What needs improvement with Cisco Umbrella?

The solution could be faster as the process is very slow.

The solution is very expensive in Brazil.

Cisco Umbrella is difficult to manage and needs to include a dashboard. It needs to improve pricing as well.

Users need to have a bit of understanding regarding setting policies in Cisco Umbrella. I would like to have more applications being recorded. If you want to do things the right way in the console, functions have to be more automated in terms of classification, application, and recording.

Cisco Umbrella hasn't integrated customized reporting yet. With Cisco Secure Endpoint Hub, I can see a report on user downloads and set it up to constantly get an email alert. Based on my understanding, Cisco Umbrella can't do that. You can set it up with third parties, but it would be better if that were built into the platform.

The pricing could be improved.

For us, as an MSP, the initial licensing changes were a roadblock, and they still could be a lot clearer. Specifically, it's an honor-based licensing system. We'd like it to be more specific to our traffic or our users so that we can make sure that the customer is paying for all their licensing.

Cisco Umbrella should add some more documentation on proxies. Different organizations utilize proxies in their environment. With Umbrella, based on my experience, there are some deployment issues. It would be good to have some more documentation that can walk you step by step. The tech support is about 90% and needs to provide more step-by-step processing of the procedure and also a little more background on the solution.

Client delivery and client updates should be improved. Client delivery was not as easy as expected. Another area for improvement is the integration of escalation procedures for security issues. In the next release, I would like to see the addition of notification flows like SMS and popups.

We are very new users of the solution and are still in the exploration stages, but we are happy with the product thus far. However, there are some features available in Fortinet and Palo Alto that are not available in Cisco, like objects, for example. I would like to see Cisco enable us to get objects from the internet. I would also like to be able to choose groups.

There is room for improvement in the dashboard. It could stand to be a bit more detailed. I would also like to be able to customize the dashboard to focus more on what is important for my company. This would be particularly important for the customized dashboard we create for the leadership team. This would help us get information to them quickly.

The rule-making process for blocking sites or for blocking characteristics can use some simplification. For example, types of malware. This would make it easier to use because it has a learning curve. There is a possibility of creating users that have explicit permissions to access sites that nobody else should access. This process can be cumbersome and it would be helpful if there was an easier way to create users and assign roles to special users. Cisco could ease the process of defining the number of licenses and the price considering the number of licenses we require. Currently, we have to get a quote for anything over 100 licenses.

We faced an issue regarding virtual appliances (VAs) during deployment. They could improve the quality and management of the virtual appliances offered right now. You can't see much because it is a Linux machine, and they have customized it. You don't have any route access to the machine, only seeing limited things in it. When we opened a ticket, they didn't know much about VAs themselves. So, that is where it is lacking right now. I know this will improve in the long run.

It had the ability to do a lot of app control. So, every single app that went through that portal was registered, but there is a general issue with the whole app control. As soon as you add a mobile phone to your network, all of the apps get registered through the system, and you can approve, reject, or just let them go through. When I looked at it, it was impossible to manage app control. There was just so much data. I didn't apply that service because I just didn't have the time to manage it. It would be good if there was a way to categorize applications. However, that's dangerous too because you can be turning off an app in a group because you don't know what it is doing. It could be a vital company app. So, App control is the main area in which they need to keep working.

I would like to see improvement in the user and group policies. Sometimes it is not very accurate and they apply only to specific users in a group. It needs to be more accurate. Also, the reporting needs some enhancements. Finally, the integration with other solutions is a little complex. If you want to integrate with something like ArcSight or LogRhythm or Splunk, you need to do a lot of configuration. There are no easy ways to implement it.

There are a couple of different pieces that have different portals. I know they're working on getting them all into one portal, but that's probably the biggest thing that needs improvement right now. It's not a single pane of glass yet.

Having ready-to-go templates with best practices is definitely something that would be an improvement. Deployment, from day one, is something that definitely needs to be improved for Cisco customers.

There are some situations where we would like to block things for specific user groups. I know that Umbrella does that, but it's not that easy. When you go to the Global Allow and Block Lists, that's the easy part. But when you want a specific task for specific rules and policies for user groups, you have to go three levels down in the menu, and it's hard to find where you do that task. Also, the policies are not that easy to manage.

I would like to see hardware-based integrations. If a hardware platform were provided for Umbrella, that would definitely improve the market for it. The solution is pretty good, but if a hardware-based solution came through, it would meet all the compliance standards in my country. Especially when we are addressing governmental customers, they hesitate to connect to the cloud. That is where we need a hardware platform so that the solution can be used on-premises as well.

