Cisco Umbrella Demo

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

hi I'm Chris Ross I'm a systems engineer here at Cisco in this video we'll be covering Cisco umbrella so it goes new cloud security platform what it is how it works and how to configure in fact in about five minutes I'll show you how to point your traffic to umbrella with our free trial process and in 30 minutes how you'll see results so let's go to start Cisco umbrella is Cisco's cloud security platform that provides the first line of defense no matter where your users are here we are on the main page first the security overview shows you the volume of all requests all blocked requests and security blocks over any port or protocol trending over time enlist your top security events by either destinations identities or types identities can be a network a specific device or an Active Directory user up to you to configure destinations can be a domain name IP address or a URL path the places your identities visit types provides details of what caused the block and now you can see a summary highlighting activity of your networks roaming clients and virtual appliances as deployed the most common deployment is to point DNS from your internal DNS or DHCP servers to umbrella alternatively you can use a network device integration with Cisco integrated services router or various Wi-Fi access points to a granularity you can optionally deploy our virtual appliances to Ford internal network and user identities embedded within DNS traffic to ensure users are protected 100% of the time on your corporate network at all office locations with direct internet access and when they're at home or on the road we make it simple to provision your roaming computers if you're one of the 185 million users in the world using cisco anyconnect simply upgrade it to the newest version and enable the Umbrella module if you use any other VPN no worries our standalone roaming client works alongside it without any conflicts or added latency let's switch over for a moment to the end-user experience here we see a roaming computer deployment using cisco anyconnect even though the VPN is turned off the off network user is protected automatically by umbrella without any either action needed what if your user is finished with an attachment containing ransomware upon opening it the infected laptops can call back to the attackers infrastructure over any portal protocol to download an encryption key but umbrella uses both DNS and IP layer enforcement which silently protects the user even if ransomware has hard-coded IP addresses for community control now let's demo a typical attack phishing the user to click a malicious link and targeted attacks the email may appear to come from a CEOs email and links to the company's website even tech-savvy users may miss a substitute or repeated character in the domain name otherwise this email looks legitimate using umbrellas default block page a custom block page are redirecting the connection to your own server the user is informed that the destination contained a security threat let's return to the admin user experience to act on this or another block web link or c2 callback by viewing all recent security activity filter or sort by different security event types and expand to see all details of a specific security event you can also choose time periods or a particular day on the top-level graph to pivot into an activity report within seconds you can search filter save and export all global security and non-security activity to help get an insight into different activity types there are separate activity reports for traffic by domain quests URL requests and IP requests the URL report shows activity for all requests that were redirected to the intelligent proxy including the full URL and outcome from here you can drill down on a request and see full details including additional information about files from amp by clicking on the destination we display your local activity trends for the last 24 hours and up to the last 30 days in this example umbrella defended you against a reoccurring threat by viewing the global traffic percentage we can infer whether the attack may have been targeted or opportunistic enabling you to better prioritize your investigations if further response is warranted you can use our investigate product to get a complete view of the domains relationships and evolution on the Internet for example with this I mean you may identify global traffic spikes over the past 30 days indicating the launch of an attack campaign or you can see the domain ownership and uncovered other malicious domains registered with the same contact emails or hosted by the same name servers you can also correlate files analyzed by Cisco amps record with the destination to understand how any malware would behave on infected systems you can even see other domains that are frequently requested within seconds before or after the domain you are investigating which happens automatically without user interaction returning to an umbrella you can quickly learn which other top identities were defended against the same threat the common risk are users who request one malicious destination but end up requesting many others so let's pivot into identity reporting here you can see how many total requests were allowed walked or proxied for this identity and whether this matches the historical trend or not we can see other top destinations classified as security threats or just frequently requested by that identity moving on you'll notice that some top security categories are coming from other Cisco or third-party products and leveraging our API you can integrate umbrella with partner products in minutes or create your own custom integration with a simple script such integrations enable you to convert local intelligence into global prevention in seconds finally a quick look at policies as you can see this policy impacts 37 identities the policy includes a number of security categories that can be applied according to predefined profiles or individually here all the security settings have been selected meaning these security categories will be applied to the identities in this policy category settings for content filtering are applied to these users you can apply predefined profiles with a high moderate or low level filtering or create a custom list destination lists allow you to control specific domains and URLs that can be accessed by users in this policy security settings only include allowing or blocking specific categories but also include enabling file inspection through our intelligent proxy and IP layer enforcement capabilities block page settings offer customized messages or bypass options for these users in to complete this policy you can enable all features of the intelligent proxy through a single setting to finance and figure SSL decryption as well as choose to log everything nothing or just security events and that's it pretty simple in fact and the time it took you to watch this video you could already pointed your traffic to umbrella visit our website to sign up for a free trial and we look forward to being your first line of defense against internet threats out there

Info

Channel: Cisco Umbrella

Views: 60,727

Rating: undefined out of 5

Keywords: cisco, umbrella, demo, walkthrough, dashboard, cloud, security, OpenDNS, ransomware, policy, wizard, investigate, reporting, API, integration, cloudlock, stealthwatch, domain, IP, ASN, attack, virus, cyber

Id: KVFUyQEbY48

Channel Id: undefined

Length: 7min 19sec (439 seconds)

Published: Mon Jul 31 2017