Sie sind auf Seite 1von 9

WHITE PAPER

30 Minutes to
a more secure
enterprise.
Why Cisco Umbrella is the simplest decision you
can make to improve your company’s security.
You have to make some serious security decisions when you’re an
IT leader. That’s because both the volume and sophistication of
attacks are intensifying relentlessly — and it’s clear that conventional
defenses alone are no longer adequate. More effective blocking of
attackers is particularly important because under-the-radar attacks
are wreaking havoc on enterprises that rely on antivirus products,
firewalls, and sandboxing alone.

Plus, no one has an unlimited security budget — so you must act


quickly to enhance your digital security without spending excessively
or overburdening your staff.

Given these realities, DNS-layer security offers extremely


compelling value. With the right combination of internet
infrastructure data and predictive intelligence, a DNS-layer solution Security in the DNS-layer
can quickly identify malicious domains even before those domains
and IPs are used to actually launch any type of attack. In fact,
DNS-layer security is especially useful as your first line of defense,
because DNS requests precede all internet activity.

This proactive DNS-based identification of malicious domains


enables you to do the following:

• I mmediately block dangerous connections between your


users and any potentially malicious domains

• S
 top command-and-control (C2) callbacks and data
exfiltrations — even if you haven’t yet noticed or pinpointed a
compromised internal host

• D
 ramatically reduce security incidents and alerts by
proactively neutralizing them before they occur

© 2016 Cisco and/or its affiliates. All rights reserved. 2


Just as important, because DNS- • The sophistication
based security technology is of deceptive email
available as a cloud-delivered spearphishing techniques
service, you can gain all of these that enable attackers to bypass
benefits within just 30 minutes conventional defenses and
of reading this document. All successfully install ransomware
you have to do is send your DNS and other malicious code
requests to Cisco Umbrella.
• T
 he ease with which
attackers can now generate
New defenses one-off malware packages
Innovation isn’t restricted
to legitimate businesses.
for new threats that can’t readily be detected Attackers also innovate
using conventional signature- aggressively, motivated
Innovation isn’t restricted to by financial rewards. 
based solutions — no matter
legitimate businesses. Attackers
how quickly those signatures
also innovate aggressively. This
and profiles are updated in
innovation is in part motivated
response to attacks elsewhere
by necessity, since the security
industry has a pretty good track • T
 he trend toward “low and
record of developing policies, slow” attacks that evade
processes, and products to cope conventional network-based
with each new wave of attacks. defenses and thereby allow
attackers to infiltrate enterprise
In recent years, however, attacker
infrastructure and take data
innovation has also become even
over extended periods of time
more motivated by the growing
without detection
financial rewards that come with
successful criminal activity. As • T
 he speed and adaptability
people and organizations make with which attackers spin up
greater use of digital technology, attack infrastructure, which
the volume and value of their creates new challenges when
data are increasing. Attacks can it comes to identifying and
be highly profitable, whether blocking potentially malicious
they take the form of data theft traffic
and subsequent resale on the
open market or the increasingly • T
 he advent of malware kits
common ransomware attacks, and malware-as-a-service
which force an organization to resources that substantially
pay for access to its own data. increase threat volume
by empowering individual
Several aspects of attack bad actors and criminal
innovation have become organizations to engage in
particularly troubling to enterprise cyberattacks despite their
IT security leaders, including: personal lack of technical
skill sets

© 2016 Cisco and/or its affiliates. All rights reserved. 3


DNS-layer network security should
be cloud-delivered

Multiple fragmented internet connections are  ith a cloud security platform, management of
W
difficult to secure. DNS requests can be unified and secured across
all endpoints.

ISP? ISP1 ISP? ISP1


Enterprise Enterprise
Home location A
Home location A
users Internal InfoBlox users Internal InfoBlox
appliance appliance

Enterprise Enterprise
Roaming location B
ISP? ISP2 ISP? Roaming location B ISP2
laptops Internal Windows
DNS server laptops Internal Windows
DNS server

Remote Enterprise
Enterprise
sites location C Remote
Internal BIND server location C
sites
ISP3 Internal BIND server
ISP? ISP3
ISP?