There are a couple of interface issues. I know that they say that there are feature enhancements that are noted. For example, we've got the Cisco Meraki security appliances, and there, we geofence our company to where we're allowed to send and receive traffic. So, in our case, by default, we only allow traffic to six different countries, which allows us to effectively prevent traffic for the majority of bad players in the world, but they don't give you an easy way to do that in Cisco Umbrella. With Cisco Meraki, I can specify or pick the countries. I can say that I want to only allow traffic from these six countries, and I'm done. With Cisco Umbrella, I have to rely on the fact that they're going to prevent traffic to other countries. They're going to decide if it's good or bad. I can't geofence out. I can plot top-level domains, but .com and .net go global. I can certainly block a China (CN) or a Russia (RU) domain, but that doesn't give me the same level of granularity. Apparently, Cisco Umbrella has got that as a feature request to allow an administrator to say, "I specifically only want traffic to and from these countries. Everything else should be dumped." That way, when they're sitting behind my network or they go out in the wild, they have that same level of traffic being blocked.

Its on-prem rollout is quite challenging. It needs better coordination with the Internet Service Provider. It is a cloud-based solution, and any endpoint that connects to it has to go through all the gateway ISPs, but some of the ISPs block HTTPS-based DNS. That's where the challenge occurs with Umbrella.

It could be more secure. It would be better if they provided a transferring proxy as an add-on and more integration.

I would like to see more integrability with other products. If I could take this information and integrate it with other products, it would be beneficial.

One of the issues with Umbrella is as you get into endpoint detection and response, such as EDR point solutions, some of them will not integrate well with Umbrella. Sometimes when you want to use technology, such as Always On VPN, it will not work. There are some looming issues as one type of technology starts to crossover with Umbrella. That is the challenge and Umbrella should find a way to be more compatible with some of the endpoint response solutions that are coming out on the market.

The price could be better. The price is definitely a bit high, but we have to pay a premium for Cisco products.

The API is very Cisco orientated, which is absolutely fine if you're using Cisco Firepower and SecureX kind of products, but if you want to integrate with third parties, it is a bit tricky. There are some key API connectors for the more prevalent SIEM tools. I would really like to see in Cisco Umbrella the ability to create customized reports and then assign the rights to view these reports to people within a group. I should be able to create a customized report, which is viewable by anybody who has the rights. I should be able to create groups within Cisco Umbrella, and then assign reports to groups and have those reports split out automatically only to those groups. I can kind of do it by restricting my email list, but it is a half-complete way of doing it.

There are always little items that can be fixed in any solution, however, I don't have any specific complaints. The first time you set up the solution and have integrations, it may be a bit difficult, however, it gets easier. The pricing could always be a little bit better.

We would like to see the enhancements made to the EDR, as we see features that are running endpoint management. For example, If you want to have this feature included, you will also need another product such as Kaspersky. If it can come included with Cisco Umbrella, it would be a good point to have.

I would like them to make some videos, practical videos, the kind with steps that people can use to learn and deploy.

It could be improved by having a local data center and caching, which can provide protection support. I would like to be able to channel my intel and my network traffic to their clouds, and this feature is not available. Advanced protection or any malware file support, which might be required, is not available.

The detection of wireless attacks or targeted attacks reports many false rates. This is an area that needs some improvement. It should be more specific. This can help the customers to know the exact incident details. The intel logs and the incident proactive security incidents for targeted attacks are also something that needs to be improved. If the security issues are taken care of it would be better.

It's a very new product, so it's quite immature at the moment. It can be more user friendly.

There should be some sort of appliance for those customers who do not trust the cloud. Cisco Umbrella should introduce an on-premises device. Customers should have the ability to manage on-premises. While support is provided, the response time could be faster.

It should have a real-time malware classification engine. It should check the malware on the website. It would be good if it had a real-time malware check for the websites because currently, it just compares the DNS queries of the blacklist. It should also have malware control over file execution and the types of files that the users are allowed to download.

I would like to see more intelligence built into Umbrella. In the future, they should combine some of the Cisco AMP features that they already have, for anti-malware purposes.

I can't think of a place where there is a gap in features. It seems to cover everything. The pricing is a bit high. Being outside of the USA, we have issues with the exchange rate. The solution could use more intelligence. They likely could combine some of the AMP features that they already have in other AEM's for anti-malware purposes.

There should be some programs for the POC phase. I would like to see more integration between Cisco Umbrella and Cisco DNA center

Looking at the full umbrella suite in the light of SASE, Secure Access Service Edge, they are clearly lacking in the inline CASB. Any line cloud access security broker has an API-based cloud access security broker, which is called CloudLock, but they're lacking the inline components, which are able to intercept traffic. An on-premise DLP solution or integration with an on-premise DLP solution would be a nice addition. Also, more broad operating system support for endpoints would be an advantage.

Improvements could be made with the user interface, it could be a little smoother and more intuitive.

The product can be pretty expensive.

