitting there. The guy at the other company said, "That bot that you're seeing, it's asleep. Look again in a few hours," and it popped up. He said, "It just woke up at that point to try to do a command call." He said, "But we're blocking them, so you're not getting any threats." We didn't know that we had bots in there, and that was a big benefit.

I also had to run numbers for reports. One of them looked at our category-blocking on Umbrella, such as blocks of alcohol sites, social media, weapons, government. I would provide monthly reports to show how many blocks we had from our users trying to go to these types of categories, and it really woke up management: "Wow. That thing is blocking." 

Our investment in this worked, and we were showing it by numbers. It wasn't only that we found bots and bad actors, but we were also controlling things  by blocking phishing and categories. It was protecting us and no one was able to get past those blocks.

The pricing was marvelous. We only had to pay for licenses and they worked a very nice deal with us. It was a much better way to go because it was within budget. It was an easy cost for us to handle.

We did not evaluate any other options. We invited Cisco to come in and do a demonstration, and it was so strong. I also come from a Cisco background of many years. In addition, the industry reviews rated them very well and we took that as our lead.

When they came in and showed us what they could do and how easy it was to monitor every one of our sites within a day, after we put in our external public addresses, it was a no-brainer. It was up and live by the next day, after just a few hours. It was easy to use and set up and we could use it like our internal proxies. We could manage the content and know what was going on and investigate things. We knew what sites people were going to. It was wonderful. Everything we needed was there. We didn't have to go any further, and we knew Cisco would have our back.

All the users understood why we were putting the security control in place, to show that not only were they going to be protected at work on company-owned devices, but whenever they would go outside, we were also going to help. We had to mitigate the chances that they would get something on their machines and make sure that we stopped anything that shouldn't come in and affect our network or expose us to anything.

With Cisco Umbrella, employee morale was very high. We hardly had any complaints at all. One of the reasons is that, when doing regular security troubleshooting, we would go to Umbrella as our first line investigation. We might find a domain or IP that was being blocked by Cisco, something they consider a risk. We would check it out and if it didn't look to be bad we could bypass the block and allow that AD group or set of users to go to that site, because they had to do business as usual. With that ability, we had very few problems, if at all. Overall, it was smooth, with everybody happy, including management. They were happy that we had our first line of defense and that it worked out very well.

I introduce Umbrella to any company that I'm involved with. Cisco is already taking the correct steps right now, as a CASB for any cloud activity as well as DLP. Once they circled around to help companies with protection when they move to the cloud, that was the right direction. I'm not using Umbrella every day anymore, but I'm a proponent of it as a first defense for your company at a reasonable cost. And you don't have hardware to manage. You just rely on Cisco, get your support contract, and work with them to have them help fix things.

I'm a firm believer in Cisco Umbrella and I would definitely use it everywhere I go. I'm speaking to companies in the health industry and telling them, "Guys, you can't just have four people working on security and think you're going to do everything in the world to protect your hospital. You're going to end up on the news." I try to introduce them to this type of solution, to at least have something there to mitigate and help out.

Our primary use case for Cisco Umbrella is to provide DNS layer security, secure web gateway, and cloud access security broker functionality. We also utilize its integration with other security solutions, policy management, and mobile device support. Customers use Cisco Umbrella for these features to enhance their cybersecurity measures.

Cisco Umbrella offers DNS layer security, a secure web gateway, and cloud access security broker functionality. It provides threat protection by blocking threats before they reach the user's device. The firewall and integration capability with other security solutions are valuable for effective security management. Customers choose Cisco Umbrella for its DNS layer security, policy management, and mobile device support.

Cisco Umbrella can be improved in terms of limited coverage and wind vulnerability. The product can only shield a small area, making it less effective for larger spaces or multiple users. 

Additionally, strong winds can disrupt its functionality, and the opening and closing mechanism can be awkward in tight spaces.

We have been working with Cisco Umbrella for two years. My technical team has been handling the Cisco portfolio for the last fifteen years.

