Written by Russ Carter
Borderless networks are nothing new – we’ve heard about them for years. Users can connect to corporate resources on any device, from anywhere. Yet, for the first time, Cisco have a security solution that can truly claim to offer full security enforcement for a borderless network. That solution is Umbrella.
Umbrella positions itself perfectly by securing one of the fundamental building blocks of network communications – DNS. Almost all communications over the Internet, whether they are deliberately invoked by a user or silently invoked by applications, require a DNS lookup. Therefore, if you can accurately secure the DNS layer, you can accurately secure almost all network communications. If you can do this for users both on and off the corporate network then you are covering all of your blind-spots.
Yet this approach only works if the decisions you make are accurate. Originally developed by OpenDNS, this is where Umbrella steps up. From the outset, the solution has been built into the fabric of the Internet through close peering relationships with ISPs which result in Umbrella collecting enormous amounts of data on a daily basis (approximately 100 Billion requests per day!). This information is processed through industry-leading algorithms and data-processing tools to provide highly accurate information about which requests should be allowed or blocked. If a DNS request is blocked, users and, more importantly, malicious applications cannot (in most cases) access a malicious resource. Quite often, blocking network communications for a piece of malware is as effective as removing the malware completely.
As well as securing network traffic, Umbrella enforces your IT policy by controlling access to content deemed inappropriate for an organisation – essentially performing the job of a web proxy but with two crucial advantages: firstly, the majority of traffic will not need to be proxied (bad stuff is blocked, good stuff is allowed, all at the DNS level) making the solution scalable, high performing and less likely to break cloud-based applications; secondly we’re not just talking about web requests here – DNS, and therefore Umbrella, cover all requests regardless of application or protocol. Further to this, if Umbrella isn’t 100% sure that a site is safe, it automatically redirects web traffic to Umbrella’s towers and WILL proxy that traffic so that malware scanning can take place and ensure no infection.
So, there must be a catch somewhere, right? Actually, there isn’t. Umbrella is incredibly easy to integrate into existing networks. In some cases, it is as simple as changing from using your existing ISP DNS servers for external lookups to using Umbrella’s servers. This simple change can be enough to secure entire networks in minutes. Even mobile devices can be protected using the Umbrella App.
The bottom line is this: you are already using DNS for virtually everything you do online – given the choice, why wouldn’t you choose to protect it?