Cisco now offers OpenDNS Umbrella Web Filtering. Cisco acquired OpenDNS in August 2015, and rebranded the product as Cisco Umbrella.
N/A
Cloudflare
Score 9.0 out of 10
N/A
Cloudflare, from the company of the same name in San Francisco, provides DDoS and bot mitigation security for business domains, as well as a content delivery network (CDN) and web application firewall (WAF).
It was a very lengthy process evaluating the differences and abilities of each of the products that were on our final review list, having to look at exactly what our requirements are from a security side as well as from a business perspective, and we found that the offerings …
Cisco Umbrella is best suited for implementing security at regional gateways that can be used for breaking out the traffic to internet. This saves cost by only implementing this solution on fewer regional based sites, than each individual site. This also helps in handing over the security responsibilities for an internet bound traffic to a well reputed cloud based security service such as Cisco Umbrella.
It is easy to set up, and within 10 minutes it is up and running. You can add many domains in one dashboard. So no need for a separate Cloudflare account. I can access all my domain DNS, and customize/add it further. For example by adding the Google Webmaster DNS key or my email provider.
Registrar and DNS services are impeccable, with registrations done at cost and without ADs. DNS services setting standards for speed of resolution.
DDOS protection. With their content distribution network to back them they have the bandwidth and tools to be both proactive and reactive to bad actors.
WAF - Their Web Application Firewall helps mitigate common site vulnerabilities and has active zero-day protection running for breaking exploits
Umbrella Virtual Appliances have been buggy in resolving local domain hosts.
Integration between other Cisco and Meraki products is complicated.
Reporting is not always accurate; for example, if you configure a Meraki access point to use an Umbrella Virtual Appliance, you lose device reporting. All reporting shows up under the AP's IP.
In some cases, using Cloudflare can actually lead to slower website speeds if the network is congested or if the website's traffic is particularly heavy.
Some website owners may find that the level of customization offered by Cloudflare is limited, especially in comparison to other solutions.
While Cloudflare is easy to set up and manage, it may be too complex for users who are not familiar with web technologies.
First off I never give anything a "10" unless it's perfect. LOL - I grade on the curve. I think OpenDNS/Umbrella is a very good product. I think that fact that Cisco absorbed them is one of the proofs of that. I have used the product back when it was free for companies our size. I have not always appreciated the cost - but in the post pandemic cyber chaos, I believe the cost benefit ratio is still very high. I have honestly not looked at other products because Umbrella continues to work to my satisfaction. I consider Umbrella to be one of the key layers in my cyber security strategy.
Cloudflare features are an integral part of my website, as of now I can’t think about doing without it. It would require an unimaginable time and effort to find and implement alternatives for every feature, considered how large and diverse Cloudflare feature set is
Better features and easy to manage system with great customer support and overall usability is great as it works for hybrid environment with ease as it is having features for on prem users as wells as cloud users with great customer support and great team of trained engineers to support our opeartions.
Everything is extremely concise and all settings apply immediately and take effect globally. There is no reason to explicitly plan/think in terms of individual regions as one would have to traditional cloud offerings (AWS, OCI, Azure). All Cloudflare products integrate seamless as part of a single pipeline that executes from request to response.
Cisco Umbrella's availability was great, they got back to me in less than an hour to get my problem solved.
We needed to get our Meraki AP's hooked up to Cisco Umbrella to monitor that specific traffic and they got back to me promptly, they guided me and explained every question I had.
We have not had a chance to use Cisco support frequently, but when we needed to troubleshoot some issues that we were having with the agent installation, the support was very responsive and the solution that they offered worked. The only reason I give it one less point is that the turnaround time for non-critical issues is very long.
We really like to talk to a person on the phone or using chat. But the system is very slow and sending to much email to get the issue solve. Something we don't like to spend time writing on the community forum our issue because we don't want to share detail information of our POC.
At the time we were forced to move from Cloud Web Security to Cisco Umbrella, Cisco Umbrella was far from being a direct replacement. It was frustrating and difficult to migrate due to the lack of functionality. This has since been addressed, however we now have legacy rulesets that were built as bandaids that cannot be removed. Hopefully the migration to Secure Access will address this.
We used a product before this called iPrism by EdgeWave and also briefly tried Barracuda Web Security in the cloud. We were having such a large influx of service desk calls about proxy-based layer 7 web filters that we wanted to step back and pick something more at the DNS level, to protect our employees but not hover over their social media use, etc. Cisco will also employ a layer 7 proxy if a site is suspicious, which does require us to push a certificate out should we want that feature. For most policies we have it enabled.
Firebase can be a good starter for basic projects but as I scaled up, I found it lacking the maturity Cloudflare has. Naturaly, I opted for Cloudflare for bigger projects. I still use Firebase, but for small scale hobby projects only.
Cisco Umbrella has been an excellent investment for us. The extra protection it provides in a very simple way has been well worth the costs.
Cisco Umbrella is very easy to setup and manage and can do most of the things we need with little daily interaction so we are free to work on other systems that need more attention.
Utilizing the Cisco Umbrella reporting features, we can determine what systems might need additional attention. If we see systems attempting certain types of access, we quickly know there is likely something on the device that probably needs removed.
Specific Cisco Umbrella reports can help us determine if we need to do user education and develop cyber habits.
A lot of requests are cached and so egress costs from downstream providers are mitigated.
DDoS protection has also managed to keep our site up and our cloud computing bill down.
Setting up a proxy with a worker made putting various Google Cloud Functions running behind a single URL very easy and performant. Plus they offer API Shield on top of this.