Recursive DNS for internet domains

Authoritative DNS for intranet domains

Recursive DNS for internet domains

Authoritative DNS for intranet domains

This multidimensional attack would itself be secure VPN connections back to the enterprise),
troubling enough for IT security leaders. However, and an often overwhelming volume of security alerts
the heightened risk caused by new kinds of generated by the multiple generations of “point”
attacks is exacerbated by changes taking place security solutions that IT has accumulated over time.
in the enterprise itself. These changes include an
expanding threat surface, the growing tendency of The bottom line: IT security leaders are looking for
mobile users to connect directly to cloud resoures more effective security strategies that don’t add
via unsecured public Wi-Fi (rather than through complexity to their security operations.

© 2016 Cisco and/or its affiliates. All rights reserved. 4


The indispensability of DNS-layer security
DNS-layer security operates on the simple principle that attacks — no
matter how sophisticated or unique — must originate from somewhere.
By pre-emptively blocking all requests over any port or protocol to
any and all suspicious “somewheres,” DNS-layer security can stop
command-and-control exfiltration, ransomware, and other attacks
without the burden of first having to identify the specific nature of
those attacks. Bad domains are blocked because they are quickly and
accurately identified as bad domains.

Attacks never get a chance to carry out their malicious work, because
they never touch the network, endpoints, or any protected remote user
outside the corporate network.

There are two basic elements to DNS-layer security: 

1. Predictive identification threat to the business. Because


of malicious hosts. By this blocking is provided as a
DNS-layer security can
aggregating and analyzing cloud service, its protection can
stop attacks without
DNS-related data, including be extended anywhere users go first having to identify
tens of billions of daily DNS — including to roaming laptops the specific natures of
requests, WHOIS records, outside the network perimeter. those attacks.
and Border Gateway Protocol Because such a blocking service
routing information, it’s possible will be used for all DNS requests
to identify suspicious domains across all endpoints, it also
with a very high degree of needs to be highly reliable and
accuracy. This analysis entails not introduce latency into the
more than merely blacklisting user experience.
hosts in newly created domains.
It also involves sophisticated The combination of intelligent
analytical models that automate attacker identification and cloud-
the detection of anomalies — based request blocking provides
such as detecting suspicious benefits that are indispensable
domain traffic spikes that are in today’s intensifying threat
characteristic of attack activity environment. Those benefits
and using natural language include:
processing to flag domain
• Proactive protection against
names, including slightly
emerging threats. With
obfuscated brand names that
predictive DNS-layer security,
are typically created for use in
IT doesn’t need to wait until an
spearphishing campaigns.
attack is launched and identified.
2. DNS request blocking as a Attacks can be stopped in
cloud service. Armed with their tracks before they ever
a constantly updated list of come into contact with the IT
suspect domains, a cloud environment, regardless of how
service provider can pre- well-camouflaged their
emptively block requests for any malicious payloads or social
domain or IP that might pose a engineering techniques may be.

© 2016 Cisco and/or its affiliates. All rights reserved. 5


DNS-layer network security should
block threats others miss. 

91%
of C2 can be
blocked at the
DNS-layer

15%
SWG
Cloud or of C2 bypasses
on-prem web ports 80 & 443

Infected device

• Early interdiction of can represent a substantial cost lax practices by contractors


command-and-control traffic. savings and allow staff-hours to and other third parties. By
In cases where an infiltration be reallocated to higher-value implementing DNS-layer
does occur, DNS-layer security tasks. security, businesses can better
can put a rapid end to C2 traffic protect themselves against
and prevent data exfiltration. • M
 ore agile and aggressive these vulnerabilities without
Communication with malicious adoption of cloud placing excessive compliance
domains is blocked because opportunities. Security burdens on their partners.
the domain is malicious, not concerns often inhibit
because any exfiltration has to businesses from adopting new The bottom line: No organization
first be specifically identified. cloud or as-a-service solutions. should wait until after an attack
DNS-layer security can allay is launched to neutralize it —
• Reduced security alert traffic. some of these concerns, especially given how difficult
Because DNS-layer security allowing more aggressive it is to do so in a sufficiently
blocks such a high volume adoption of cloud-based timely manner. Instead, all IT
of malicious activity before it services. security leaders should make
comes in contact with enterprise proactive DNS-layer security a
IT infrastructure, it can • M
 itigation of contractor and core component of their overall
significantly reduce the volume partner vulnerabilities. Many enterprise strategy.
of alerts that the security staff organizations have suffered
has to review and clear. This security breaches because of

© 2016 Cisco and/or its affiliates. All rights reserved. 6


Why Cisco Umbrella?
Umbrella is committed to delivering the best, most reliable, and fastest
internet experience to every single one of our more than 65 million
users. We are the leading provider of network security and DNS services,
enabling the world to connect to the internet with confidence on any
device.

