SASE With Umbrella

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

[Music] hey everybody jason wright with another episode of threatwise tv and today we're talking about umbrella one of my favorite topics and absolutely part of our secure internet gateway our secure web gateway and part of our sassy solution as well and today i'm talking with nitin kumar and we're going to be talking about some of the enhancements and improvements and thanks for joining us today man i appreciate you yeah sure jason thanks for having me appreciate it absolutely so we've got uh some new functionality as a cloud-based solution that protects users both on and off the network we're constantly adding new functionality new capabilities new layers and ways and types of things that we're looking at and blocking tell us a little bit about what we've got to to show our users today yeah great so we're going to show a lot of new capabilities that we've added on to umbrella so one of them is tenant controls so i'll actually walk you through how to allow approved access to certain applications that you commonly use today we'll get into dlp which i know it's huge a lot of people are excited about inline dlp is something we've been working on for quite some time and then we'll be talking about some enhancements we've made to our web policies or our swg policies as well to really simplify and drive efficiency with uh with how you create those policies in umbrella so the first thing i wanted to show jason as you mentioned uh first and foremost for my demo i'm using cisco anyconnect so supporting that remote access remote user uh use case right that a lot of us are working from home obviously a lot of cisco customers are using anyconnect uh so this is almost like mimicking the end user experience working from home remotely um and you know primarily that's kind of what we're using today uh the first capability i wanted to show is called tenant controls so what tenant controls does in umbrella is enforces access to specific cloud applications uh within an organization so if you're a customer that uses office 365 or using g suite or slack if you're using all three there may be use cases where you want to say look i only want to allow users that are going through umbrella to only access my approved or enterprise version of applications right so for 365 we have an option there we have an option for slack and then we added this option here for this demo for g suite so in my case i have a a demo here or excuse me a domain that's tmelabs.com this is my enterprise or approved domain so as anyone is going through umbrella we'll actually show what the what the behavior will look like if they're trying to access like a personal instance and really the use case here is things like you know data exfiltration and really just making sure that users from a productivity standpoint are only accessing the content that they're supposed to during work hours right probably a little regulatory liability oriented exactly aspects as well yeah exactly exactly so we have a short demo to show that before that i mentioned dlp again this was a huge kind of ask from a lot of our customers i'm really excited to show this today so we have a couple different things that that we have here so the first thing i popped into is called data classification so we've created about 80 plus different date what we call data classifiers and these are essentially predefined uh you could think of them as a collection of words phrases that would trigger a dlp policy so these are the common ones and this is based on kind of common compliance standards that we see uh credit card numbers social security numbers and we even extend it to some international aspects as well like uk passport numbers ids etc so what what we can do here is select any number of classifiers to use in our dlp policy and the other cool thing we've added on is the ability to also support custom keywords so if i'm a company and i want to say look i don't want anybody to share first of all credit card numbers from compliance standpoint but i don't want anyone to share uh certain key terms or key words or i want to trigger based on that so if someone types in the word confidential in an email or internal only an email and tries to send that out i as an admin should at least be aware of that i should be alerted or i should outright block that content so we'll kind of show those use cases today so with that i'm going to jump into our our demo environment here so i mentioned we have tenant controls so first thing i'll try to do here is log in as a gmail user so i'm going through umbrella this machine has any connect enabled and i should get blocked hey gmail is telling me that i'm not allowed to access this this gmail account because the domain is gmail.com this is a generic email that it created so what i'll try to do here is now i'll say okay well let me just log in using my work account and again my domain there and then i can go ahead and log in and this time it should let me fully log into my corporate enterprise version of gmail great so i mentioned dlp so what if i am a user and i say hey i want to share some credit card numbers with my buddy here i just pre-created these uh before the demo pop those in i'm just simply sending an email with some credit card numbers okay great so i did that so what if i wanted to do the same thing let's see ccn numbers this time i want to send it as an attachment so i created a document here that has a credit card numbers in a document so i'll do that it attaches great send it off to my friend so he can you know use this credit card as he wants to last test i'll do here i'll say you know private info and i'm going to type the keywords in confidential and internal only i'm going to send that all right so what i'm basically doing is trying to test out to see if my dlp policy is actually working or not so the next thing i'll do is pop into reports so an umbrella we've introduced because we have dlp now we've introduced a separate report called a data protection report where i could see all of the events that are specifically related to dlp violations so we can see that i have a few new notifications here one based on content so i can you know drop in here as an admin and say hey look someone uh was using gmail so mail.google.com they triggered my pii compliance dlp policy that i created and looks like they matched on these custom keywords so uh basically showcasing that we're looking at these keywords and creating a dlp event for that same thing here i can go into here this is actually the file attachment that i uploaded with the credit card numbers in them same thing it actually shows me the application type it's a word document and then the size of the file dot x is the content type obviously and the last thing here is uh what i actually typed in physically in the email sent the credit card numbers that way so a couple of things that i've seen here number one a new data protection report tab that's showing the the violations against the dlp policy specifically uh we saw some international support for some uh some aspects of dlp that we need to have but also saw some custom capabilities custom words values and keywords that you could enter as well so whatever we don't have there if you need it you can create your own rules out of that as well is that correct exactly exactly correct jason so you know since we're on the topic of data loss prevention you know data security jason one of the other things i wanted to show today is um what i showcased is inline dlp so beyond force in real time inline dlp if you look at under you know different vendors in the in the market today or just standalone dlp vendors they support what's called multimode dlp which means i support the inline use case but i also want to support api use case so a lot of us are working from home you know we're accessing