Cisco Umbrella Alternatives

Cisco Umbrella is the name of the former OpenDNS Enterprise service that was acquired by Cisco in 2015. Like its predecessor, Cisco Umbrella has multiple security features to help businesses better protect their networks, data, and employees from web-borne threats such as malware, ransomware and phishing.

Cisco Umbrella typifies the evolution of network security in the last decade. In 2009, OpenDNS Enterprise was launched – an enterprise-grade network security platform that had grown from the original free-to-use OpenDNS web filter for personal and family use. Features were added over time to enable businesses to integrate OpenDNS Enterprise with management tools such as Active Directory and Threat Intelligence Programs such as PhishMe (Now Cofense) and Splunk.

OpenDNS Umbrella was launched in 2012 to enforce web filtering policies beyond the corporate network. This product was incredibly popular among larger enterprises due to the growth of BYOD policies as it enabled IT admins to apply security policies to mobile employees and those who used their personal devices for both work and personal activities. Now, IT admins could define policies, provision devices, and view reports across users, sites, networks, groups, and devices.

Cisco OpenDNS

In 2015, Cisco acquired OpenDNS in a deal worth a reported $635 million and rebranded OpenDNS Umbrella as Cisco Umbrella (the free-to-use Home and Family versions of OpenDNS retained their existing names). Cisco also restructured the product to provide three levels of service to customers – the first (“Professional”) being equivalent to the former OpenDNS Enterprise service, with more advanced security features packaged into the “Insights” and “Platform” services.

Professional Insights Platform
Block malware, ransomware, phishing, and C2 callbacks Block direct IP connections at the IP-layer Deploy pre-built integrations that work with 10+ security providers
Protect users anywhere they go, on and off the corporate network Identify targeted attacks by comparing local vs. global activity Leverage custom API to easily integrate with other systems
Stop malicious domain requests and IP responses at the DNS-layer Identify cloud, shadow IT, & IoT usage risks by reporting on 1800+ services Gain context about what Umbrella is blocking and why
Real-time, enterprise-wide activity search & scheduled reports Enforcement & visibility per internal network or AD user/group See attacks as they form and prioritize incident investigations
Enforce acceptable use policies using 80+ content categories Proxy risky domains for URL and file inspection using AV engines and Cisco AMP Note 1: A customized package is available for schools and universities.
Create custom block/allow lists (blacklists/whitelists) Retain client-managed or Cisco-managed logs with AWS integrated S3 bucket Note 2: Customer Support packages have to be purchased separately.

The Benefits of Cisco Umbrella

At the basic “Professional” level, Cisco Umbrella is easy to set-up, configure and administer. Filtering policies can be applied universally, by group, or by individual user in order to block access to undesirable websites and those known to harbor malware and ransomware. Cisco Umbrella Professional serves as a basic web filtering package to protect users – on and off the network – from web based threats and for enforcing acceptable internet usage policies by blocking access to certain categories of website using 80+ website categories. At the “Insights” and “Platform” levels, Cisco Umbrella integrates easily with other security solutions to deliver live threat intelligence. The Insights package allows users to take a more proactive approach and identify threats within the company, including potential malware infections by blocking malware callbacks and identifying where those callbacks are coming from – Which PC has been infected. The Platform level is the most advanced and comprehensive service, which is best suited for larger organizations with their own dedicated internal security teams. It can also integrate with other products through Cisco’s Application Programming Interfaces (APIs) and includes an Investigate web console to provide greater insights into threats and provide additional context for investigations.

Depending on your organization´s specific security requirements, you can chose which of the three levels best suits your requirements. Customers who choose the “Insights” level also benefit from the features of the “Professional” level, while customers who opt for the “Platform” level of service benefit from the features of both the “Insights” level and the “Platform” level.

New Cisco Umbrella Packages Launched

Recently, Cisco rejigged and renamed its packages. Some of the features from the old Platform package have now been incorporated into the Insights package, and Insights options have been added to the old Professional package.

The Cisco Umbrella Professional package is now called DNS Security Essentials, which remains a basic web filtering solution with some extra features. DNS Security Essentials customers now benefit from better integrations with other Cisco products such as Cisco Threat Response to aggregate activity across Cisco’s range of products and other tools through Cisco’s APIs. This basic package also now includes AD integration and log retention.

However, the package does not include SSL inspection, which is only supplied with the second and third tier packages. This is likely to be problematic for some organizations as many websites have now transitioned from HTTP to HTTPS and are encrypting traffic between the website and the browser. At the basic DNS Security Essentials level, IT admins will not have visibility into this encrypted traffic.