Data reporting is something I would like to see improved. Cisco is currently rolling out data centers for this type of solution. Currently, they do not have data centers everywhere. For example, they do have one in Singapore but they do not have one in India. My clients are in India and they find an issue of slowness in the services from the Singapore data center. Cisco is working on building a data center in India to address the issue but information about the completion of that project are lacking details. In the next release of Cisco Umbrella, I would like to see a DLP solution. That could be a feature someone can addon. But it should be a real Data Leakage Prevention solution to more securely handle the data.

In the way we are using the solution it would be good for us if they would do some simplification of the analytics. They need to improve this feature so they have analytics to show the content of the user activity. I would like there to be some more analytics provided so that we can see the application routing and additional specific information. Those kinds of analytics can prove to be helpful in our security efforts. For me, this is the only thing that could be improved in Cisco Umbrella. They already have so many features that it is hard to imagine what else they can add.

The different levels of security, such as backend security and internet security, need improvement. In the next release, I would like to see the integration of VDI NSX with Cisco Umbrella.

The reporting could be improved by way of the information that's displayed. For example, when you pull a report, it shows an internal employee going to many websites, but you can spin that right down by saying a lot of it is being cached. So for example, if you go to www.msn.com, that would then not only pull the MSN domain down, but it would also bring back all the ads and the adverts. It looks like you've been to 30, 40 websites when in actual fact you've only been to one. They should narrow it down.

In the past, Cisco Umbrella has denied us access to secure websites. I haven't seen it lately, but they have blocked different legitimate websites. However, they have good tools that allow you to refresh and verify whether a website is legitimate or not. They have so many servers across the United States and even globally. I believe that it helps you to identify a website. In other words, the solution is good, we like it and we've been using it. We have a big customer of about 1,200 users and they're happy. The only thing I am not happy with is Cisco themselves. Not because of a technical or support issue, but because a division of Cisco poached one of my clients, stole them from me, which is completely unethical. When I talked to our account managers about it, they said there was nothing they could do about it because it was a different department. I said, "What do you mean different departments? This is my client and you guys went and provided them with a solution that I am already providing them?" So, that was a big deal for me. Also, I think Cisco Umbrella has an automatic push feature, which is the automated updating agent, but if I am wrong, they should get it.

I would like to see integration with SecurNX in the future.

Deep packet inspection features should be implemented. This solution does not give us full, 360-degree protection. They should have a local data center available in India.

This solution is difficult to configure. I would like to see a graphical representation of the entire network. For example, the network topography that shows connections to the server, as well as the communication that is coming into and going out of Umbrella.

Cisco Umbrella does not have a Malware Protection engine itself. It would be useful if they had a malware protection engine running inside their own VM. They have some VM appliances with the installing enterprises for limited access for the DNS proxy to the cloud. If they had this feature running inside the VM, it would be much better. It would improve this solution to have applications hosted on the cloud. I would like to see the application that they promised. If you have an application running inside your environment, with multiple portals, as an example, we have our employee portal, ERP and some other portals. These portals will be accessed through the Cisco Umbrella Cloud, and the deployment will be a VPN-based deployment, Cisco Umbrella Cloud will be connected to your enterprise and afterward, you can just click on this application using Cisco Umbrella Cloud subscription, and you will have the access to your application anywhere in the world, and you don't have to publish it. You will save public IPs, and a lot of bandwidth because publishing requires bandwidth. All of the users from outside will be coming inside your environment and will be accessing the web servers, so there is no need to publish. It will be some time before this feature is introduced. They are working on it and it is still not ready. I would like to see IPS-based solutions. To have an IPS solution inside the Cisco Umbrella cloud. If there were an IPS product built inside the solution, it would be very good. It would be a one-box solution. With this one-box solution, you wouldn't need any extra security layers, and you don't need any WAN solution. There is a solution called Carbon Black. This solution can do sandboxing solution inside the PC. It checks the application which you are accessing, and what you are installing on your PC. It checks everything. It does a compliance check. If these types of features are available on the Cisco Umbrella, so you wouldn't need any other solutions installed on your PC. It would be one solution that does everything together. I would, like to see this.

We would like to improve nothing in particular on Cisco Umbrella. They are very good.

While technical support is good, there are features in the backend development side that were initially promised but are not there yet. More granularity in the product would be helpful. The reporting functionality should integrate better with SIEM products because it lets us report in PDF, but we want more flexibility. Support for multiple domains is important to us.

I would like to see DLP integration in the next release of this solution. Including this would give us headroom with some of the infrastructures that we have today.

Security, overall, can always be improved.

* Its DNS service does not support IPv6 query. * Some countries don't have a DNS server leading to a domain resolution IP, not at a local level.

* It needs better integration with external threat feeds to improve scoring. * I would like it to automatically feed to the customer's SIEM.

There should be a way to monitor traffic at the user level. I use Meraki Dashboard and Cisco Firepower to do this for different networks. I understand this tool monitors the network as a whole but adding that information will let us cut the cost for other tools.

If the virtual appliances could also gather traffic bandwidth reports, that would be great.