Cisco Umbrella Reviews

We use this solution for DNS and IP reputation, for blocking.

Using this solution has meant that we've needed to make fewer firewall changes.

The most valuable features of this solution are the blocking function and its ease of use. The integration with other systems is helpful, as well.

I would like to see DLP integration in the next release of this solution. Including this would give us headroom with some of the infrastructures that we have today.

The stability of this solution is fantastic, and we have no interruptions whatsoever.

There are no limitations when it comes to the scalability of this solution. It's fantastic.

When I have had contact with technical support, I've always had a fast response time.

We implemented this solution because we had a gap in the visibility of our DNS protection, and this was able to remedy that.

The initial setup of this solution is straightforward.

I performed the deployment myself.

Within six months we had ROI for this solution.

Our costs were negotiated, and they are okay.

We did evaluate other options before choosing this solution. We selected this one because we were able to merge it into an ELA (Cisco Enterprise License Agreement), which was beneficial.

If anybody is looking for DNS and IP reputation for protection and blocking, then this is the right product. This is a good solution that is easy to manage, easy to configure, easy to operate, and easy to support. It's very simple.

I really like this solution, and rate it a ten out of ten.

What I find most valuable about Cisco Umbrella is its ease of use. I also value the clearness of the categories. We have not experienced any issues or incidents with the categories. However, we are looking more deeply at the product now. 

We are very new users of the solution and are still in the exploration stages, but we are happy with the product thus far. However, there are some features available in Fortinet and Palo Alto that are not available in Cisco, like objects, for example. I would like to see Cisco enable us to get objects from the internet. I would also like to be able to choose groups. 

I have been using Cisco Umbrella for two to three months now. 

For most of our technical support needs, we mostly go through our partner. However, for some infrastructure-related inquiries, we have had to contact Cisco's technical support and we were happy with the experience.  

Positive

The initial setup was simple. Deployment at our main sites took about three to four weeks. 

We received help from a local partner, NTT Global, during the deployment. They helped us set up Meraki and Umbrella. 

We hope to see a return on investment with Cisco Umbrella. We have a big team managing the infrastructure, so we hope to save time in the day-to-day protection of the tower, which would be the return on investment.

Globally, we also hope to save time on the LAN. We aim for a single pane of glass management model with the dashboard. 

From what I remember about the pricing, Cisco Umbrella is a bit more expensive than the quotes we got from its competitors. 

We looked at several products, including Fortinet and Palo Alto. We experienced a bug with Fortinet during testing and ultimately ended up going with Cisco Meraki products. We have not had an incident yet with Cisco Umbrella.

The solution helped us save time and this was a major reason we chose it. We expect to save 15% to 20% in time.

We are aiming to consolidate our entire network and LAN infrastructure with Cisco Umbrella. We are on the way to achieving that with this solution.

We are using it for user navigation. We have another solution for the server, and Umbrella is used for the people in the company for web access and security purposes. It helps to avoid security problems and authorize different types of access to the users for different web services. 

I am a network administrator, and for me, it is the best solution because it is easy to manage. It is also effective for web access for the users.

With the old solution, we had a lot of restrictions because it was old technology and it was very important to provide different types of access. Umbrella is a cloud solution, and we can add access to new services or websites. It is a good product.

It is totally transparent for the users. When you have Cisco Umbrella on your computer, you cannot really see the product. It is very important for the users to not see the product.

It is very easy to manage, which is really important. We do not have time to manage this solution, and it is really important to have a good performance without any action or monitoring from my team. We work with Umbrella every day, but we don't need to make any changes on Umbrella because it is working.

It is easy to maintain network connectivity consistently across all workplaces, and it has been a good experience for our employees.

It provides resilience on all the sites. We have five sites, and all the sites have Umbrella.

It is user-friendly. It is easy to manage the solution. 

Their support should be improved. It is necessary that the support is efficient. It is not really easy to get a resolution for an issue from Cisco support. They should be faster and more efficient.

