Cisco Umbrella

Cisco Umbrella is a cloud security service that protects users from phishing, malware, and Command & Control attacks by blocking malicious sites before the connection. On top of that, it includes SIG, firewall, and CASB functionality, or integration with Cisco SD-WAN.

Availability: Available

  • Description
  • Main features
  • Licensing
  • Additional resources

What is Cisco Umbrella?

Cisco Umbrella benefits from the expertise of over 300 researchers in Cisco Talos, one of the leading commercial threat intelligence teams. By analyzing massive amounts of internet data, including domains, IPs, URLs, and files, it can effectively detect and prevent a wide range of cyber-attacks. With the aid of statistical and machine learning models, Umbrella is able to quickly identify and block emerging threats on a global scale.


Cisco Umbrella Sec Functions


Malware blocked easily

Analysing over 220 billion internet requests a day, Umbrella can efficiently block requests that connect to malware, ransomware, phishing, or botnets.

The best part is that the block takes place before the connection is established, so before the malicious sites can reach your organization’s network.

Equipped with Talos threat intelligence, Umbrella’s engines are constantly fed with up-to-date security insights. It’s backed by statistical and machine-learning models that identify new attacks and potential risks.


One dashboard only

With Umbrella, you can have all your insights under one roof.

Umbrella reports also show trends in threat activity and blocked queries by target domain:

  • what actions have been taken,
  • where did the query come from,
  • what external address was used by the user asking for such a domain,
  • what was the result of the query,
  • when exactly such a request was made,
  • we can also see what exactly has been blocked.


Run 14-days free Cisco Umbrella Trial with Grandmetric

DNS-layer Security

Umbrella’s security system works at the level of domain names (DNS), making it a quick and simple way to boost your protection against cyber threats. It improves your ability to see and understand your security status, identifies any compromised systems, and keeps your users safe even when they’re not on your network. By blocking threats before they can reach your network or devices, Umbrella is highly effective at stopping cyber attacks, no matter which methods or channels the attackers are using.

Secure Web Gateway

Umbrella’s Secure Web Gateway provides a complete record of your web traffic. You can set policies to manage access to particular websites and applications, and Umbrella will provide effective protection against malware. By forwarding traffic to Umbrella’s cloud-based proxy using IPsec tunnels, PAC files, or proxy chaining, you can ensure that acceptable use policies are being followed and prevent advanced threats from compromising your network.

Cloud Firewall

Umbrella’s firewall keeps track of all network activity and blocks any traffic that doesn’t meet the rules you’ve set for IP, port, and protocol. If you need to forward traffic to another device, you can easily set up an IPsec tunnel from any network device. Whenever you create a new tunnel, the firewall automatically applies the relevant policies, so you can quickly and easily ensure that your security settings are being enforced everywhere they need to be.

Cloud Access Security Broker (CASB)

CASB is a security feature that can help you identify and manage shadow IT – that is, any cloud applications that are being used within your organization without your knowledge or approval. By detecting and reporting on these apps, Umbrella provides visibility into the level of risk associated with them. You can then choose to block or control the usage of these apps, which will allow you to better manage your organization’s cloud adoption and reduce your overall risk level.

Threat Intelligence

Thanks to Talos special perspective on the internet, we have access to information that others don’t. This allows us to see malicious domains, IPs, and URLs that might otherwise go undetected. Using Umbrella Investigate, you can access this information in real time, either through a console or API.

With this information at your fingertips, you can investigate and respond to cyber threats more quickly and effectively, including threats such as malware, phishing, botnets, trojans, and other types of malicious activity.

Umbrella packages

How is Umbrella licensed?


Thought-through packaging options make it possible for organizations to implement Cisco Umbrella regardless of their size.

What’s more, all packages can be integrated with Cisco SD-WAN implementation for better performance and security combination.


You can choose one of 4 Umbrella licenses:

  1. DNS Security Essentials – to block threats at the DNS layer without added latency
  2. DNS Security Advantage – to strengthen DNS security with additional web protection and threat insights
  3. SIG Security Essentials – to use advanced security across the entire organization
  4. SIG Security Advantage – to benefit from L7 firewall with IPS, DLP, and more


Check full package comparison


Security and control features

Features DNS Security Essentials DNS Security Advantage SIG Essentials SIG Advantage
Secure Web Gateway
Proxy and inspect web traffic (incl. decryption of SSL (HTTPS) traffic) Partial Yes Yes
Enable web filtering by domain or category (SIG filtering by URL) Yes Yes Yes Yes
Create a custom block/allow lists of domains Yes Yes Yes Yes
Create a custom block/allow lists of URLs Yes Yes
Block files based on AV Engine and malware defense Partial Yes Yes
Use malware analytics (sandbox) on suspicious files 500/day Unlimited
Cloud access security broker CASB
Cloud app discovery, risk scoring, blocking or activity controls Partial Partial Yes Yes
Scan and remove malware from cloud-based file storage apps Two apps Yes
DNS-layer security
Block domains with malware, phishing, botnet, or other high-risk items Yes Yes Yes Yes
Cloud-delivered firewall
Create layer 3/layer 4 policies to block specific IPs, ports, and protocols Yes Yes
Leverage layer 7 protection including an Intrusion Prevention System Add-on Yes
Multimode cloud data loss prevention
Enable inline and out-of-band data inspection and blocking capabilities to protect sensitive data Add-on Yes
Remote browser isolation
Provide safe access to risky sites, web apps and all web destinations Add-on Add-on
XDR and threat intelligence
Utilize SecureX cross-product security data and automated response actions Yes Yes Yes Yes
Access Umbrella’s deep domain, IP, and ASN data for rapid investigations Yes Yes Yes


Deployment and management features

Features DNS Security Essentials DNS Security Advantage SIG Essentials SIG Advantage
Traffic forwarding
Forward external DNS for on-network coverage and off-network devices Yes Yes Yes Yes
Cisco AnyConnect client to deploy Umbrella module to forward traffic Yes Yes Yes Yes
User attribution
Create policies and view reports by network, device, and user Yes Yes Yes Yes
Create policies and view reports using SAML Yes Yes
Customize block pages and bypass options Yes Yes Yes Yes
Use our multi-org console to centrally manage decentralized orgs Yes Yes Yes Yes
Umbrella API to create, read, update, and delete IDs child orgs Yes Yes Yes Yes
Reporting & logs
Real-time activity search, plus Umbrella API to easily extract key events Yes Yes Yes Yes
Choose North America or Europe log storage Yes Yes Yes Yes
Use Cisco-managed S3 buckets or customer AWS S3 bucket Yes Yes Yes Yes