What is Cisco Umbrella & how does it work?

Rashmi Bhardwaj | Blog,Security

Introduction to DNS Technologies

DNS is the lifeline for the Internet. It provides a way for name resolution over the internet for websites for everything which is connected to the internet be it a laptop, mobile phone, tablet, desktop, printer, websites etc. DNS sync up domain names with IP addresses so it is easy to remember names rather than numbers.

There are hundreds of millions of domain names pointing to different IP addresses representing servers all around the world across regions. Keeping track of all this manually is not possible. How do you know in this vast ocean of domains which could be potentially malicious? The first line of defence starts from secure DNS for organizations. 

Today we look more in detail about Cisco Umbrella technology, how it is used , its advantages and use cases etc. 



What is Cisco Umbrella?

Cisco umbrella is a DNS protection and intelligent threat detection ecosystem which can provide common security for both on premises and off premises deployments. Cisco on-premises deployment doesn’t require agent installation on endpoints. The intelligent proxy component of Cisco umbrella inspects the content of destination, examines ASN and domain relationship for association with previously malware, cryptographically generated domain names, and takes disposition based on issue.

It only routes the risky or unknown connections through Cisco umbrella cloud based intelligent proxy for deeper inspection of traffic by resolution of DNS request with a  response to IP address of intelligent proxy. In traditional methods blocking web content requires proxying all web connections which is complex and impacts performance negatively.

Cisco umbrella permits safe connections and malicious requests are blocked at the DNS layer. Risks or unknown domains are routed for deeper inspection using cloud-based web security and file inspection using anti-virus engine and AMP. It also supports SSL decryption and inspection. It is powered by Cisco Talos threat intelligence system which contains a global threat map having more than 19 billion daily detected threats. 


Cisco Umbrella Deployment

It can be deployed at scale in a short time. Simply updating DNS server settings – at the DHCP server, firewall, router, the DHCP scope , local endpoint, or anywhere that a client can retrieve its DNS settings. By configuring organization DNS to forward all external DNS requests to Cisco Umbrella Anycast IP address ( and / or for IPv4, or 2620:0:ccc::2 and/or 2620:0:ccd:2 for IPv6).


How does the Cisco Umbrella work?

Cisco umbrella uses DNS to forward requests from networks and users to umbrella DNS resolvers , preventing threats over any port or protocol not just limited to HTTP or HTTPS traffic. Threat over direct IP connections can be taken care of with roaming clients. Cisco umbrella will review requests before deciding to permit or deny it. 

cisco umbrella

Features of Cisco Umbrella

  • Fast and effective protection against malware, ransomware, phishing and command and control call backs
  • No added performance impact
  • Protection for both on and off the network
  • Assist in identification of devices which are already infected


Continue Reading:

DNS Proxy: Detailed Explanation

How to disable DNS lookup in Cisco?


Leave a Comment

Your email address will not be published. Required fields are marked *

Shopping Cart