I have been using this solution for about three to four years.

It is very stable. I do not have a problem with this. We only had one bug three months ago, and we had a problem with the support, but before that, it has been a good experience.

It is scalable. We deployed it on different sites of the company. We use it for a lot of different services. 

We have about 600 users, but we have 1,000 licenses. We might increase its usage.

Cisco Umbrella's support is not really efficient. When we have a problem, it is difficult to have good support. It is not really easy to resolve a problem with Cisco support. Three months ago, we had a problem with it, and the support was not very efficient. I would rate them a six out of ten.

Neutral

We had a French solution. It was an old solution, and it was not sufficient for the company. Cisco Umbrella has been the best for our company.

It is not really easy, but because we have experts with us, it was not complex for us. We did this in one month because it was really important to give good services to the users.

We have seen an ROI, but it is hard to provide metrics.

We did a good negotiation, and at the moment, its price is fine.

I didn't look at other options. I only tested Cisco Umbrella.

It has probably helped us to remediate threats more quickly. It is a good solution for user devices but probably not for servers.

I would rate it a seven out of ten.

It's usually used for DNS security, to block malicious websites and URLs, and for URL filtration.

It enables us to control access to malicious websites and block them from the start. And the URL filtration enables us to permit some URLs and block others.

You can manage and create policies based on a group of users. It can permit some URLs and block others. For example, we can block Facebook and YouTube.

From the DNS perspective, you can control and block malicious URLs. DNS security is the best way to use it to protect against malicious websites.

Cisco Umbrella provides a cloud management system. We can manage every client from a single workspace because they're in our portal. The single pane of glass management is user-friendly.

I would like to see improvement in the user and group policies. Sometimes it is not very accurate and they apply only to specific users in a group. It needs to be more accurate.

Also, the reporting needs some enhancements.

Finally, the integration with other solutions is a little complex. If you want to integrate with something like ArcSight or LogRhythm or Splunk, you need to do a lot of configuration. There are no easy ways to implement it.

I have been using Cisco Umbrella since 2016. As a solution partner, I implement Cisco Umbrella for customers. I have designed the implementation multiple times for different customers.

I have never heard of an outage in the service. The stability is good. The performance and accessibility are very good. The service is always operational because it runs on multiple servers and multiple load balancers.

It's scalable. Scaling depends on the licensing you have and the number of users. If you want to add a user or an endpoint, they can provide it.

Cisco's support is very good. They provide solutions and they don't take much time to resolve issues.

Positive

When our clients switch to Umbrella, it's either because I suggest it to them or they know about the product and they ask to have it brought into their organizations.

The implementation is easy.

We use Cisco Umbrella to provide protection for our end-users. It prevents unauthorized access to their systems, as well as halts access to compromised sites, such as a ransomware site. Essentially, all of the malicious activity is prevented.

The most valuable feature for us is the DNS-based protection. It is the only type that is available in India.

The interface is very easy to handle. Even a person with limited knowledge can quickly learn to work with it.

Deep packet inspection features should be implemented. This solution does not give us full, 360-degree protection.

They should have a local data center available in India.

I have been working with Cisco Umbrella for four months.

I haven't experienced any instability.

This is a highly scalable product.

I have been in contact with the Cisco technical support, once or twice. They were not big issues, however. Overall, I am satisfied with the support.

Prior to Cisco Umbrella, we were using on-premises solutions. The capability is good except that a cloud-based solution can be more easily provided to all of our end-users. 

The initial setup is straightforward and there is no complexity to it. This is a cloud-based system, so just install it, mount it, and the policies get applied. The installation requires that you log into the portal using your ID, and then it just starts working.

Zscaler has a local data center available, which is something that Cisco can't offer us at this time.

This is a good product, although it does not have the features that I was looking for. At this time, it does not have the capabilities that are relevant to the Indian market. As such, we are thinking about uninstalling it and switching products.