I have not experienced any major stability issues with Cisco Umbrella. Occasionally, troubleshooting and firmware upgrades are required, however, overall, the solution is stable.

I rate the scalability of Cisco Umbrella as seven out of ten. It is a scalable solution but requires improvement in specific areas.

The customer and technical support for Cisco Umbrella are very good. Cisco's support is fantastic, providing assistance when needed, especially during the initial installation process.

Positive

The initial setup of Cisco Umbrella is not very complex. Certified resources trained for two to three days can easily implement the solution. On a scale from one to ten, I would rate the setup experience as a six.

Our customers have seen a return on investment since implementing Cisco Umbrella. It effectively enhances security and meets customer requirements.

The pricing for Cisco Umbrella is average. The only cost associated is the license cost unless additional solutions need to be integrated with Umbrella, which would incur extra costs.

We also evaluated Infoblox for DNS, as Cisco does not offer DDI (DNS, DHCP, and IP address management) capabilities. Infoblox offers a more comprehensive solution for these functions.

I would recommend Cisco Umbrella for its overall functionalities but not specifically for DNS purposes. For a complete security management solution, Infoblox is a better option for DNS management. 

Overall, I rate Cisco Umbrella six out of ten.

Cisco is a very efficient and on-point solution that controls the whole network and settings on one page. We can monitor the entire network.

The solution could be faster as the process is very slow.

I have been using Cisco Umbrella as a reseller for four to five years.

I rate the solution’s stability an eight and a half out of ten.

We have deployed it to small businesses.

I rate the solution’s scalability an eight out of ten.

The initial setup is straightforward and takes few hours to complete.

I rate the initial setup a nine out of ten, where one is difficult, and ten is easy.

ROI is pretty good. I rate it as eight out of ten.

You need to buy an additional license for customer services. The licensing is moderate.

I recommend the solution.

Overall, I rate the solution as eight and a half out of ten.

Our primary use case was to first replace the solution we had since it wasn't able to give us security outside our premises. Also in terms of configuration, we had to have extra configurations in our Active Directory to identify the users and the equipment. Cisco Umbrella gave us a chance to do it in a more clean way, without having extra software working on our domain controllers.

Cisco Umbrella is deployed as a cloud solution with an on-premises server so that it can make the connection through our Active Directory to identify the equipment.

The most value we've seen after using it for a month is the ability to identify more clearly the usage of any device.

With Cisco Umbrella I am able to manage DNS resolutions on our devices both when they are inside and outside our network, supporting a hybrid work environment.

Umbrella has helped my IT staff in two ways. First, our security team was able to get more insights into the users, their devices, and the sites they browse. Second, our system administration team was able to manage DNS resolutions in a way that is more accessible and less intrusive to our domain system.

Soon, our IT staff will be able to save time because we'll be able to automate some security functions. The dashboard is very clean and user-friendly. Thus, at a glance, we will be able to see a lot of information that will help us identify more directly the sources and the root causes of security issues.

It's easier for us to have support features with companies who are Cisco representatives, but sometimes, it's hard for us to get the help we need without having to use our contacts within Cisco.

We've been using Cisco Umbrella for nearly a month.

We have not had any issues with stability, but we've only had the solution for one month.

The few times when we had to contact Cisco's technical support directly, we had perfect interactions with them. Therefore, I would give technical support a rating of ten out of ten.

Positive

We were using another solution for DNS security. It was not as complete and  would only allow us to manage security inside our network. We weren't able to get to the endpoints when staff were not working on-premises. We did a proof of concept with Cisco Umbrella and two other solutions for three months and chose to go with Cisco Umbrella because it gave us the features that were more suited to our organization.

In our environment, it was straightforward and simple to implement Umbrella. We had SCCM for the end devices for mass deployment. Our domain controllers were connected to the server. The initial parameterization only took us three days. Currently, we are in the most difficult part of fine-tuning the solution so we can take full advantage of its features.

Our Cisco partner helped us with the implementation.

Pricing and licensing of Cisco Umbrella is a bit confusing because you have to separate the DNS solution and the full-feature solution. Cisco in Portugal helped us understand which one was the right one for us.

