An easy win for internal security
January 17, 2023

An easy win for internal security

Shane Muggeridge | TrustRadius Reviewer
Score 7 out of 10
Vetted Review
Verified User

Overall Satisfaction with Cisco Umbrella

Cisco Umbrella is a security product that redirects DNS traffic to OpenDNS servers (Cisco bought OpenDNS a few years ago and rebranded the product). This product then filters the traffic at the DNS level. This differs from firewalls because the traffic is filtered away from the local network. Why is this useful? Because it's more reliable, easier to configure, and less effort to maintain. Think of it much like you'd think of outsourcing your servers to the cloud; It's one less resource that you have to worry about going wrong.

In a defence in depth approach, DNS filtering is an important tool to add. I've found it to be a much more effective defence than typical firewalls, because its much more dynamic in it's blocking. We use it in our own network and in customers networks, and we have very few issues.
  • Effective prevention of ransomware and malware by blocking CNC traffic. rendering the malware useless.
  • Good reports, which are readable by non technical users
  • Using Talos for its threat database means that it rarely misses anything
  • Very good knowledgebase available which means that it is easy to learn how to use and implement the product
  • Very clunky implementation of bypass users
  • Not a very intuitive system when you want to whitelist sites
  • Accounts department has complained that the purchasing system is difficult, because it is a manual process. They have to ask for quotes each time we add new seats.
  • I've had several issues with the roaming agent which has quite a few bugs

Do you think Cisco Umbrella delivers good value for the price?

Not sure

Are you happy with Cisco Umbrella's feature set?


Did Cisco Umbrella live up to sales and marketing promises?


Did implementation of Cisco Umbrella go as expected?


Would you buy Cisco Umbrella again?


  • It's a very easy sell that requires very little support when set up correctly. It pretty much just sits there and makes money.
  • Security incidents have reduced noticeably since its introduction, which means less work required on these incidents.
  • The reporting gives the customers a real view of what their IT system is doing, making it easy to justify the use of such systems that would otherwise be difficult to sell to bean counters.
I found the filtering system from within the corporate network much better than outside. This is because the system with the Umbrella virtual machines is much more stable and reliable than the roaming client. I've had a lot of issues with roaming agents breaking, going offline, being easy to circumvent with things such as browsers that use their own DNS servers. It requires a lot more maintenance than internal system. You can set this up on your DHCP server and force clients to use Umbrella DNS.

I've used Umbrella with Cisco AnyConnect and this was a powerful integration. It was easy to set up and makes your life as an IT worker easier.

It also has a lot of good API integrations, such as with VirusTotal.

It's integration into Active Directory is very good and this is how I recommend implementing the system most of the time.
Whilst the support is good once you get through to them, it's email only and the response is slow. This is a issue, because its a core system that needs to work. We have had issues in the past where several of our companies have gone down due to Umbrella and support is nowhere to be seen. It is very difficult to know whether Umbrella is having service issues, since they do not regularly update customers on the status of their services, such as is seen by providers such as Microsoft ( just seems to show up all of the time, I'm not sure it's even updated).
Meraki MX is the only other system that uses a system similar to Cisco Umbrella. The other systems use DNS filtering on the device themselves, which is more vulnerable than exporting this filtering service to the DNS provider.

I believe Meraki MX actually uses Cisco Umbrella as of 2022, but this was a recent change and their previous service was not as effective.
Well suited to networks that include Active directory, as you can hook it into the directory to allow you to target specific users and computers.

Not particularly well suited to personal users due to the price point, and also not well suited to organisations with disorganised IT, since the system can be bypassed simply by changing the DNS server of the device. You need a dedicated IT department to ensure these sorts of settings are locked down.