The suitability of this solution depends on the industry and requirements. It is important to remember that if you start with a product or approach, you may end up switching to something different. That said, if you want to begin with Cisco Umbrella to deal with malware then you can always change later if it doesn't perfectly fit your environment. This is what we are doing.

If I were rating this product on a single capability then it would do very well. However, rating it on multiple capabilities, then there is definitely room for improvement.

I would rate this solution a six out of ten.

The primary use case for this solution is for DNS based attacks and for malware protection. It has a malware protection engine.

If you install Cisco Umbrella Clients on the remote PC, you can do URL filtering, malware protection, and you can check the health and status of the device itself.

All of the DNS Queries are sent to Cisco Umbrella and you have more visibility of what users are asking, as well as what users are accessing over the Internet. 

You have all of the details and all of the information of what the users are accessing, even before they get access to the website. For example, if one website is malicious and it has some malware and some viruses in it, and a user sends a request to this URL, it will be reported in the Cisco Umbrella Cloud before the user gets the response back from the webserver. 

It will protect, give you more robustness, and faster responses, compared to any firewalls or any of the proxy web servers.

Based on the DNS, Web proxy, and other servers, it waits until after the DNS request. It will put in its action after the user gets it by the webserver when the response is coming back. 

In the end, the response from the malicious server will come into your network. Cisco Umbrella cloud has stopped it before that. You have one more layer of security on top of the URL filtering or on top of that server response.

The deployment was for two thousand plus users. We have multiple sites, and we have some remote users in different locations.

Cisco Umbrella is a fitting solution for DNS-based attacks and malware protection. It is a very good solution for that, and especially for remote users.

The most valuable feature is that it prevents DNS-Based attacks, which is quite common these days.

The DNS Query is first sent by the user and then it will communicate to the URL. If you are requesting for some URL it process also to an IP.

The basic functionality of Cisco Umbrella is to save this type of request and to have a more secure way to communicate the DNS Query back to the user. Any attack based on the DNS Query is stopped by Cisco Umbrella.

If you have a proxy, for example, if my DNS server is 172.19.222.21 and I make a server on the same IP or different IBN with the same DNS name, I can make a proxy and the user request will come to me and I can send this user any way I want. So based on these types of attacks, Cisco Umbrella protects the user.

The user requests a lot of DNS queries. Even if you don't know it or if the user is not accessing any URL, the laptops or any PC keep on accessing different URL's and you are not aware of it or if it is good or not. Cisco Umbrella gives you the visibility and you know what is happening from this laptop or this endpoint.

Cisco Umbrella does not have a Malware Protection engine itself. It would be useful if they had a malware protection engine running inside their own VM.

They have some VM appliances with the installing enterprises for limited access for the DNS proxy to the cloud. If they had this feature running inside the VM, it would be much better.

It would improve this solution to have applications hosted on the cloud.

I would like to see the application that they promised. If you have an application running inside your environment, with multiple portals, as an example, we have our employee portal, ERP and some other portals. These portals will be accessed through the Cisco Umbrella Cloud, and the deployment will be a VPN-based deployment, Cisco Umbrella Cloud will be connected to your enterprise and afterward, you can just click on this application using Cisco Umbrella Cloud subscription, and you will have the access to your application anywhere in the world, and you don't have to publish it. You will save public IPs, and a lot of bandwidth because publishing requires bandwidth. 

All of the users from outside will be coming inside your environment and will be accessing the web servers, so there is no need to publish.

It will be some time before this feature is introduced. They are working on it and it is still not ready.

I would like to see IPS-based solutions. To have an IPS solution inside the Cisco Umbrella cloud. 

If there were an IPS product built inside the solution, it would be very good. It would be a one-box solution. With this one-box solution, you wouldn't need any extra security layers,  and you don't need any WAN solution.

There is a solution called Carbon Black. This solution can do sandboxing solution inside the PC. It checks the application which you are accessing, and what you are installing on your PC. It checks everything. It does a compliance check.

