How IT Works: Security at the DNS Layer with Cisco Umbrella

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
Captions
INTRO: This is the IT Roadshow. We're taking you with us, as we go coast to coast, East to West, on the tricked-out CDW Technoliner —anywhere and everywhere there's technology, talking to and learning from real engineers, swapping stories with real techies, seeing real technology in action. So if you're ready to geek out, hop on and let's go. Nathan: Welcome to the IT Roadshow. I'm here today with Allen Schmidt. Allen, thank you so much for taking the time. Allen: Nathan, glad to be here. Nathan: Today, we're going to talk about Cisco Umbrella. Allen: Yep. Nathan: Tell us what exactly is Cisco Umbrella? Allen: Umbrella is really protection at the DNS level. That sounds a little vague, so it's probably best told sort of in a story. So let me … Nathan: Sure. Allen: … kind of describe that scenario. Nathan: Awesome. Allen: So here are your corporate users, and they are drawn to the internet. It would be nice if they would stay on the local network, stay on the local file servers, but ultimately they're going to go out to the internet. So we'll put a little firewall here to protect them, a little ISP to connect them to that. But the real thing that draws them to the internet is cat videos. They are irresistibly drawn to cat videos. Nathan: Cat videos? Allen: Well, yes, cat videos. Nathan: Okay. Allen: You know, we can't resist them, but ultimately cat videos don't exist on their own. Somewhere out there, there is a server that holds all of the cat videos that you want to watch. So we have this server over here. But ultimately all they know is the name. They've gotta find the address of that site so that they can get to it, and that's where DNS happens. So generally, people will look to their local Microsoft server to find the address of that site that they're going to. The Microsoft server doesn't know, so usually they'll end up going out to the DNS server that their ISP gave them. Ultimately, they'll get the answer back, and they'll be able to know the IP address of the site that they're going to. But we won't know anything about that site. Nathan: Hmm. Allen: We don't know: Is it safe? Has it been compromised? Does it really have cat videos? We don't know any of those things. Nathan: [Laughs] Allen: So instead of going to the DNS server that the ISP gave, they could go to Umbrella. Umbrella will then be able to give them better protection. Now, you can know more: You can have information about whether it is safe, whether it's a legitimate site. That's the value that Umbrella brings. It gives you security at the DNS layer. Nathan: So that sounds like a different approach. Allen: What's interesting about Umbrella and about using DNS for security is that everyone uses DNS. It's on every single device out there. And so being able to supply security at that point is a really valuable option. The other thing is that because this is in the cloud, because the DNS request is done in the cloud, it can be done from your headquarters location; it can be done from your data center. It can be done from someone who's working at home, at a branch office. Even those mobile users, the road warriors, their computers can point their DNS requests up to Umbrella. And then, you have the same security policy applied to all of those users, and you have the ability to monitor what everyone's doing across the enterprise through all of those DNS requests. The other thing that's really nice about this is you can actually have Umbrella up and protecting the environment in five minutes. Nathan: Five minutes? Allen: So five minutes is true. There's some additional things you can do, but the effort to put Umbrella in place is minimal. Nathan: That's … Allen: And one of the nice things too is that they make this available to anyone. You can actually go home, on your computer right now, and put in, you know, the address 208.67.222.222. If you put that in there, as soon as you do, all the DNS lookups that happen will be going to Umbrella, and you'll be getting many of those protections that we talked about. Now obviously, it would be nice to have some additional information. For instance, if you want to have, you know, the name of the device that was making this request. You can do a little DNS lightweight VM, virtual server, and then you can tie it in with Active Directory in order to get user identity information. So you can actually know who the users were that made all of those requests and obviously remediate any problems that you see. So that takes a little bit longer, but, you know, the relative effort of putting this in is extremely lightweight. Nathan: So, there's a lot of great things about Umbrella, right? So what are some other advantages? Allen: Well the key advantage to all of this are the different security models that they apply to all of these DNS requests that come in. It's tied in with Cisco's Talos security operations center, so they get information from all over the internet — from firewalls and IPS systems. And just from the DNS requests alone, they receive somewhere in the area of 100 billion DNS requests every single day. So we have reputation; we have statistical analyses; we have knowledge of malware, of botnet command and control, and phishing sites. At that point, it can look at proxies, so you can look at traditional categories, like no shopping, you know, while at the office, no gambling, that kind of thing. So they have that reputation. They also do statistical analyses. So, you know, they look at sites that maybe have a spike in activity; they look at sites that are newly registered. They even look at some interesting things. For instance, if the site you're trying to go to is hosted on a server that also hosts other websites, that server might have multiple sites that are compromised or that are malicious. Maybe the site you are going to is malicious, maybe it's not … Nathan: Wow. Allen: … but it's sort of guilt by association. They also have something they call co-occurrence. When you go to a website, maybe 99 percent of the time when someone goes to this site, they immediately go to another site. There's a different URL that they're always directed to. Co-occurrence can tell you whether or not there's some, you know, malicious redirection happening there. There’s a myriad of statistical models that they apply. And so, when you go up there, there's a good chance the site already has a reputation and that, you know, bad sites will be blocked, good sites you'll be allowed to go to. The sites that aren't known, what Umbrella will do is it will actually send back the IP address of a proxy, within the Umbrella cloud, so now all of your traffic will go through a proxy within Umbrella. Nathan: Hmm. Allen: Now, it'll look at the URL; it'll look at the payload; it'll do those traditional kinds of proxy functions. So, it's an intelligent proxy. So those are the primary advantages, I think, that Umbrella brings. It's those statistical analyses — all of which happen before you ever went to the web proxy or the firewall. It happened when you did the name lookup. So now your SIM doesn't have to be involved in that. Nathan: Mm-hmm. Allen: Your firewall didn't have to generate an event for that. It's all controlled before you get there. You're actually relieving some of the load on those other security controls. Nathan: Allen, thank you so much for spending some time with us talking about Cisco Umbrella. Allen: Happy to be here. Nathan: Thank you so much for joining us on this Pit Stop. For more information, go to CDW.com/security. Thanks for joining us.
Info
Channel: CDWPeopleWhoGetIT
Views: 32,828
Rating: 4.8966789 out of 5
Keywords: CDW, CDW Corporation, DNS-Level Security, Cisco Umbrella, DNS level security, domain name system security, IT Roadshow, CDW IT Roadshow
Id: C3dJG-aNkcU
Channel Id: undefined
Length: 6min 38sec (398 seconds)
Published: Fri Oct 06 2017
Related Videos
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.