When a company has a distributed workforce, the produce works very well to unify a set of policies to apply against web bound traffic. Areas we have struggled with is getting value out of our cloud delivered firewall due to requirements to fully use it
Microsoft Defender for Cloud Apps is well suited when working with other Microsoft Applications. For example, if you are working with Microsoft Office 365 it works very well when implementing CASB features. It works when implementing monitoring or blocks on Sanctioned applications however customizing the message to users is not that great.
As many companies think—they’re afraid of firewalls, but they want to keep something secure—and what it does best is it simplifies the approach from a cybersecurity perspective, especially from the user perspective. Users spend a lot of time on the web, trying to access sites, clicking links, scanning QR codes, and doing whatever. You can’t really stop them unless you have something in between that can check whether those links lead somewhere safe, or potentially run them in a sandbox if there are threats or specific use cases.
So I think one of its strongest points is that it’s very simple, and it’s not expensive compared to if you buy a firewall and licenses from other brands, where you have to configure it and spend engineer work hours or outsource the work. It’s the simplicity, and I think it just works. I had some issues five years ago, four years ago, but now it just works. I’m pretty happy.
The integration to Microsoft Entra ID is seamless, which allows Conditional Access to redirect the session to Microsoft Defender for Cloud App for it to take actions (Block or Monitor).
Tracker users' activity is very good when troubleshooting or running an investigate.
Detecting risky users through tight integration with Microsoft Entra ID is a very good feature.
Detecting mass downloads and blocking the download of files from non-manage company devices is a very good feature as well.
So we had in the past very general rule sets, very detailed rule sets for security rules. Like you can access this page but not this IP range and so on. So hundreds of specific rules for specific machines and the rule management in Cisco Umbrella is not that granular. So it was not possible to build up these rule sets in Cisco Umbrella, but now we see to access it's much better already. So that's why one reason why we are migrating to CQ access to have better API based possibility to manage these rule sets and synchronize them between different products that we are using and in the cloud. So yeah, we hope that with secure access it's a little bit more granular like with Cisco Umbrella currently.
It takes some time to scan and apply the policies when there is some sensitive information.
After it applies the policies, it works, but there is a delay.
It doesn't provide any way to scan Microsoft Teams when an external exchange of images is happening. You can always do the filtering on the documents during the chat, but if there is an image, then some kind of OCR capability is required to detect it. At present, there is no way [Microsoft Cloud App Security] can go and detect those kinds of images and alert us
First off I never give anything a "10" unless it's perfect. LOL - I grade on the curve. I think OpenDNS/Umbrella is a very good product. I think that fact that Cisco absorbed them is one of the proofs of that. I have used the product back when it was free for companies our size. I have not always appreciated the cost - but in the post pandemic cyber chaos, I believe the cost benefit ratio is still very high. I have honestly not looked at other products because Umbrella continues to work to my satisfaction. I consider Umbrella to be one of the key layers in my cyber security strategy.
Better features and easy to manage system with great customer support and overall usability is great as it works for hybrid environment with ease as it is having features for on prem users as wells as cloud users with great customer support and great team of trained engineers to support our opeartions.
The interface is pretty simple and easy to use; however, you will need to do a lot of investigative research on your own to get comfortable with it. Originally, many of the Microsoft security tools had their own seperate consoles. Overtime, they have blended into one interface which is the ideal state. In some cases it is clear Microsoft had to pick which console a certain feature or setting was going to reside in and this leads to some confusion. For example, DLP is managed through Defender for Cloud Apps but you will also need to jump into Purview. For things like reverse proxy on your M365 tenant, you will need to go into Azure and setup conditional access rules. Not a big problem and I can understand why the settings are located where they are but for someone just starting out with Defender for Cloud Apps, it will take some time to figure out.
Cisco umbrella services in the cloud are always available. However, the weakness is the VM installed in the data center that are the first resolvers. If the VMs become unavailable for any reason or the vSphere goes down, then all DNS is affected
our experience with cisco products has always been awesome and same is the case with cisco umbrella .Under umbrella cisco provides flexible and scalable software solution to use across different dept and sites . These softwares are very user friendly ,pages load quickly as these applications are designed for minimum latency and reports are also provided quickely
Whilst the support is good once you get through to them, it's email only and the response is slow. This is a issue, because its a core system that needs to work. We have had issues in the past where several of our companies have gone down due to Umbrella and support is nowhere to be seen. It is very difficult to know whether Umbrella is having service issues, since they do not regularly update customers on the status of their services, such as is seen by providers such as Microsoft (status.umbrella.com just seems to show up all of the time, I'm not sure it's even updated)
I have not utilized actual support but the Sales and Product teams have been super helpful in moving our implementation forward and showing us the best practices.
Quite easy to understand training modules prepared by knowledgeable trainers. Training modules have included all the desired features of these softwares and the content delivery is very good from the respective module trainers and it explains in details the features and apart from that further training material support is also provided if needed.
At the time we were forced to move from Cloud Web Security to Cisco Umbrella, Cisco Umbrella was far from being a direct replacement. It was frustrating and difficult to migrate due to the lack of functionality. This has since been addressed, however we now have legacy rulesets that were built as bandaids that cannot be removed. Hopefully the migration to Secure Access will address this.
Umbrella checked all the boxes for us (at the time) because it supported multiple domains and multiple IPs to protect (we have 20+ offices), and its configuration and policies cover a lot of different options for us. We used another product prior, and it worked well, but it didn't have all the features we needed at the time.
More flexible and more features with easy integration with cloud services like Microsoft Azure and other cloud services. Overall both gives similar features but we prefer Microsoft cloud app security due to its high threat detection rate. mostly we have been able to stop the threat in very very less time.
Cisco umbrella provides fleaxible and scalable software solutions which are easy deploy across multiple departments and sites wherever needed and this softwares are very easy to use and provides the best interface along with cisco support for other devices apart from cisco infrastructure but still there is scope for improvement on the inclusion of latest features
It's a costly product and we have to admit that, but security breaches are costlier, and they can take more than we can afford so we always had positive mindset over our security purchase and Cisco Umbrella had overall positive impact.
Cloud App Security saves us thousands of dollars finding and rectifying apps security issues
Identity Security Posture helps the organization identity stay in shape, saving thousands of dollars on security consultations
The cost of suffering a breach cannot be quantified, CAS helps minimize the chances of the attackers succeeding, with excellent historical logging for most operations