We are unique among security providers for several reasons, including:

• A
 decade of DNS leadership. anomalies. In fact, the automated
Ten years of hands-on generation of malicious
experience working with DNS infrastructure by attackers has
technology and data gives Cisco become so commonplace
Umbrelsignificant advantages that it’s not anomalous at all.
when it comes to understanding That’s why Cisco Umbrella has
how both legitimate and developed highly specialized
nonlegitimate parties register models that block 7 million
domains, provision infrastructure, malicious destinations at any
and route IP traffic over the given time — and that often
autonomous system life cycle. detect them before any other
security provider on the planet.
• U
 nmatched DNS data volume
and variety. The accuracy and • N
 o added latency, 100%
completeness of any analytic uptime service. As a DNS
OpenDNS is the leading
outcome is largely contingent provider, Cisco Umbrella has
provider of network
upon the quality, volume, and crafted a highly resilient network security and DNS services,
completeness of the data environment that boasts 100% letting you connect to the
inputs. As a DNS provider, Cisco uptime since 2006. We also internet with confidence.
Umbrella processes 80 billion peer with more than 500 of
DNS requests for 65 million users the world’s leading internet
and 12,000 businesses every service providers and content
day. By combining that data with delivery networks to ensure
third-party feeds, Cisco Umbrella that our response times are
possesses unmatched visibility some of the fastest worldwide.
into DNS activity worldwide. Use of Umbrella does not add
any latency to our customers’
• D
 ifferentiated algorithms and network performance — and
analytics. The statistical models in many cases performance is
required for truly effective and even better than that of their
predictive DNS-layer security incumbent regional provider.
go far beyond simply spotting

© 2016 Cisco and/or its affiliates. All rights reserved. 7


Where do you enforce security?

Malware
C2 Callbacks
Phishing

Umbrella

Network and endpoint


First line It all starts with DNS
NGFW
Network and endpoint Precedes file execution
Netflow and IP connection
Proxy
Endpoint Used by all devices
Sandbox Router/UTM
Port agnostic
AV AV AV AV AV

HQ BRANCH ROAMING

• 30-minute deployment. Implementing Umbrella is also far simpler,


faster, and less disruptive than any other security solution. Any
business that’s using the internet is already sending its DNS requests
to external servers. It’s just not reaping the benefits of the industry’s
leading DNS-layer security intelligence and domain blocking at the
same time. To gain those benefits, all that’s required is to point those
requests to Umbrella. It’s that easy.

Cisco Umbrella is the most trusted name in networking. Cisco


makes it easier for IT organizations to leverage Umbrella technology
as part of a multilayered security architecture that includes firewall,
sandboxing, and endpoint protection from Cisco and its certified
partners.

These distinctive attributes make Umbrella inarguably the best choice


for enterprise-class threat protection.

© 2016 Cisco and/or its affiliates. All rights reserved. 8


30 minutes to a safer enterprise The Cisco Umbrella advantage

Umbrella is a proven service provider whose security services are


#1 with/65M+ daily active users
fastest & most reliable DNS
completely nondisruptive. Identification and blocking of malicious
infrastructure are simply value-adds provided as part of a high-
performance DNS lookup service that replaces whatever service is
already being used. There are no new boxes to add, nor is there any
new technology debt or vendor lock-in. In fact, Umbrella is so simple 80B+ daily internet
requests or connections
to implement that you can try it for free just by clicking the link below.

The bigger risk is to postpone implementation too long. Threat


activity has become extremely intense, and conventional defenses 3M+ daily new domain names
discovered
don’t provide sufficient protection.

A mere 30 minutes from now, any business can be more secure than it
was before. That’s the simple reality of DNS-layer security.
60K+ daily malicious destinations
indentified

1. L
 ancope Research. “Visual Investigations of Botnet Command and
Control Behavior.” 2013.

7M+ enforced at any given time


total malicious destinations
2. Cisco. “Cisco 2016 Annual Security Report.” January 2016.

80M+ blocked
daily malicious requests

To launch a free 14-day trial


of Umbrella, simply click
signup.opendns.com.
There’s no cost, no
obligation, and no phone
calls. Just immediate,
substantial improvement of
your organization’s security —
along with a time- and
money-saving reduction in
your security alert volume. 

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the
U.S. and other countries. To view a list of Cisco trademarks, go to this URL: www.cisco.com/go/trademarks. Third-party trademarks mentioned are the
property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (1110R)