Well suited to networks that include Active directory, as you can hook it into the directory to allow you to target specific users and computers. Not particularly well suited to personal users due to the price point, and also not well suited to organisations with disorganised IT, since the system can be bypassed simply by changing the DNS server of the device. You need a dedicated IT department to ensure these sorts of settings are locked down
MikroTik is suited for large companies that require advanced distributions in terms of contracted bandwidth, and in the same way, allows a single device to specify filtering and firewall rules without acquiring an additional device. There is a range for small companies which is more economical and less robust, but in case it's not necessary, such a strict control over the data consumption of the company is not a feasible solution.
Umbrella Virtual Appliances have been buggy in resolving local domain hosts.
Integration between other Cisco and Meraki products is complicated.
Reporting is not always accurate; for example, if you configure a Meraki access point to use an Umbrella Virtual Appliance, you lose device reporting. All reporting shows up under the AP's IP.
Some of the wiki articles have not been updated or are not accurate enough. We spent a couple of days trying to find an example of implementing a mobile IPSec client solution. But once this has been implemented, it has been solid (always worked). A bigger community would help, and I am finding it hard to find the time to contribute to these articles.
First off I never give anything a "10" unless it's perfect. LOL - I grade on the curve. I think OpenDNS/Umbrella is a very good product. I think that fact that Cisco absorbed them is one of the proofs of that. I have used the product back when it was free for companies our size. I have not always appreciated the cost - but in the post pandemic cyber chaos, I believe the cost benefit ratio is still very high. I have honestly not looked at other products because Umbrella continues to work to my satisfaction. I consider Umbrella to be one of the key layers in my cyber security strategy.
Better features and easy to manage system with great customer support and overall usability is great as it works for hybrid environment with ease as it is having features for on prem users as wells as cloud users with great customer support and great team of trained engineers to support our opeartions.
Cisco Umbrella's availability was great, they got back to me in less than an hour to get my problem solved.
We needed to get our Meraki AP's hooked up to Cisco Umbrella to monitor that specific traffic and they got back to me promptly, they guided me and explained every question I had.
We have not had a chance to use Cisco support frequently, but when we needed to troubleshoot some issues that we were having with the agent installation, the support was very responsive and the solution that they offered worked. The only reason I give it one less point is that the turnaround time for non-critical issues is very long.
There is no SOC, NOC, where you can contact to try to resolve any difficulties. The problems that these devices have are solved largely through the community, with workaround alternatives, or if the support team responds to a request, the response times are too high for the current needs of technological communications.
The implementation just required us a bit of study because there are a lot of options and configurations available. I believe that the interface could be a bit better, but it works fine. We did an initial setup and only need to do changes when a new demand appears. Other than that, we just keep it running.
We used a product before this called iPrism by EdgeWave and also briefly tried Barracuda Web Security in the cloud. We were having such a large influx of service desk calls about proxy-based layer 7 web filters that we wanted to step back and pick something more at the DNS level, to protect our employees but not hover over their social media use, etc. Cisco will also employ a layer 7 proxy if a site is suspicious, which does require us to push a certificate out should we want that feature. For most policies we have it enabled.
Cisco Routers are one of the best in the market, however they are also very expensive and not suitable for a small deployment or any deployment which requires just a couple of routers. MikroTik on the other hand are less expensive and provides many features that you require for a small scale deployment. they fit in with the budget and do what you need them to.
Positive ROI when the service keeps users from going to malicious websites.
We had it deployed while users were internal and external with the AnyConnect Umbrella module so our protection was both on and off the corporate network.
