EMAIL SUPPORT

dclessons@dclessons.com

LOCATION

AF

Cisco Umbrella CDFW and IPS

Cisco Umbrella CDFW and IPS

Cisco Umbrella CDFW and IPS

Cisco Umbrella's CDFW gives visibility and control over all traffic that originates from a client request to the internet, regardless of port or protocol. It monitors all activity and stops unauthorized traffic by using IP, port, and protocol rules (layer 3/4 firewall), application rules (Layer 7 Application Visibility and Control), and intrusion prevention system (IPS) rules. Simply configure an IPsec connection from any network device to forward traffic to the CDFW.

Here are some common examples of use cases that make use of Layer 7 Application Visibility and Control:

  • Block shadow IT over non-web ports:
    • Stop the use of unapproved software as a service (SaaS) applications.
    • Cisco Webex is allowed.
    • Microsoft Teams video is not allowed.
    • Google Hangouts is not allowed.
  • Block insecure applications on non-standard ports:
    • Stop remote virtual terminal connection into other networks.
  • Telnet via non-standard port 8080
  • Stop file transfer.
  • FTP via non-standard port 1003
  • Block unsanctioned traffic over non-web ports:
    • Stop the use of unapproved traffic, such as Cisco peer-to-peer traffic.
    • Tor or BitTorrent

An intrusion prevention system (IPS) is only as effective as it is cyberattack dictionaries. Umbrella IPS, based on Snort 3 technology, examines network traffic flows and prevents vulnerability exploits via signature-based detection. Cisco Umbrella IPS uses Talos' enormous signature database.

Here are some common examples of use cases that make use of IPS:

  • Meet compliance requirements:

            Serve customers with compliance mandates that specify the intrusion detection system (IDS) and IPS.

  • Deepen security protection:

           Provide an added layer of detection and blocking for malware, botnets, phishing, command, and control               callbacks.

  • Extend security protection:

           Extend detection and blocking of vulnerabilities to outbound traffic from user-initiated requests an inbound             traffic associated with that original request.

Here is a high-level overview of CDFW traffic flow:


Comment

    You are will be the first.

LEAVE A COMMENT

Please login here to comment.