If these types of features are available on the Cisco Umbrella, so you wouldn't need any other solutions installed on your PC. It would be one solution that does everything together.  I would, like to see this.

It's quite stable. It's a very stable product, and, it's quite straightforward. We deployed this solution a year ago with no issues afterward. We didn't get any complaints. There are some categories, and filtering that will block you for something which is not malicious, but it is considered as a threat to Cisco Umbrella. You will need to white list some IP address or some URLs manually if it's under your corporate use for some reason.

This solution is quite scalable. It is a cloud-based solution. If your users are spread all over the world they can access Cisco Umbrella using an internet connection and it's quite straightforward. The scalability is quite robust and we can implement it anywhere in the world.

We are using this solution every day. Even if I try to access something now from my corporate laptop, the request will go to Cisco Umbrella, the DNS is configured as Cisco Umbrella.

Currently, we don't plan to increase our usage because we don't have more users at this time. If we scale or we are expanding and we have more offices, in the future we will increase the number of endpoints or number of users.

As we are running our virtual environment in our enterprise, it's not a problem. Normally if you are going to implement VMs, it will be a large scale deployment. If you have more than 2000 or 3000 users and you want a faster response from Cisco Umbrella, you have this VM.

If you have this type of environments, of course, you have a virtual environment, you have any hypervisor like VMware or Hyper-V and you have a big compute, you can manage two VMs from that. It's not an extra cost.

We have four people who have access to Cisco Umbrella. However, it doesn't require much administrative work. It does its job, and only needs a one-time concentration, afterward, all that needs attention is checking to if there are any blocks on anything.

If Cisco Umbrella blocks a user, they will notify the user. The user will get a message that they are locked under this condition and this category. The user will then notify us and complain that they have been blocked. We will check the status on the Cisco Umbrella portal and proceed to whitelist it if, it is a legitimate request.

The technical support is quite good. This solution itself is not complex and everything is cloud-based. If there are issues or if something indicates that you cannot manage two portals, you can just open a claim with Cisco Umbrella and they will support you. 

The only concern is that if something goes wrong, or, something is getting blocked and if something is not as per your requirements, you don't have any visibility. You will never know what was done to correct the issues. Because it is cloud-based, they will not show you what they are doing on the server level. Without having the visibility for the solution itself you will never know what actual solution is working behind the scene.

Before Cisco Umbrella, we were using the Infoblox solution. It was not an easy or flexible solution. Infoblox is an on-premises solution that requires a VPN, or all of the users need to connect to a VPN, just to get the DNS resolutions. This was not easy, and it was not easy to implement.

The initial setup was quite straightforward. When you subscribe to the Cisco Umbrella services they give you some public IPs. With these IPs you have a few options:

• You can copy these IPs and user features for the DNS and the communication will happen directly through the cloud. 
• You can install the VMs in your corporate environment having all of the communication through the VMs and the VMs will communicate to the cloud. 
• You can install a Cisco Umbrella application on your PC and install the external script that has the public IP for the DNS for the Cisco Umbrella.

The deployment strategy was straightforward, and it took approximately two days for deployment.

Because we had over two thousand users, we created a script on SSCM. This is a software center manager for Microsoft, making the script accessible to all of the users. This script changed all the DNS IPs to the Cisco IP addresses. Once this was complete, we installed the Virtual machines, which are the DNS proxies for Cisco Umbrella and we configured the public IPs for Cisco Umbrella. These were the only two steps that were required, taking two days for two-thousand-plus users. It was quite simple, but, if you had to do it manually, it might take some time having to do one at a time for more than two thousand users.

If you have some automation, it is quite easy.

It has a public cloud and it is like a hybrid type of deployment. We have umbrella VMs installed in our enterprise areas, in DNS, in our remote offices, and our main HQ.

These VMs, are like proxy DNS servers. They will save a URL resolution and has a policy-based engine as well. For example, if you are searching google.com or something that is being searched quite frequently, it will store that data, and it doesn't communicate to the cloud every time, giving you a faster response with limited cloud access.

