INTRO: This is the IT Roadshow. We're taking you with us, as we go coast to
coast, East to West, on the tricked-out CDW Technoliner —anywhere and everywhere there's
technology, talking to and learning from real engineers, swapping stories with real techies,
seeing real technology in action. So if you're ready to geek out, hop on and
let's go. Nathan: Welcome to the IT Roadshow. I'm here today with Allen Schmidt. Allen, thank you so much for taking the time. Allen: Nathan, glad to be here. Nathan: Today, we're going to talk about Cisco
Umbrella. Allen: Yep. Nathan: Tell us what exactly is Cisco Umbrella? Allen: Umbrella is really protection at the
DNS level. That sounds a little vague, so it's probably
best told sort of in a story. So let me … Nathan: Sure. Allen: … kind of describe that scenario. Nathan: Awesome. Allen: So here are your corporate users, and
they are drawn to the internet. It would be nice if they would stay on the
local network, stay on the local file servers, but ultimately they're going to go out to
the internet. So we'll put a little firewall here to protect
them, a little ISP to connect them to that. But the real thing that draws them to the
internet is cat videos. They are irresistibly drawn to cat videos. Nathan: Cat videos? Allen: Well, yes, cat videos. Nathan: Okay. Allen: You know, we can't resist them, but
ultimately cat videos don't exist on their own. Somewhere out there, there is a server that
holds all of the cat videos that you want to watch. So we have this server over here. But ultimately all they know is the name. They've gotta find the address of that site
so that they can get to it, and that's where DNS happens. So generally, people will look to their local
Microsoft server to find the address of that site that they're going to. The Microsoft server doesn't know, so usually
they'll end up going out to the DNS server that their ISP gave them. Ultimately, they'll get the answer back, and
they'll be able to know the IP address of the site that they're going to. But we won't know anything about that site. Nathan: Hmm. Allen: We don't know: Is it safe? Has it been compromised? Does it really have cat videos? We don't know any of those things. Nathan: [Laughs] Allen: So instead of going to the DNS server
that the ISP gave, they could go to Umbrella. Umbrella will then be able to give them better
protection. Now, you can know more: You can have information
about whether it is safe, whether it's a legitimate site. That's the value that Umbrella brings. It gives you security at the DNS layer. Nathan: So that sounds like a different approach. Allen: What's interesting about Umbrella and
about using DNS for security is that everyone uses DNS. It's on every single device out there. And so being able to supply security at that
point is a really valuable option. The other thing is that because this is in
the cloud, because the DNS request is done in the cloud, it can be done from your headquarters
location; it can be done from your data center. It can be done from someone who's working
at home, at a branch office. Even those mobile users, the road warriors,
their computers can point their DNS requests up to Umbrella. And then, you have the same security policy
applied to all of those users, and you have the ability to monitor what everyone's doing
across the enterprise through all of those DNS requests. The other thing that's really nice about this
is you can actually have Umbrella up and protecting the environment in five minutes. Nathan: Five minutes? Allen: So five minutes is true. There's some additional things you can do,
but the effort to put Umbrella in place is minimal. Nathan: That's … Allen: And one of the nice things too is that
they make this available to anyone. You can actually go home, on your computer
right now, and put in, you know, the address 208.67.222.222. If you put that in there, as soon as you do,
all the DNS lookups that happen will be going to Umbrella, and you'll be getting many of
those protections that we talked about. Now obviously, it would be nice to have some
additional information. For instance, if you want to have, you know,
the name of the device that was making this request. You can do a little DNS lightweight VM, virtual
server, and then you can tie it in with Active Directory in order to get user identity information. So you can actually know who the users were
that made all of those requests and obviously remediate any problems that you see. So that takes a little bit longer, but, you
know, the relative effort of putting this in is extremely lightweight. Nathan: So, there's a lot of great things
about Umbrella, right? So what are some other advantages? Allen: Well the key advantage to all of this
are the different security models that they apply to all of these DNS requests that come
in. It's tied in with Cisco's Talos security operations
center, so they get information from all over the internet — from firewalls and IPS systems. And just from the DNS requests alone, they
receive somewhere in the area of 100 billion DNS requests every single day. So we have reputation; we have statistical
analyses; we have knowledge of malware, of botnet command and control, and phishing sites. At that point, it can look at proxies, so
you can look at traditional categories, like no shopping, you know, while at the office,
no gambling, that kind of thing. So they have that reputation. They also do statistical analyses. So, you know, they look at sites that maybe
have a spike in activity; they look at sites that are newly registered. They even look at some interesting things. For instance, if the site you're trying to
go to is hosted on a server that also hosts other websites, that server might have multiple
sites that are compromised or that are malicious. Maybe the site you are going to is malicious,
maybe it's not … Nathan: Wow. Allen: … but it's sort of guilt by association. They also have something they call co-occurrence. When you go to a website, maybe 99 percent
of the time when someone goes to this site, they immediately go to another site. There's a different URL that they're always
directed to. Co-occurrence can tell you whether or not
there's some, you know, malicious redirection happening there. There’s a myriad of statistical models that
they apply. And so, when you go up there, there's a good
chance the site already has a reputation and that, you know, bad sites will be blocked,
good sites you'll be allowed to go to. The sites that aren't known, what Umbrella
will do is it will actually send back the IP address of a proxy, within the Umbrella
cloud, so now all of your traffic will go through a proxy within Umbrella. Nathan: Hmm. Allen: Now, it'll look at the URL; it'll look
at the payload; it'll do those traditional kinds of proxy functions. So, it's an intelligent proxy. So those are the primary advantages, I think,
that Umbrella brings. It's those statistical analyses — all of
which happen before you ever went to the web proxy or the firewall. It happened when you did the name lookup. So now your SIM doesn't have to be involved
in that. Nathan: Mm-hmm. Allen: Your firewall didn't have to generate
an event for that. It's all controlled before you get there. You're actually relieving some of the load
on those other security controls. Nathan: Allen, thank you so much for spending
some time with us talking about Cisco Umbrella. Allen: Happy to be here. Nathan: Thank you so much for joining us on
this Pit Stop. For more information, go to CDW.com/security. Thanks for joining us.
