Cisco Umbrella Reviews

Our primary use case was to first replace the solution we had since it wasn't able to give us security outside our premises. Also in terms of configuration, we had to have extra configurations in our Active Directory to identify the users and the equipment. Cisco Umbrella gave us a chance to do it in a more clean way, without having extra software working on our domain controllers.

Cisco Umbrella is deployed as a cloud solution with an on-premises server so that it can make the connection through our Active Directory to identify the equipment.

The most value we've seen after using it for a month is the ability to identify more clearly the usage of any device.

With Cisco Umbrella I am able to manage DNS resolutions on our devices both when they are inside and outside our network, supporting a hybrid work environment.

Umbrella has helped my IT staff in two ways. First, our security team was able to get more insights into the users, their devices, and the sites they browse. Second, our system administration team was able to manage DNS resolutions in a way that is more accessible and less intrusive to our domain system.

Soon, our IT staff will be able to save time because we'll be able to automate some security functions. The dashboard is very clean and user-friendly. Thus, at a glance, we will be able to see a lot of information that will help us identify more directly the sources and the root causes of security issues.

It's easier for us to have support features with companies who are Cisco representatives, but sometimes, it's hard for us to get the help we need without having to use our contacts within Cisco.

We've been using Cisco Umbrella for nearly a month.

We have not had any issues with stability, but we've only had the solution for one month.

The few times when we had to contact Cisco's technical support directly, we had perfect interactions with them. Therefore, I would give technical support a rating of ten out of ten.

Positive

We were using another solution for DNS security. It was not as complete and  would only allow us to manage security inside our network. We weren't able to get to the endpoints when staff were not working on-premises. We did a proof of concept with Cisco Umbrella and two other solutions for three months and chose to go with Cisco Umbrella because it gave us the features that were more suited to our organization.

In our environment, it was straightforward and simple to implement Umbrella. We had SCCM for the end devices for mass deployment. Our domain controllers were connected to the server. The initial parameterization only took us three days. Currently, we are in the most difficult part of fine-tuning the solution so we can take full advantage of its features.

Our Cisco partner helped us with the implementation.

Pricing and licensing of Cisco Umbrella is a bit confusing because you have to separate the DNS solution and the full-feature solution. Cisco in Portugal helped us understand which one was the right one for us.

Since Cisco Umbrella has given me better performance and extra features that I didn't have previously, I would give it the maximum rating of ten out of ten.

I'm a principal consultant for one of the energy sector companies, which basically extracts oil and gas and also deals with solar energy. We are dealing with anything related to energy. It's a supply chain as well.

We have been using Cisco Umbrella for more than one year. Basically, after the COVID situation, when the hybrid model came, we needed to give work-from-home options to the employees and look into cybersecurity. We had to get some cloud security. That is why we have introduced Cisco Umbrella.

We chose Cisco Umbrella because it's a better option industry-wide. It can inspect all the web traffic from anywhere. When traffic is generated from any local internet, it might be anything. It doesn't qualify for cyber security for any company. That's why you have to have something to inspect all the traffic. Cisco is a good vendor for us. That's why we chose Cisco Umbrella.

By using Cisco Umbrella, you are sure of inspecting all the traffic. Whenever the user machine is connected to your network, it is inspected. That's the best thing. It means you are sure that nothing is being exported or imported without your choice. That is the best feature.

It generates alerts, and you can integrate it with your ticketing tool. When it's integrated, it can also generate a ticket. That means you know when something is wrong or what's going on. It has helped a lot during this hybrid model, and I don't think that this hybrid model is going anywhere. So, you can simply say that Cisco Umbrella is a good tool for the future as well.

It hasn't freed up our IT staff for other projects because no one thought about this work-from-home model before COVID. There were many alerts after Cisco Umbrella was installed, which means many staff members were invested, but its automation, such as automatically generating alerts and automatically assigning tickets to a queue, has helped a lot. We don't need to do any physical or manual inspection. It's being done automatically, which is a good point, but it hasn't decreased any resource hours.