Since Cisco Umbrella has given me better performance and extra features that I didn't have previously, I would give it the maximum rating of ten out of ten.

We are a Cisco premier integrator, and I've worked for Prosperity for approximately seven months now. We just set up a new networking team predominantly servicing clients within the financial services industry.

We offer various products within the Cisco Secure product line, for example, Cisco Secure Firewall, AnyConnect, and Umbrella. As a Cisco partner, we predominantly deploy Cisco equipment, be it LAN switching or routers. Deploying Cisco Secure products makes sense because then we have one vendor in the network.

When we're deploying Cisco Umbrella, we're predominantly utilizing the DNS Essentials or the DNS Advantage license. We use it as a first layer of defense on the network because everything relies on DNS these days, so if you can capture that traffic and analyze it or analyze those DNS requests, you can very quickly start filtering out things like Command-and-Control and whether there's malware on the environments or shadow IT, for example. So, it can capture and categorize the apps that people use, and if you were to block something, you can very easily block it.

As a Cisco partner, the value we bring to our customers is our years of experience, and our customers can rely on us. We've got a saying in our company that if we look after our clients, we look after our colleagues, and we look after our customers, then we'll all prosper; hence the name Prosperity 24/7. That's our sort of motto, but it's very true. Our customers can trust us. We've got the experience. We've got the links to Cisco. We do all the training, so customers don't have to worry. It's about wrapping the customer up in a blanket and going, "Everything's going to be okay. We're here."

The benefit we get from our Cisco partnership is credibility within the marketplace because everybody has heard of Cisco, and it's probably one of the most deployed network manufacturers in the world involved in so many verticals. There's always a product there. I've been looking at so many products this week at Cisco Live, for example, that anything you can think of is there. There's always new innovation. It's an innovative company.

The feature that we find most valuable is to be able to filter out those web requests that you don't want. In a corporate environment, it can be damaging. It can be damaging to organizations as well. You don't want people going to certain sites. Also, the malware side of things and the Command-and-Control side of things are valuable because you can have serious reputational damage to your organization if there's malware in your environment. To be able to block that at its source is very important.

Umbrella is a constantly evolving product set in terms of what they had maybe four years ago compared to now. The number of features they're developing and facilities within that cloud platform are amazing. Things like data loss prevention (DLP) have been released in the last couple of years. It probably has remote browser isolation (RBI) as well, but I'll have to check that one. So, it's a constantly evolving product set. Our clients might start off on a lower tier of the Umbrella, but over time, they'll go, "Actually I want that feature." And then they'll go from DNS Essentials to DNS Advantage, and then they might start looking at Secure Internet Gateway (SIG), for example, which is just the secure web gateway (SWG). So, there's something for everybody, and as a layer of defense in your network, it's a great product.

With any Cisco product, it's the licensing side of things that needs improvement. Licensing changes and Cisco typically doesn't make it easy for us, but it does evolve. What's good now is that predominantly across the different product sectors within Cisco, you start off with DNS Essentials, Advantage, and even the Catalyst switches. That's now ubiquitous across the Cisco line. They've got to keep it simple on the licensing side so that when I go and talk to clients, I can say, "Right, here you go. With this license, you get these features, but you can always scale up." Once the customers experience Cisco Umbrella, then typically, they start thinking, "What else could I be doing?" You may start off with the DNS Essentials, but then you might move to SWG eventually.

Umbrella's availability is second to none. I remember attending Cisco Live in Barcelona where I went to one of the sessions, and they said that they've had a hundred percent uptime since forever basically, so I don't think they ever had an outage. They've got two DNS servers. They use Anycast, so it's available around the world. It will speed up your web browsing because you'll go to the closest data center. Umbrella pairs with the service providers, so it'll speed up your general web traffic as well.

In our customers' environments, in terms of scalability, absolutely, it's a very simple product to deploy. It's cloud-based, so we don't have to worry about deploying resources locally. Networks rely on DNS anyway. The whole Microsoft stack, whether you open a web browser or use Teams, relies on DNS. So, it's the first step in any web transaction.

