Licensing |
by the number of users |
Security & Controls |
DNS-layer security |
Block domains associated with phishing, malware, botnets, and other high risk
categories (cryptomining, newly seen domains, etc.) |
● |
● |
● |
Block domains based on partner integrations (Splunk, Anomali, & others) and
custom lists using our enforcement API |
● |
● |
● |
Block direct-to-IP traffic for C2 callbacks that bypass DNS |
|
● |
● |
Secure web gateway |
Proxy web traffic for inspection |
|
Traffic associated
with risky domains via
selective proxy |
All web traffic |
Decrypt and inspect SSL (HTTPS) traffic |
|
With selective proxy |
● |
Enable web filtering |
By domain or
domain category |
By domain or
domain category |
By domain, URL,
or category |
Block URLs based on Cisco Talos and third party feeds, and block files based
on AV engine and Cisco Advanced Malware Protection (AMP) data |
|
With selective proxy |
● |
Use Cisco Threat Grid cloud sandbox environment to analyze suspicious files
(200 files/day) |
|
|
● |
Use retrospective security to identify previously-benign files that
became malicious |
|
|
● |
Cloud-delivered firewall |
Create layer 3/layer 4 policies to block specific IPs, ports, and protocols
|
|
|
● |
Use IPSec tunnel termination |
|
|
● |
Cloud access security broker |
Discover and block shadow IT (based on domains) with our
App Discovery report |
● |
● |
|
Discover and block shadow IT (based on URLs) with App Discovery report |
|
|
● |
Create policies with granular controls (block uploads, attachments, and posts)
for select apps |
|
|
● |
Umbrella Investigate |
Access Investigate’s web console for interactive threat intelligence (5 logins) |
|
● |
● |
Use the Investigate on-demand enrichment API to enrich other tools/systems
with domain, URL, IP, and file threat intelligence (2,000 requests per day) |
|
● |
● |
Integrate with Cisco Threat Response to aggregate threat activity across Cisco
AMP, Threat Grid, Email Security, NGFW, and Umbrella |
With enforcement
API only |
● |
● |
Deployment & management |
Traffic forwarding |
Forward external DNS traffic for:
On-network protection via Cisco (SD-WAN, Meraki MR, Integrated Services
Router, & Wireless LAN Controller) and third party integrations (Cradlepoint,
Aerohive, & others)
Off-network protection via AnyConnect, Umbrella roaming client, and Cisco
Security Connector for iOS
|
● |
● |
● |
Send outbound network traffic via IPSec tunnel, proxy chaining, or PAC filesI ●
|
|
|
● |
User attribution
|
Create policies and view reports by:
• Network (egress IP)
• Internal subnet²
• Network device (including VLAN or SSID)
• Roaming device
• Active Directory group membership (including specific users)⁴
|
● |
● |
● |
Create policies and view reports using SAML |
|
|
● |
Management
|
Customize block pages and bypass options |
● |
● |
● |
Use our multi-org console to centrally manage decentralized orgs |
● |
● |
● |
Use our management API to create, read, update, and delete identities
using own internal tools |
● |
● |
● |
Reporting and logs
|
Leverage real-time activity search and our reporting API to easily extract
key events |
● |
● |
● |
Choose North America or Europe for log storage |
● |
● |
● |
Use customer or Cisco-managed AWS S3 bucket to export and retain logs
as long as needed |
● |
● |
● |
Access domain request logs in our user interface (30 day: detail, 1yr: summary) |
● |
● |
● |
Access full URL logs in our user interface (30 days: detail) |
● |
● |
● |
Access firewall (IP, port, and protocol) logs in our user interface
(30 days: detail) |
● |
● |
● |
Support |
Enhanced - 24 x 7 technical + on-boarding
|
Required |
Premium - 24 x 7 technical + on-boarding + Technical Account Manager (TAM)
|
Optional upgrade |
Learn More |
Learn More
|
Learn More
|
Learn More
|