It's the best tool to inspect everything. We can inspect all the user traffic generated from anything.

If you wish to inspect all the traffic and it's integrated with Cisco AnyConnect, all the traffic basically goes through Cisco AnyConnect, which is not a good idea. That means you need to have more internet capacity as a data sampler, so in the case of a split tunnel, we cannot inspect the traffic that is being migrated through the local internet. I'm not sure whether there is a possibility wherein Cisco Umbrella can also inspect the traffic that is outside the AnyConnect tunnel.

We have been using Cisco Umbrella for more than one year.

We were looking to solve multiple challenges, from DLP all the way through to regular content filtering offsite for our hybrid and remote employees.

Using Cisco Umbrella has brought us into compliance with our customers on a number of points.

Also, it's very important that the solution helps support hybrid work. That was one of the main reasons we got it. About 45 to 50 percent of our employees are either fully remote or hybrid. We needed a solution that would follow them home.

In addition, it's very helpful for securing infrastructure from end to end and detecting threats. It's blocking a lot of stuff, so we don't even have to remediate. It's blocking things before they get to us.

Resilience in cyber security is very helpful and this product has increased our security posture quite a bit.

The most valuable features for us include

• Tenant lock
• Content filtering 
• DLP solutions, looking for PII and information being exfiltrated.

Also, the policies are applied wherever you go, and that's good.

There are a couple of different pieces that have different portals. I know they're working on getting them all into one portal, but that's probably the biggest thing that needs improvement right now. It's not a single pane of glass yet.

I've been using Cisco Umbrella for about a year.

We haven't had any issues with the stability of the product.

The scalability is very good and that's another one of the reasons that we chose this product. You can slowly ramp up the policies. You don't have to build it all at once. We started small and have been deploying more and more of the features of the full SIG Essentials package that we have. We can add more users when need be. It scales on a policy and a user and a deployment basis.

We have about 400 end-users and five sites. We use the AnyConnect module on the local workstations.

The solution's technical support has been very good. I haven't had to call them very much, but the technical support has been good when I have needed it.

Neutral

Previously, our users were only in-house and we had internal firewalls that were doing a lot of this work. But now that they're hybrid, we had to come up with a new solution.

We evaluated Prisma because we have Palo Alto firewalls, but it was more expensive and more difficult to set up.

I don't think our workers like it all that much. It has actually made employee morale worse because we block a lot of stuff. But that's not really the product's fault. It's our policy. It makes things a little bit more cumbersome for them, but it definitely makes us feel safer.

I would tell leaders who want to build more resilience within their workplaces to do it. It's important because one hack and your business is done. Your reputation is everything in this day and age. Being resilient and being able to recover from that type of stuff before you're actually exfiltrated is a big deal.

Overall, Cisco Umbrella is pretty easy to use, pretty easy to deploy, and it does what we want it to do.

We use it for DNS filtration across all data centers, offices, and remote users.

The blocking of all the non-malicious traffic from DNS request queries has been huge. DNS is very important from a security perspective. Securing this layer, specifically for the remote users and the remote workforce that we're seeing today, is definitely a big gap that needed to be filled.

The DNS Umbrella agent is already installed on the core machine. So from day one, when our CEO sent all employees to work remotely, all we had to do was flip a switch to have a DNS filter on all core machines.

The visibility that Umbrella gives us into what a user is doing, versus what we want to block, is huge. It's not that we're policing things. It's just a matter of watching and having visibility. We're definitely not going to block every domain, but having visibility is very big.

It enables us to go granular in the customization of blocking some categories on the DNS. 

Also managing all the DNS aspects from one portal is definitely great from a security perspective. Sometimes we get a malicious URL in a phishing campaign on the email side. Blocking a domain across the whole company in one minute is definitely great. To block a DNS request very quickly you just add the domain to the Global Block List and in one second it's blocked.