I like working with Cisco products because I get excellent support. If it's four o'clock in the morning, I'm in a data center, and something has stopped working, I know I can just reach out to TAC, raise a TAC case, and get help. That's a comfort blanket that surrounds all of us Cisco engineers. We know we can call somebody, and we know we can get through to somebody who will have the answers for us.

I would give Cisco support a solid eight or nine. It's probably difficult to give a 10 because sometimes it depends on who you get as well, but with Cisco TAC, you can always escalate cases as well. So, there's always somebody within Cisco TAC who can help you.

Positive

In the typical deployment model, we integrate it with, for example, the Meraki product line for using Cisco Umbrella directly within the Meraki dashboard. So, you can link it to an API. That's a nice integration. You're not having separate Meraki access points or Meraki MX. You can bring it all together in one place, so you've got a single dashboard. Typically, we've done that. In the bigger organizations, we have done deployments of the virtual appliances because essentially, you want to be able to identify individual users at that point. By using the VAs, you should be able to identify users on the network, and then you can deploy policies based on those user groups.

Cisco Umbrella can be deployed in minutes. In its simplest form, all you need to do is point at the Cisco Umbrella DNS servers, and that's it. It can be literally deployed in minutes. If you want to go to a different use case, for example, where you've got to deploy VAs, that's a bit more difficult, but there's something for everybody. It can be as simple or as complex as your environment requires.

I've always worked with Cisco. I've been working with Cisco products for the last 20 years. We do have other products that we can sell for a lower price point, for example, but typically, I like using Cisco products.

To any customers who want to evaluate Umbrella, the first thing I would recommend looking at would be the product sheets within Cisco. Understand the technology, understand the features that are available, and then decide what level of Umbrella or what licensing level you require to meet your business requirements. If it's just protecting some guest WiFis, for example, then it'll be a very simple deployment. If you've got Meraki kits, you can easily link those two pieces together.

Talos receives so much traffic. I did one of the sessions yesterday with the guys from Talos, and the amount of web traffic that comes into Talos for them to analyze is huge. So, as a repository of what's going on and a view of what's going on the Internet with this new malware, they're very quickly going to be able to react to that. Even with just the behavioral type analysis in terms of what constitutes bad behavior on a network, they can very quickly analyze and deploy a new solution. They update things like Umbrella, and as a central repository, it feeds into Talos, and then Talos can inform the rest of the security community about what's going on and what things you might need to block, so Talos overall has a positive effect for our clients. For them to do it themselves would be impossible. You need somebody on the Internet, and Talos provide that service. It's about control and visibility, and those certainly are the features that Talos can bring to the table.

I'd rate Umbrella a solid nine out of ten. It's probably difficult to get any product in a 10, but they are always constantly developing it. So, if you come back in a year's time, there'll always be new features than what's available today.

We use it to protect our users from getting to any known bad domains.

It does what it's supposed to do, protecting us from getting to somewhere that we shouldn't.

The solution also helps us remediate threats more quickly. Examples are when an email campaign comes in with malicious links, or if they're on a website like Facebook which is full of junk that doesn't need to come through.

Domain blocking is among the most valuable features. It keeps people from accidentally clicking on something they shouldn't. Also, if I see an email that comes through, I can pick out bad domains that we want to block and make custom policies to block them.

In addition, when it comes to hybrid work it's pretty effective. We've got the agents. We can protect people inside our building and, when they're using their laptops out in the field, they're still protected. It's working well.

The single pane of glass management is also pretty helpful because we don't have to hunt for what we're trying to work on.

Getting to some of the reporting features is something that could be improved. When I am tracking someone that has done something, my first hint is usually an email, because I've got those scheduled to come in every so often. But then I've got to log in, dig into that user, find the time period, and then export it. There's a lot of waiting involved through all of those steps.

It would be helpful if there were an embedded link in the email so that when it says it blocked something in particular, I wouldn't have to click through five or six different things to get what was blocked in that email. With a link like that, I could just click from within the notification email and it would take me straight to that page.

