Cisco Umbrella - manageable, easy to use
April 09, 2021

Cisco Umbrella - manageable, easy to use

Anonymous | TrustRadius Reviewer
Score 9 out of 10
Vetted Review
Verified User

Overall Satisfaction with Cisco Umbrella

Cisco Umbrella is used on all endpoints / servers globally and are the only DNS servers for the entire company.
  • Policy Management / Configuration
  • Detailed reporting
  • Ease of configuration
  • Endpoint Identity quality of information
  • False positive reporting and remediation
  • Real time log viewing on appliances (for troubleshooting purposes)
  • We are neutral on this one as I have not seen an ROI or otherwise
Remote users are covered via a standalone agent or part of the Anyconnect client. Both are effective and check in with the cloud. If you operate in China the coverage is good as it can be given China's government firewall that sometimes blocks or slows down SSL traffic.
We use this in conjunction with Rapid7's SIEM for log retention. The integrations with other Cisco products (management tools) are still lacking and I would not recommend relying on them completely.
The initial incident submission is handled by a "bot" which does not always give an appropriate response, which then in turn requires an escalation to a live person which generally can answer the issue or resolve the problem. Response time for the 2nd level escalation takes much longer and can possibly leave your company more vulnerable in the short time window. There are instances were you need a quick response and there is no way to get a quick answer.
These products are used in conjunction with Umbrella to help cover the gaps in the product. Websense was the closest product we had in the past, however the cost and operating of the product became more and more difficult and costly.
It is well suited to protect the organization against threats that can be mitigated by DNS lookups. Unfortunately not all threats use DNS lookups and can be a gap for those types of bad scenarios. It is not a silver bullet and EDR still must be used to cover other vectors of attack on endpoints.