Another feature that is good in Umbrella is applying and maintaining network connectivity consistently across all workplaces. You can go through the categories and do templates based on the sites, such as a data center or a branch and apply policies based on that.

Having ready-to-go templates with best practices is definitely something that would be an improvement. Deployment, from day one, is something that definitely needs to be improved for Cisco customers.

I have been using Cisco Umbrella for four years.

The stability is a 10 out of 10.

The scalability is also a 10 out of 10. We use it across all the company's offices and data centers. We have 1,500 users.

The Umbrella service itself is great. Sometimes, with technical support, we go through "tag" problems, but otherwise, it's pretty smooth.

Neutral

We did not have a previous solution. We used to use CWS, which was Umbrella before it was named Umbrella.

The ROI is visible in the portal through the executive reports. They show how many times we block malicious sites. Management definitely gets a view of the fact that we're blocking a lot of malicious domains with Umbrella.

We have a security Enterprise Agreement with Cisco, so the pricing is good. We take many security products in one agreement, so we have no complaints about the price.

From a DNS perspective, Cisco Umbrella is the number-one technology now.

I am a Solutions Architect in a mining company, and the size of the company is around five to 10,000 employees.

We wanted to replace an existing solution and give a better experience to our users, and we wanted to have a superior solution that could give us insights into how secure our users are and what their browsing behaviors are to track down and narrow down issues. Of course, the first and foremost use case is protecting our users. Cisco Umbrella gave us all those things in one and having it integrated into our environment was a very seamless process, and we're very happy using it right now.

It gives you a single pane of glass to see what's going on with your environment and your DNS queries. It has consolidated a lot of previous efforts into the visibility of what's going on.

It saves time. You're protecting your users in a manner that you don't need to do anything after. If, for example, somebody tries to open a malicious website or tries to download something, it just won't allow that. That's it. Previously, there were loopholes and ways for users to get around the proxy, which gives you more work. In that sense, we're saving the support team's time. When you're investigating a problem, it quickly gives you insights into what you're looking for as simple as possible. You can see when a user was accessing a website, was it blocked or was it allowed? Of course, you could test connectivity for specific users and computers. That saves time in troubleshooting. It saves hours per week in comparison to the previous solution. 

The agent that gets installed on the endpoints or on people's laptops and devices is a Cisco AnyConnect Umbrella module. It's one of the most impressive things because you are able to protect your users anywhere they are.

Its reliability and the response time of the support team can be better. 

In terms of features, I know Cisco Umbrella has a lot of potential, and I'm not sure if we're using it to its full potential. I'm not aware of all the functionality, and for the functionality for which we're using it, it has been great. There probably is one place for improvement. We'll love to see any new features, new functionalities, and maybe better integration with other cloud platforms, but for us, it's good as it's now.

We've been using Cisco Umbrella for around four and a half years.

In terms of availability, we've seen it down a couple of times. It has become very stable recently, but we've seen it down. Maybe that's one area that they can improve on. It was not for a long time, but it caused a little panic among our users.

Scalability is happening with ease with Cisco Umbrella because you're either deploying another appliance in your branch office or another office, or you're pointing the endpoints to the existing appliances in your head office or any other place, and you're good to go. It's very scalable and easy to use, and you can have a new office ready in a day or less.

It's great. We've had some cases and issues, but they were resolved quickly and in a timely manner, and we're happy with it. I'd rate them an eight out of ten. They could be a little quicker, but technically, they're great.

Positive

The previous solution was a proxy solution. I'd not state the name of the solution, but it was a proxy solution. It was heavy. It was slow, and there was no easy way for tracking old things. And of course, you can't protect your users outside of the company environment.

I found it easy to implement. Cisco Umbrella has great documentation and great support teams, and implementing it was very easy for us. We just deployed the appliances, and we got through the initial basic policies. We were prepared to do it, so for us, it was very easy.

We did it ourselves. The documentation was good. We're experienced architects and network-oriented guys, so for us, it was just a great experience doing it.

