Umbrella for Service Providers — which, like Umbrella, is a software-as-a-service (SaaS) offering that lives in the cloud — is one of a few security-related announcements Cisco made this week at Mobile World Congress.
Cisco saw potential for Umbrella, which is delivered in SaaS form, to become a managed service — hence the “for” in Umbrella for Service Providers. It’s a way for them to generate revenue by offering cloud-based security.
It ties into Cisco’s premise (recently echoed by Juniper) that the network should be wielded as a security device. “We see in general that the network as a sensor and the network as an enforcer is a really powerful idea,” says Gee Rittenhouse, Cisco’s senior vice president of security engineering.
Click here for SDxCentral’s full coverage of Mobile World Congress 2017.
What Umbrella Handles
OpenDNS provides Domain Name System (DNS) services, but more pertinent to security, it applies its DNS knowledge and a database of known threats to a predictive approach to combatting attacks such as malware and phishing. (OpenDNS founder David Ulevitch is now in charge of Cisco’s security business.)
Umbrella shunts users over to an OpenDNS-based DNS server. If something seems awry — if malware tries to contact its mother ship, for instance — OpenDNS can spot it and break that connection by quarantining the request.
That setup addresses a problem inherent to off-premise users. If a user’s machine is infected with malware, the act of logging into the VPN inadvertently sneaks the malware past the firewall. The user’s identity is checked, but the contents of her machine aren’t.
The service also takes advantage of CloudLock, a cloud access security broker (CASB) acquired by Cisco last year. It scans cloud-based services as well as their dependencies — background services that are components of whatever service the user is accessing — creating a more complete view of which software services are being accessed. Anything that violates policies could be blocked.
CloudLock uses management APIs to discern what’s going on in the cloud. An alternative approach is to set up a proxy that all cloud traffic must go through; it sounds less elegant, but some customers do want that level of control, so Cisco will be adding it to CloudLock, Rittenhouse says.
Elsewhere in Security
In a sort-of-related direction, Cisco announced that its Evolved Packet Core can now be covered by the Umbrella service.
Cisco also announced new virtual security gateways and a partnership with Samsung involving visibility for endpoint devices.