Technology
Speaking frankly, information security is never an easy job because of its widespread coverage that includes networks, systems, applications, account passwords, emails, and more. Hence, most enterprises used to focus on infrastructure protection and the security of operations and maintenance to address security incidents. Following the increase in security incidents caused by network and ransomware attacks in recent years, the concern about information security issues has changed dramatically.
In addition, the rise of the internet of everything (IoE) and 5G communication and the new norm of work from home (WFH) as a result of the pandemic have invigorated the wave of digital transformation, compelling enterprises to follow the major trend of digital transformation. The change in network connection methods and application frameworks thus makes the boundary of information security defense more obscure and harder to control, exceeding the boundaries and limits previously set for information security frameworks.
For example, many enterprises have adopted a hybrid work model in response to the pandemic, leading to an escalating demand for remote connections. Now come the questions about the protection of internet access by employees outside of the enterprise and the availability of a simple, consistent, scalable method that can effectively lower the security risks of internet connections by employees. Without a doubt, it is necessary for enterprises to properly resolve these problems in order to go forward toward digital transformation without worrying about information security. Hence, increasingly enterprises have chosen the Cisco’s Secure Access Service Edge (SASE), hoping to overcome the adversities with the core capabilities of 3C contained in the service — connect, control, and converge.
Take control in the 3C for example, through the Cisco Umbrella cloud platform, enterprises can access multiple information security functions and technologies including DNS-layer security protection, secure web gateway (SWG), firewall as a service (FWaaS), cloud access security broker (CASB), and remote browser isolation (RBI) to quickly and easily complete deployment to immediately protect important enterprise service infrastructures and thereby avoid intrusions of such threats as phishing, mining, and malware. Next, let us show you the contents of the functions contained in Cisco SASE.
1. DNS-layer security: Mainly provides protection against connecting to malware, phishing websites, botnets, and high-risk websites. It can be installed on devices containing roaming software and integrated with Cisco AnyConnect to directly block connections to malicious relays to ensure device security.
2. SWG: Besides checking if webpages browsed by users are approved by the enterprise and the files downloaded by users are malware through the web proxy, SWG offers a sandbox mechanism for analyzing unknown files and constantly monitoring the status of unknown files.
3. RBI: RBI is mainly for segregating risky websites, risky applications, or risky URLs to protect the connected devices.
4. FWasS: Performs flow control via the third and fourth OSI layers to block unauthorized ports and protocols and at the seventh OSI layer to check if users run applications not required by the enterprise. It also provides intrusion protection to detect and filter abnormal flow packets.
5. CASB: CASB helps establish access policies for cloud applications based on enterprise needs to control data files uploaded and scan and remove malware on cloud drives.
Cisco Umbrella also provides key functions for protecting enterprise information security, such as visualization, protection, and control. “Visualization” displays the traffic of all internet connections, applications, and equipment, including encrypted and unencrypted network traffic, to provide sufficient information for IT personnel to effectively verify the current state of network transmission. Next, when users or infrastructures run a DNS search, the “protection” function can effectively verify if the connection is an abnormal connection or contains malicious web or file contents based on Umbrella’s intelligence database. If there are, protection can actively block the connection and file download. “Control” aims to provide sufficient flexibility for policy setting to generate a whitelist and blacklist for access by URL, port, protocol, or application.
Since going live in 2006, Cisco Umbrella has never stopped operations, processing over 200 billion DNS requests made by over 100 million users from 190 regions and regions every day. Recognizing that active protection is the key to success in blocking the constantly changing cyberthreats, Cisco keeps strengthening Umbrella’s functions. Besides integrating the DNS intelligence prediction and statistics model to block malware, Cisco has also teamed up with Cisco Talos, the world’s largest commercial threat intelligence team, to provide strong support in the statistics on global internet activities and machine learning models to keep optimizing Umbrella's functions in order to discover various malicious URLs and recognize documents and files that launch attacks in a timely manner.
According to Cisco, internet traffic from cloud software services has seen a dramatic 33% increase since 2020. Behind this phenomenon are severe problems. For example, can enterprise IT teams effectively control the resulting internet traffic when working either from remote locations or with personal equipment has become the new norm? In addition, when enterprises gradually uploaded a variety of internal data to the cloud, how can breaching and unauthorized access of such data be prevented through control?
Hence, Cisco Umbrella provides different deployment methods for enterprise IT teams to adaptively deploy Cisco Umbrella in different locations based on actual needs. There are three major options: first is converting internal DNS searches to Cisco Umbrella; second is deploying Cisco Umbrella Virtual Appliance within the enterprises to check the IPs of internal servers and further integrate this with Microsoft AD to understand usernames; finally, roaming software can be installed on the devices of offsite users or such devices can be integrated with Cisco AnyConnect.
Overall, throughout its evolution, Cisco Umbrella has transformed from starting out as a DNS intelligence database into the first firewall (connection protection during DNS searches), SWG, and eventually today's SASE.
Now, besides offering various functions for information security protection and comprehensive cyberthreat intelligence, Cisco Umbrella can be integrated into the Cisco SecureX cloud information security platform in a simple, efficient, and convenient way to provide customers with visibility across product lines, facilitate customers to centrally analyze the contexts of security incidents, and help enterprise IT teams easily understand the internet connection status of all users inside and outside the enterprise, including what applications have been used, what domains have been connected to, and what files have been sent by each user. Cisco Umbrella keeps the log data for one month by default and directly integrates it with SecureX through an API. After discovering abnormal connections, enterprise IT teams can help Umbrella to quickly block the domains with SecureX in order to firmly secure the digital assets of enterprises.
Reference: https://www.sysage.com.tw/news/technology/247