The middle ‘Insights’ tier has now been rebranded as DNS Security Advantage. In addition to the basic web filtering features of the DNS Security Essentials package, through the secure web gateway IT admins have the option of SSL inspection, but only for traffic associated with risky domains. One notable addition is Umbrella Investigate, which was previously only available through the Platform package. This allows users can gain greater threat insights and also send threat information to other tools and systems.

The most comprehensive ‘Platform’ solution has been rebranded as Secure Internet Gateway (SIG) Essentials. At this level, IT admins benefit from full SSL inspection, not only risky sites. All traffic will be decrypted, inspected, and re-encrypted. All traffic will be subjected to URL and file inspection using AV engines and AMP, not just risky domains. This ensures new domains and those that have previously been trusted are also subjected to more rigorous inspections, to help identify recently compromised websites. The solution also includes a cloud sandbox for deep analysis of suspicious files.

The Secure Internet Gateway (SIG) Essentials incorporates a cloud-delivered firewall, the ability to discover and block shadow IT by URL (rather than just domains), and the ability to create policies with much more granular control for blocking uploads, attachments, and posts for selected apps.

 

DNS Security Essentials DNS Security Advantage Secure Internet Gateway (SIG) Essentials
All ‘Professional’ features plus.. All Insights features plus… All Platform features plus…
Active Directory integration Access to the Umbrella Investigate web console to provide greater context during investigations Decryption/inspection of all SSL (HTTPS) traffic
Integration with other tools and Cisco Threat Response through APIs Use the Investigate on-demand enrichment API to provide domain, URL, IP, and file threat intelligence to other tools and systems Proxy all web traffic for URL and file inspection
Block shadow IT based on domains SSL inspection for risky domains URL filtering
Retain logs with AWS through customer-managed/Cisco-managed S3 buckets Use of the Cisco Threat Grid cloud sandbox for analysis of suspicious files
Cloud-delivered firewall to block specific IPs, ports, and protocols
Discover/block shadow IT based on URLs
Create policies with granular control for blocking posts for certain apps, uploads, and attachments.

Cisco Umbrella Alternatives

Cisco Umbrella is a comprehensive web security and web filtering solution with advanced features to protect against web-based threats such as malware, ransomware, viruses, botnets, and phishing but the solution is not ideal for everyone and there are several Cisco Umbrella alternatives available that offer an equivalent level of protection.

At all pricing tiers, Cisco Umbrella provides value for money and is likely to pay for itself by blocking a wide range of threats that could otherwise lead to a malware or ransomware infection and data breach; however, one of the main issues is the cost of Cisco Umbrella. Some customers feel Cisco’s prices are too high at the Professional/DNS Security Essentials level compared to alternative web filtering solutions. Several Cisco Umbrella alternatives incorporate several features of the Insights/DNS Security Advantage and even Platform/SIG Essentials level as standard. Further, those solutions are also available at a much lower cost than even the price of Cisco Umbrella DNS Security Essentials. Another common criticism is having to pay for add-on services such as a support package that includes telephone support rather than only email support.

Costs aside, there are some known issues with regard to “SafeSearch” and Cisco Umbrella’s use of the AnyCast network for routing web traffic – the latter issue possibly affecting businesses in regulated industries when data crosses different cloud regions. There is also no option for businesses to host Cisco Umbrella locally, or for Managed Service Providers to rebrand Cisco Umbrella as their own product.

Cisco Umbrella Competitors

Cisco Umbrella pricing drives many organizations to alternative DNS filtering providers. The Cisco Umbrella cost per user for a typical healthcare organization for basic DNS filtering capabilities is $2.70 per user, per month.

Some of the most reasonably priced DNS filtering solutions have greater capabilities and features than the DNS Security Essentials package included as standard. Some even offer most of the features of the DNS Security Advanced and even SIG Essentials features at a lower cost than the most basic Cisco DNS filtering package.  Prices for Cisco Umbrella alternatives start at around $1.00 per user, per month. The DNS filtering services providers by Cisco Umbrella competitors represents a considerable cost saving per month and may still provide the level of protection required.

Cisco Umbrella is certainly a comprehensive DNS filtering solution at the SIG Essentials level with a range of enhanced features, but many organizations will need the level of protection provided by at least the DNS Security Advantage package – Such as SSL inspection for risky domains – which ups the Cisco Umbrella costs considerably.

Some of the main competitors offering a DNS filtering service for healthcare organizations are:

  • TitanHQ – WebTitan Cloud
  • Webroot DNS
  • Citrix Secure Web Gateway
  • Sophos Secure Web Gateway
  • ZScaler Internet Access
  • Forcepoint Web Security
  • Barracuda Web Security Gateway
  • Infoblox Secure DNS