Securing DNS with Cisco Umbrella
Security has always been a hot topic in networking, but in the recent years it seems like that concern has had to grown at an exponential pace. Malware, phishing and ransomware infections seem to happen more frequently all the time – but what can be done to help protect yourself against these attacks? You likely already have firewalls and antivirus solutions in place – so what’s a critical part of your network that you likely haven’t initiated a defense plan for yet? DNS.
Umbrella helps secure your network at the DNS level – by checking each DNS request from devices on your network to ensure that the request being processed is for a legitimate and safe domain. The safety of the domain is determined by the OpenDNS community (users) as well as Umbrella’s security team. The benefit of stopping a threat at the DNS level is that no information has changed hands yet – if the domain is a threat, the threat is contained before any data transfer starts. This means fewer threats even reach your network – helping eliminate outdated antivirus definitions not seeing a threat come in.
Additionally, Umbrella gives a great deal of insight and control into your network – which you can choose to leverage as much or as little as you’d like. A complete deployment would include at least two Virtual Appliances (VA) in your own internal DNS servers for internal domains, and communicate with your Active Directory servers for policy enforcement and request identification. This network which handles your DNS requests, relay requests to Umbrella’s DNS servers, as well as offers you the ability to not only see what each authenticated user is looking at on the Internet, but create enforceable policies around it. An example of such a policy would be disallowing Social Media websites to all users unless they belong to the ‘Marketing’ group in your Active Directory server.
Typical Cisco Umbrella Deployment
WiSP spearheaded an Umbrella deployment for a client in September for them to take advantage of the superior Ransomware protection that it offers. Since the deployment, there have been a few unexpected advantages – such as easy blacklisting of potentially harmful domains in phishing emails that haven’t already been identified by Umbrella, and the general insight into the network to know how many DNS requests are being made in the network, and where those requests are going too. Since the deployment on September 18th, Umbrella has processed 5.6 million DNS requests and blocked 1,439 potential security events from happening in the network.
OpenDNS was founded back in 2006, and purchased by Cisco in 2015, and is currently being rebranded to ‘Umbrella’. Umbrella offers protection at the network level with Virtual Appliances as well as endpoint protection with roaming clients installed on laptops to keep devices protected even when they’re off the corporate network.