Our service provider is Cisco. They have their Telos Cloud, hosting the Cisco Umbrella Solution.

After this deployment, you need to do quite a lot of fine-tuning because there will be many false positives blocks, especially if you're using the malware engine. It will keep blocking some ADME files that are used in your corporate environment, or if it's an in-house developed application, it will be blocked because the code of the application is not registered with the Cisco Umbrella Cloud, It will keep on blocking, until you whitelist that code and whitelist that UUID, just to have this application running.

We did the implementation ourselves with some assistance from Cisco support. We didn't have any on-site engineer to do the deployment or implementation.

It only took two people for the installation process. I was on the network and phone system side and another colleague was installing the service on the Cisco Umbrella Solution.

We require four people who maintain Cisco Umbrella. 

This is a good solution, and there are many advantages to this solution. 

There is a return of investment. 

If you have this solution you don't need a big firewall or many security solutions in your environment. Because it's a cloud-based solution, you can access this over the cloud anywhere in the world. You don't need to build a big infrastructure. It will give you more return on the cost than you are putting on it.

We have Cisco ELA, it's an enterprise agreement, which covers everything under security, that is offered by Cisco Umbrella. With this, we have the complete Cisco Umbrella portfolio. We have everything related to security from Cisco Umbrella. This also includes the Cisco Umbrella suites.

We are paying yearly for all of the Cisco Umbrella applications and appliances.

Cisco has a model called ELA. With ELA, if you buy the solution you will have the complete security portfolio and you can pay it yearly or after three years, it depends on the contract.

It's a subscription-based solution. If you're running multiple solutions it is more cost-effective. For example, currently we have Cisco Umbrella, IronPort, WSA, Cisco CWS Cloud, and we have Cisco's FTD solution. If we were running these solutions separately it would be more expensive. 

If you are doing a VM deployment and you have a VM appliance, you will need some compute. 

The only additional cost will be for a server.

We evaluated another solution but the Cisco Umbrella solution is much more compelling. It doesn't have the on-premises appliances or any restrictions for the user to connect through the corporate environment.

If the user is anywhere and the user is connecting to the internet, they will make a micro VPN through the cloud and it will connect to the VMs in our corporate environment automatically. It doesn't require any manual configuration nor does the user have to initiate anything on the PC.

The other solution has a touch button application, on the PC. If you click it, it will create a channel with the appliance in your HQ or your remote office and then you will be able to connect to the internet or you can resolve DNS with queries. 

As this solution was not flexible, the management chose not to go with it.

If somebody is looking toward the Cisco Umbrella solution or if they have an NGIPS, NG firewalls, next-generation firewall solutions and if they are looking for DNS-based security, and if they are implementing it then Cisco Umbrella is a good solution.

Keep that in mind that it will make a lot of noise, users will be blocked at the beginning and many of the URLs will be blocked. It will need to be fine-tuned.

The fine-tuning is required one month after implementation. You will need to fine-tune the OpenDNS Cisco Umbrella database, just to have all the URLs there for your corporate environment, because there will be some false positive blocks. These issues will have to be fixed yourself. You will need to make sure that you are doing it. Other than that, it is a quite straightforward solution.

I would rate this solution an eight out of ten.

If the suggestions are implemented I would then rate it a ten out of ten. They would be one of the first companies on the market doing this. You will not find anyone on the market with any DNS security solutions like this for Cisco Umbrella. They are the market leaders for DNS-based security at the moment. If they have these suggestions in their portfolio it would be the best solution, covering every point of its endpoint security.

We use this solution as a web security gateway, block malicious domains and making sure that people don't go to websites that they're not really supposed to.

We are still in the proof of concept stage, which is a small test environment of approximately one hundred users. We will be purchasing it, and it will potentially replace our existing solution.

The most valuable feature is that it secures our network against blacklisted or malicious websites. If we do have an instance of malware then it is unable to home back to these types of sites.