uh cloud applications today don't use vpn all the time but i need a way to be able to connect in and get some visibility to what's happening within those applications so one of the things we've introduced is this dashboard called the cloud malware dashboard where we connect to these supported applications in my case i'm connecting to webex teams in box we do support dropbox office 365 today we're adding a few more of applications in the next few quarters but what it's doing is essentially scraping or or scanning all of the data at rest all the files that currently live in these applications and now i can go in here and say oh wow for webex teams i have all of these files that are actually malicious so as an admin i know that i need to take some action to figure out what's going on right so from here this will tell me what the platform is it's webex teams what the instance is who the owner is where what location it's in the size of the file and then i can take some further actions in this case i can analyze it in virustotal we will have very soon an option to pivot to cisco umbrella investigate and then we'll probably have some integrations with things like cisco secure x as well to be able to take that the action a little bit further so really you know showcasing inline api base and we're only going to continue to expand these capabilities so i'm going to shift gears so we talked about you know all the different things we can do from an enforcement perspective i wanted to focus a little bit on uh the admin perspective so you know as we're adding on a lot of these features right uh it could be a beast so one of the things we've we've done recently is we've shifted the way you create policies for swg which is our our web proxy capability and we've moved from a setup wizard driven kind of workflow where you have to click through multiple screens to set up a policy to a rules-based workflow so the first thing we've done is you can see at the bottom here we have this concept of rule set so rule set contains all of the different policy components we previously had an umbrella so that means my identities choosing the type of block page i want adding on tenant controls like i showed earlier adding on the file types that i want to enforce so all of these things are now just shifted into a rule set and to simplify things even further we've added this concept of rules so rules are our top down approach so if you're familiar with the creating you know acls inside of a firewall what we're doing is we're matching the rules in order and it's very simple so we create the rule name i choose my rule action so i have all the actions that are supported with my swg today choose my identities that i want to apply this role to and choose my destinations so destination can today either be an application a content category right adult category gambling alcohol etc and then a destination list which are basically a list of custom domains that you want to uh do some enforcement on okay and the last thing and again this is fairly new to umbrella as well is the ability to set a schedule for each of each individual rule so if i want to set a time zone to say hey i have a pretty restrictive rule here but i only want to uh have enforced doing like lunchtime or lunch hours or doing working hours what have you i have the ability to do that so the way this is processed once all of these criterias are met for rule number one process it execute it drop down and hit rule number two and so on and so forth and the other cool thing is if i wanted to reorder the rules and say hey i actually want this uh this rule here to move up and now this is the first rule in place and i can go back and move it as i need to i don't have to save anything i don't have to apply anything it just applies it automatically so the other thing that i showed here is we have you know our rule actions you probably noticed that there's a few things that that may look new to you so we have allow we have block everyone is familiar with that we've added this concept of warn so warn is i want to warn certain content categories or domains for users so if they're accessing something and maybe it isn't fully compliant or you know something that we deem that they shouldn't access but are allowing them to anyway we'll present them a message to say hey warning you're about to access a website that maybe isn't deemed appropriate based on hr or what have you but the user has the ability to click through and access it anyway and that will be get sent to our reporting the other action we have here is called isolate so there's a new function in umbrella called remote browser isolation rbi for short and the isolate function basically takes whatever content you you want so whether that's a website a you know using youtube or a document and basically does a redirect and isolates that traffic so isolation means it's in this kind of self-contained version of that content or of that site now to the user this is fully transparent so as they're browsing through and they suddenly get hit you know trigger an isolate rule it'll be transparent and they're just using the the content as they need to so one of the use cases here is if you want to isolate like certain document files for example word x or pdf will isolate it it strips out all the co the macros and scripts that are running and gives them a clean version to view at that point and the benefit is they're not bringing back any kind of malware or potential vulnerabilities back into the environment so one example i wanted to show is i ran through some uh i created an isolation policy earlier uh yesterday so i can quickly show you what that looks like in reporting so i chose to isolate youtube.com so i want to say look isolate everything that has to do with media and you can see a bunch of uh kind of triggers here the action shows isolate and then i can view all the details that i need to for youtube right to say yes it wasn't fully isolated by umbrella so jason that was really it for the demo today so i kind of ran through a lot of different use cases right um again kind of the focus around what we're doing to support remote users again this is fully done through my uh anyconnect client so i'm mimicking myself as a remote user but also showing some of the new capabilities we're adding on um based on some of the requirements customers have around sassy as well so tenant controls rbi dlp etc well like i said seeing the the continued evolution of new feature sets and functionality uh is is indicative indicative of the the level of commitment that we have with this product and how we continue to develop it i mean this is a nice healthy list of new functionality and capabilities we saw dlp we saw tenant control we saw cloud malware we saw web policy we saw remote browser isolations there's like five things right there that are how we're staying busy with umbrella so if anybody wants to learn a little bit more about this technology be sure to check out our landing page at cisco.com go slash umbrella and you can always check out additional episodes of threatwise tv and see other things about umbrella like how we integrate with other parts of sassy like sd-wan with our viptela solution so how umbrella and viptela are working together it's a great episode that we've uh we've posted recently so anyway you can always check out additional episodes about all of our technologies at cisco.com go slash threatwise so nittan thanks so much for coming on and for now again jason wright everybody stay safe out there and thanks for tuning in to this episode of threat wise tv

Info

Channel: Cisco

Views: 743

Rating: undefined out of 5

Keywords: cisco, cloud malware, dlp, remote browser isolation, sase, secure web gateway, security, swg, tenant control, umbrella

Id: 8JkWaDfkhqA

Channel Id: undefined

Length: 15min 37sec (937 seconds)

Published: Wed May 12 2021