SIG Overview

SIG Overview

Cisco Umbrella is a cloud-based SIG platform, which offers many layers of protection against internet-based attacks. Cisco Umbrella includes secure web gateway, firewall, Domain Name System (DNS) layer security, and cloud access security broker (CASB) functions to protect your systems from threats.

Cisco Umbrella has evolved over the years from providing crucial DNS security to a fully developed security stack. By integrating the mentioned components, you can deliver Cisco Umbrella as a one cloud service:

• DNS layer security: Cisco Umbrella protects your network and endpoints by enforcing security at the DNS layer. Cisco Umbrella blocks request to malicious and unwanted destinations even before establishing a connection. This action stops threats over any port or protocol before they reach your network or endpoints.
• Secure web gateway (full proxy): Cisco Umbrella contains a cloud-based complete proxy that is capable of logging and inspecting all your online traffic for increased visibility, control, and protection. You can use IP Security (IPsec) tunnels, proxy autoconfiguration (PAC) files, and proxy chaining to forward traffic to get complete visibility, URL and application-level controls, and enhanced threat protection.
• CDFW: Cisco Umbrella's CDFW delivers visibility and control over traffic originating from internet requests, spanning all ports and protocols.
• CASB: Cisco Umbrella helps with exposing shadow IT by recognizing and reporting on cloud applications used throughout your environment. Insights can aid in cloud adoption management, risk reduction, and the prevention of the deployment of harmful or inappropriate cloud applications.
• Remote browser isolation (Optional add-on): Cisco Umbrella's remote browser isolation (RBI) protects the Umbrella secure web gateway by separating web traffic from the user's device and the threat. This way, you can explore risky websites without being at risk.

Cisco Umbrella Packages

The available packages are:

• DNS Security Essential
• DNS Security Advantage
• SIG Essentials
• SIG Advantage

When you initially start using Cisco Umbrella, you must take a few preliminary actions to ensure that Cisco Umbrella can begin safeguarding your systems and organizations.

The first step is to register a network by creating a network identity. An identity is a physical entity that Cisco Umbrella safeguards with regulations and monitors with reports.

Then, you must make sure that your operating system or hardware firewall and router DNS settings point to Cisco Umbrella's name server IP addresses. You must also turn off the automatic DNS servers that your ISP sends to your home. Cisco Umbrella can handle both IPv4 and IPv6 addresses.

The next step involves adding and configuring policies. Define how Cisco Umbrella's security and access controls are applied to identities by creating policies that specify whether traffic is reviewed and either denied or allowed.

Organizations can take advantage of these three types of policies:

DNS policy:

The Cisco Umbrella DNS policy enables you to configure and control the DNS layer security settings for an identity.

Web policy:

On port 80 or 443, the secure web gateway assesses web requests. The secure web gateway enables comprehensive URL reporting, content management, malware scanning and evaluation by antivirus engines, complete or selective Secure Sockets Layer (SSL) decryption, and application visibility.

Firewall policy:

The Cisco Umbrella Firewall policy allows you to configure and control the Umbrella CDFW. You can define destinations, such as ports, protocols, and applications, and also IPsec tunnels to the Firewall policy. The CDFW filters web traffic on non-standard and regular web ports (80 or 443).