This solution is very easy to use.

While technical support is good, there are features in the backend development side that were initially promised but are not there yet.

More granularity in the product would be helpful.

The reporting functionality should integrate better with SIEM products because it lets us report in PDF, but we want more flexibility.

Support for multiple domains is important to us.

It hasn't been fully deployed, but the stability has been good so far.

This solution is very scalable.

We have dealt with technical support extensively and they are good. We have had issues because of functionality that it didn't support at the time, which is why it has not been fully deployed yet. The functionality has since been introduced, but there are still some kinks that we're working out.

Our current solution isn't working very well and keeps breaking.

The initial setup is advertised as pretty easy, but we did run into some kinks. It shouldn't be that hard, it's just that we had some issues.

We worked with a Cisco partner, PCMD, who provided us with support.

Our licensing fees are on a yearly basis.

Other products were evaluated, but I was not part of that process and do not know which vendors were on the shortlist.

My advice for anybody researching this solution to make sure that it fits in your environment. Reverify the limitations. Our new department has different divisions and the way our Active Directory works causes some problems.

The ease of use is fantastic, but there are things that have to be fixed.

I would rate this solution a seven out of ten.

I am using it at home for my personal defense. We also use it in our company.

A lot of my stance, even before Covid, has been the assumption that people aren't in the office, and if you're going to have a mechanism, it has got to be there for the most vulnerable. The most vulnerable are those who are furthest outside our firewall. That's how I've always constructed my sort of security posture.

I tend to use Umbrella as one of my favorite solutions because it allows me to mitigate problems before they strike the firewall. It allows me to set policies that are effective whether people are on-premise or working from home. It is fully functional for its purpose. It is not a replacement for a firewall or antivirus. It gives you a nice skin on your onion that is pretty strong, and that's what I like about it. It mitigates things before I have to deal with them, and I can see those reports. It also stops people from going to different places.

Its simplicity is most valuable. I can install it and get it up and running, and it can be pervasive across my business within a business day.

It is pretty simple and straightforward to install and configure. Its remit is reasonably clearly defined. When you look at solutions like Darktrace and Carbon Black, the mission objective isn't as clearly defined. Cisco Umbrella, Sophos Central, or some of the other solutions have a more standardized approach to antivirus, which includes enhanced response from the machine learning or deep learning perspective.

The API is very Cisco orientated, which is absolutely fine if you're using Cisco Firepower and SecureX kind of products, but if you want to integrate with third parties, it is a bit tricky. There are some key API connectors for the more prevalent SIEM tools.

I would really like to see in Cisco Umbrella the ability to create customized reports and then assign the rights to view these reports to people within a group. I should be able to create a customized report, which is viewable by anybody who has the rights. I should be able to create groups within Cisco Umbrella, and then assign reports to groups and have those reports split out automatically only to those groups. I can kind of do it by restricting my email list, but it is a half-complete way of doing it.

I have been using this solution for probably 15 or 16 years.

It is fully functional for its purpose. 

I used to call them regularly. They're pretty good.

Its initial setup is very straightforward. It is a DNS redirect, so it takes literally about five minutes to configure it. The only thing that is tricky is going in and defining your policies, but that's what I call the evolution of the product. You start with simple monitoring, and then you refine it over time.

It has a reasonable price. It is certainly not as expensive as it used to be. It is in line with other offerings on the market.

There are a number of different flavors of Umbrella. They could bring Umbrella SIG down a bit because its price is a little bit high for what it does, but I also understand why its price is high.

I would advise having a clear idea of where you want your users to go, what do you want to do, and what do you want to restrict your users on. Have a clear point of view, and then look at it from the perspective of the role of the user within the organization. This is going to define your groups. You can then put users in groups, and then you've kind of related roles and groups, which makes management easier in the future.

I would rate Cisco Umbrella an eight out of ten. It is good and solid, but it is not perfect, so it is not a ten. There are areas of improvement, so it is not a nine.