Great for DNS monitoring and visibility
February 18, 2022
Great for DNS monitoring and visibility
Score 7 out of 10
Vetted Review
Verified User
Overall Satisfaction with Cisco Umbrella
We leverage Cisco Umbrella across our offices and endpoints. We implemented this before the COVID-pandemic which really gave us visibility into what domains our systems were communicating with and gave a granular way for us to filter and restrict connections. It helped us find issues and resolve them. They often say, "It's not DNS... ok... it was DNS". This is a great tool to help get to the root cause.
- DNS inspection.
- Threat and anomaly data feeds.
- Good for sending data to 3rd-party monitoring systems.
- Deployment to endpoints is tricky.
- Not really a good solution for Linux. You have to manually set OpenDNS servers.
Do you think Cisco Umbrella delivers good value for the price?
Yes
Are you happy with Cisco Umbrella's feature set?
Yes
Did Cisco Umbrella live up to sales and marketing promises?
Yes
Did implementation of Cisco Umbrella go as expected?
Yes
Would you buy Cisco Umbrella again?
Yes
- Better visibility for our Security teams.
- Some employee complaints about Security "spying" on them. But it is a corporate device and we have to protect our customer data.
This was a very good offering for us and a good first step towards DNS protection and URL Filtering. We didn't go with the full URL path because this was our first implementation of DNS Monitoring and it was cost-prohibitive. We could get domain reputation, category, etc without the full URL path. Going forward, the full URL is where we'll go.
We send our Umbrella data into our SIEM and this has been very helpful with incident response and correlation of security events. We're using Splunk Cloud and this has helped us identify and resolve several incidents and investigations of interest. DNS is the key to security monitoring and is very helpful.