The return on investment is in terms of time savings. It saves time and helps focus on other important things instead of digging into problems with users.

Because we're mostly Cisco-oriented, the solution was obvious. It was already integrated with all of our equipment. We already had Cisco AnyConnect, so it was just a matter of adding the module to it. We're Cisco-oriented, and that was just an obvious choice.

Do your math and check the competitors, but in the end, you won't find a much better solution that's already integrated with your Cisco environment. If you are a Cisco company, that's the way to go.

I'd rate Cisco Umbrella an eight out of ten. 

In my previous company, there was a gap in being able to put controls on users when they were away from the network. We thought, "Okay, Umbrella can do this for us," and it was at a reasonable cost for our security budget.

With Umbrella, it didn't matter if the users were in the office or they were going to go out. When I trained them I said, "If you go to Target, Starbucks, or anywhere else you can get on a hotspot, you're going to be covered with our rules, so we can make sure you're protected and that our company device is protected."

It gave our users, from all of our sites, something like a first line of defense, including monitoring all the exit points of our offices. We also used Cisco AnyConnect on everybody's laptop so that any time they were out, we were making sure to secure their machine and keep an eye on it.

Having a single pane of glass allowed us to quickly monitor and find out what was happening at that moment. We could see active connections going to a public address on the internet. At one point there were so many of them, thousands and thousands to one public address, which was more than normal. I had to contact Cisco support, and say, "This is what I'm seeing. Something's not right," and they said, "You're right." In the main screen, we switched over to investigation and we found that it was a bad actor. The bad actor was checking for domains that are flying around, and he found a few of ours that weren't paid for. He bought them and then he started controlling where they were going by redirecting them. That raised a big red flag for our company. They never had any idea that that had been going on for a very long time.

There were other bad actors who had some of our domain names as well. I had to work with legal and we actually purchased back a few domain names from people. As a result, we taught our guys internally, "When you do a domain and you're going to do tests in the lab, make sure that we put purchase orders in. It's so cheap, let's buy them so that we have control of them, and not allow this again." That was a big awakening.

Another benefit of Cisco Umbrella was related to our wireless. If we had a vendor come to our company, I'd have to get permission for him to use our wireless. I'd have to put in a ticket with his machine name, the IP he would have, and ask for a two-hour window. But I could tell that vendor, "In the same way that you are helping us with the product we purchased from your company, we're going to help protect you at no charge. When you get on our wireless, we're going to have it set up so that everything you do is monitored, just like everybody else here in the company. Even though you don't work for our company, you'll be protected and that will help protect us." They would stare at me, and I'd say, "I know a lot of companies don't do that, but we're doing that because we want to make sure you have a good experience and that we have a good experience by staying safe."

I was able to make use of Cisco Umbrella because it acts like a proxy. The company also had content security, which I used on-prem with Blue Coat products. Any time someone went off the network, the AnyConnect client had the Umbrella agent built in, and it would realize when their computer connected that they were not on the corporate network. It would monitor and they would have pretty close to the same rules that they had to follow when they were in the office, regarding what kind of website browsing they could do.

The single pane of glass management was one of the really good features. From that single pane, not only could you look at what was happening security-wise, such as what was being blocked by domains and IPs, but you could check for your roaming users. With a deployment of AnyConnect, or just the Umbrella agent, on 5,000 machines, you could watch the main glass and see how many roaming users were out there that had it on their machines. And even if they were in the office, it was always active, talking to Cisco's cloud.

You could see numbers. I was able to watch, as we were deploying, how many people were getting the agent. I could see activity such as how many blocks we were getting, what types of blocks they were, and whether they were in categories. I would ask why those users were going to those categories that they shouldn't be going to. Maybe we needed to just refresh them with an email saying, "Hey, remember, we don't do this kind of thing."

Cisco's Umbrella client product is superb. It worked so well for us and was easy to deploy.