I've been using Cisco Umbrella for five years.

I haven't had any issues when using it.

Scaling it is pretty easy. Every time we need to put it on a machine, it's just part of the deployment process.

There are a lot of features that I haven't used. They've been doing a lot of work on it recently and I was talking to one of our Cisco reps who talked about some things we can do with it that we're not doing yet.

I haven't had to use technical support.

It's continuously deployed because, if we wipe out a computer, we've got to put the agent back on it. If we have to put it on a Windows machine, it's easy. If we're trying to deploy it to a Mac through Meraki, it's impossible. The method of deployment for a Mac, and the features available in Meraki, are not compatible at all. Getting it to the point where you could deploy a Cisco product with a Cisco product would be beneficial.

Umbrella is pretty invisible to our employees. Most of them don't know we're using it. There isn't a lot of user training involved, as long as your security people can get in there and do what they need to do.

It's a great tool because you can effectively block a lot of things that can infect your machines. People don't realize they're getting something that's malicious.

Overall, it has been pretty helpful for what we're using it for.

We were looking to solve multiple challenges, from DLP all the way through to regular content filtering offsite for our hybrid and remote employees.

Using Cisco Umbrella has brought us into compliance with our customers on a number of points.

Also, it's very important that the solution helps support hybrid work. That was one of the main reasons we got it. About 45 to 50 percent of our employees are either fully remote or hybrid. We needed a solution that would follow them home.

In addition, it's very helpful for securing infrastructure from end to end and detecting threats. It's blocking a lot of stuff, so we don't even have to remediate. It's blocking things before they get to us.

Resilience in cyber security is very helpful and this product has increased our security posture quite a bit.

The most valuable features for us include

• Tenant lock
• Content filtering 
• DLP solutions, looking for PII and information being exfiltrated.

Also, the policies are applied wherever you go, and that's good.

There are a couple of different pieces that have different portals. I know they're working on getting them all into one portal, but that's probably the biggest thing that needs improvement right now. It's not a single pane of glass yet.

I've been using Cisco Umbrella for about a year.

We haven't had any issues with the stability of the product.

The scalability is very good and that's another one of the reasons that we chose this product. You can slowly ramp up the policies. You don't have to build it all at once. We started small and have been deploying more and more of the features of the full SIG Essentials package that we have. We can add more users when need be. It scales on a policy and a user and a deployment basis.

We have about 400 end-users and five sites. We use the AnyConnect module on the local workstations.

The solution's technical support has been very good. I haven't had to call them very much, but the technical support has been good when I have needed it.

Neutral

Previously, our users were only in-house and we had internal firewalls that were doing a lot of this work. But now that they're hybrid, we had to come up with a new solution.

We evaluated Prisma because we have Palo Alto firewalls, but it was more expensive and more difficult to set up.

I don't think our workers like it all that much. It has actually made employee morale worse because we block a lot of stuff. But that's not really the product's fault. It's our policy. It makes things a little bit more cumbersome for them, but it definitely makes us feel safer.

I would tell leaders who want to build more resilience within their workplaces to do it. It's important because one hack and your business is done. Your reputation is everything in this day and age. Being resilient and being able to recover from that type of stuff before you're actually exfiltrated is a big deal.

Overall, Cisco Umbrella is pretty easy to use, pretty easy to deploy, and it does what we want it to do.

We use the solution for DNS security and web filtering. Our industries include banking and insurance. 

The customer experience is very good, and the product improves security posture. 

Cisco Umbrella is difficult to manage and needs to include a dashboard. It needs to improve pricing as well. 

I have been using the product for three years. 

I rate Cisco Umbrella's stability a nine out of ten. 

I rate the tool's scalability an eight out of ten. 

The tool's deployment is easy; I rate it a nine out of ten. The speed of deployment depends on various factors, including our communication with other customer contacts.

I rate the tool's pricing a five out of ten. 

Cisco Umbrella is the best solution for DNS security in the market. Our customers are enterprise businesses. I rate it an eight out of ten.