The design of the screens could be improved. Sometimes you're trying to look for information, for what you think is critical that should be on that first screen of the dashboard so that you can quickly take screenshots to have people help out, but you have to hop between screens to find little pieces of evidence.

They should work with their customers to find out, when they're troubleshooting, if they're going through multiple screens just to get little pieces of information. Maybe they could design an overall security screen for an event and pull that stuff in so that it's on one screen, rather than having to go search for it. Right now, you're always going back and looking on the left-hand side, going down the column, and trying to remember where something you need is. You have to click all over the place to go find what you're looking for.

I used it at my previous company for about four years.

It was always up. We never had any problems. It was always there.

Scaling was very simple. Since we were using a VPN, we had Cisco AnyConnect on all the user machines, with Umbrella built into it, and that deployment was just blasted out and it was seamless.

The Cisco Umbrella support group was wonderful; very strong. I loved it. I never had one issue with them. They were willing to be there with us, and walk us through things every bit of the way.

Positive

We didn't have a whole lot going on in terms of security and when I got a new manager, he asked, "How do we protect the people when they're out in a store?" That's when we saw that's where the flaw was. We were protecting everything on-prem but the gap we found was that when users were traveling around, we were not seeing where they were going. We were holding them to a standard internally, but when they were outside they were doing whatever they wanted.

What a simple product. It's a fast deployment. Then, you can start designing how you want to do your policies and what you're going to block. But once we told them what public addressing they were going to see, within a few hours we would see them go green. We said, "It's already seeing the data. Let's start applying policies, and we can start controlling all this."

We looked at metrics. As I mentioned, one of the benefits we received was finding the bad actors who had collected our domains that weren't paid for. That helped us to put the magnifying glass to use and say, "Hey, we have something going on." 

I also worked with an outside company that Cisco purchased. I sent them our data from Umbrella and they actually mapped out our data and found bots on our network. There weren't many, but there were a few. The guy shared that with me on the screen and said, "If you buy the service to have us be part of your Cisco deployment, we'll take your data, continually analyze it, and give you reports." 

There was one bot in particular that was just sitting there. The guy at the other company said, "That bot that you're seeing, it's asleep. Look again in a few hours," and it popped up. He said, "It just woke up at that point to try to do a command call." He said, "But we're blocking them, so you're not getting any threats." We didn't know that we had bots in there, and that was a big benefit.

I also had to run numbers for reports. One of them looked at our category-blocking on Umbrella, such as blocks of alcohol sites, social media, weapons, government. I would provide monthly reports to show how many blocks we had from our users trying to go to these types of categories, and it really woke up management: "Wow. That thing is blocking." 

Our investment in this worked, and we were showing it by numbers. It wasn't only that we found bots and bad actors, but we were also controlling things  by blocking phishing and categories. It was protecting us and no one was able to get past those blocks.

The pricing was marvelous. We only had to pay for licenses and they worked a very nice deal with us. It was a much better way to go because it was within budget. It was an easy cost for us to handle.

We did not evaluate any other options. We invited Cisco to come in and do a demonstration, and it was so strong. I also come from a Cisco background of many years. In addition, the industry reviews rated them very well and we took that as our lead.

When they came in and showed us what they could do and how easy it was to monitor every one of our sites within a day, after we put in our external public addresses, it was a no-brainer. It was up and live by the next day, after just a few hours. It was easy to use and set up and we could use it like our internal proxies. We could manage the content and know what was going on and investigate things. We knew what sites people were going to. It was wonderful. Everything we needed was there. We didn't have to go any further, and we knew Cisco would have our back.

All the users understood why we were putting the security control in place, to show that not only were they going to be protected at work on company-owned devices, but whenever they would go outside, we were also going to help. We had to mitigate the chances that they would get something on their machines and make sure that we stopped anything that shouldn't come in and affect our network or expose us to anything.

With Cisco Umbrella, employee morale was very high. We hardly had any complaints at all. One of the reasons is that, when doing regular security troubleshooting, we would go to Umbrella as our first line investigation. We might find a domain or IP that was being blocked by Cisco, something they consider a risk. We would check it out and if it didn't look to be bad we could bypass the block and allow that AD group or set of users to go to that site, because they had to do business as usual. With that ability, we had very few problems, if at all. Overall, it was smooth, with everybody happy, including management. They were happy that we had our first line of defense and that it worked out very well.

I introduce Umbrella to any company that I'm involved with. Cisco is already taking the correct steps right now, as a CASB for any cloud activity as well as DLP. Once they circled around to help companies with protection when they move to the cloud, that was the right direction. I'm not using Umbrella every day anymore, but I'm a proponent of it as a first defense for your company at a reasonable cost. And you don't have hardware to manage. You just rely on Cisco, get your support contract, and work with them to have them help fix things.

I'm a firm believer in Cisco Umbrella and I would definitely use it everywhere I go. I'm speaking to companies in the health industry and telling them, "Guys, you can't just have four people working on security and think you're going to do everything in the world to protect your hospital. You're going to end up on the news." I try to introduce them to this type of solution, to at least have something there to mitigate and help out.

Cisco Umbrella improves web security posture.

Meraki features and cloud-based functionality are advanced and easy to manage centrally.

Reporting is a separate product. However, other features are embedded within the devices themselves. So, if you have one box, everything is included, which is good.

A more user-friendly interface like Kaspersky and lower costs including licensing, support, and renewals would be beneficial.

My company has been using it since 2005. 

It is a stable product. 

It is a scalable product.

The customer service and support are excellent, exceeding expectations.

Positive

I used Sophos, FortiGate, and Palo Alto firewalls.

Cisco Umbrella is manageable and well-supported by various vendors and partners, including Cisco Direct. It offers diverse technologies and features. However, now Sophos and FortiGate offer better tools and firewalls than Cisco.

Forti excels in SD-WAN services and integrates various functionalities like FortiManager, FortiAnalyzer, and Wi-Fi controller within a single device.

It is easy to implement. It is not straightforward, but it is easy. It is easier than before. 

The licensing cost is very high. We have to pay for support, renewal, and maintenance. FortiNet is cheaper compared to Cisco Umbrella. 

Consider your budget. If you can afford it, Cisco Umbrella is a stable and scalable solution.

It's a strong Cisco product.

Overall, I would rate the solution a nine out of ten. 

We use Cisco Umbrella for DNS filtering and as a secure gateway.

Users need to have a bit of understanding regarding setting policies in Cisco Umbrella. I would like to have more applications being recorded. If you want to do things the right way in the console, functions have to be more automated in terms of classification, application, and recording.

I have been using Cisco Umbrella for three years.

I rate the solution a nine out of ten for stability.

Around 170 users are using Cisco Umbrella in our organization.

I rate the solution an eight out of ten for scalability.

The solution should provide more helpful technical support to help us understand some settings.

Neutral

The solution’s initial setup is straightforward.

On a scale from one to ten, where one is difficult and ten is easy, I rate the solution's initial setup a seven out of ten.

A basic setting can be done in minutes. If you want to go deep, it would take several hours. The solution's deployment time depends on how deep you want to go.

The solution’s pricing is reasonable.

Cisco Umbrella filters more traffic and gives us insights into what's being accessed. Cisco Umbrella is useful for protecting endpoints and internet access. Cisco Umbrella is deployed on the cloud in our organization.

Cisco Umbrella is detecting threats more often because we've set it up more effectively than the other security solutions we have in place. It's catching threats in the first place because it's more strict.

We're using the Meraki firewall. Some Cisco Umbrella settings are directly linked to the Meraki console, which was quite easy for us.

Cisco Umbrella is very efficient and needs to be deployed on all endpoints. The solution requires some settings. Depending on how much you set it up, you should check its usage because it would require some day-to-day administration.

Overall, I rate Cisco Umbrella an eight out of ten.