Fire Jumper Academy

Stage 2
Cisco Umbrella
Messaging and Positioning

Submit questions here

2023

Welcome to this Fire Jumper Academy training video.

This is a Stage 2 module covering the messaging and positioning for Cisco Umbrella.

1
 ‣ Describe the industry landscape and
how to position Cisco Umbrella in it
Learning
Objectives ‣ Explain the value proposition

‣ Understand the limitations

‣ Confirm key takeaways

‣ Locate resources

By the end of this module, you will be able to describe the industry landscape and
how to position Cisco Umbrella, explain the value proposition of Cisco Umbrella, and
understand the limitations within Cisco Umbrella. Finally, you will be able to confirm
the key takeaways and locate helpful resources.

2
Why customers use Cisco Umbrella
Secure user access to the internet and cloud apps through a cloud-delivered
Defend Against Threats service -- whether users are on or off-network

Centrally manage DNS-layer security, Secure Web Gateway, Cloud-delivered

Reduce Complexity with Firewall, Remote Browser Isolation, Cloud Access Security Broker, Data Loss
Multi-function Security Prevention, Cloud Malware Detection and interactive Cisco Talos threat
intelligence

Value in minutes via Umbrella’s integration with Cisco ISR 1K, SD-WAN
Embrace Digital (powered by either Viptela or Meraki), ISR4K, WLAN and more to protect
Transformation against malware, ransomware, phishing, and other internet threats (even from
branch offices, which can also expose Shadow IT)
Cisco Umbrella
Reduce time, money and resources needed to launch new initiatives or adjust
Agility to adapt to unexpected changes with built-in flexibility and scalability to deploy what is
needed by location and user

Achieve highest level of protection with DNS industry leadership, SIG

Efficacy of the solution Advantage, and unmatched Cisco Talos threat intelligence

© 2023 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 3

The top reasons our customers use Cisco Umbrella include:

it defends against threats
it reduces complexity with multi-function security
it embraces digital transformation
it is highly adaptable
it is efficient
Some of the primary reasons that customers use Cisco Umbrella are outlined here for
you.

3
Industry Landscape

Let’s look at the market trends that lead directly to significant Cisco Umbrella sales
opportunities.

4
A lot of things have fundamentally changed how users work today. Your network is
changing, and you’re probably revisiting how your security architecture fits in.
Let’s look at a few examples.
First, applications have moved to the cloud. The business is often driving the use of
more Software as a Service (SaaS) applications. One risk can be where users install
and use applications on their own, without proper vetting from IT. They could start
using risky applications and giving too much access to corporate information or
working around a VPN.
Second, networks are transforming with SD-WAN, and branch offices connect directly
to the internet. Many organizations extensively -- or selectively -- use SD-WAN today,
and because of that, there can be a risk to your branch offices.
Next, networks are moving to direct internet access.
And growth in the number of mobile workers translates to more work happening off
the network. In fact, it is common for users to connect directly to the cloud
applications and not use a VPN.
Finally, today's reality includes users managing a lot of complex products – which is
another factor that poses potential security risks.
All these items lead to gaps in observability and protection for your users. And, as you
know, the attackers aren't sitting back — they're constantly finding new ways to get in
and to actively exploit these gaps.

5
Challenges

Malware and Gaps in Volume and Limited security

ransomware observability complexity of resources
and coverage security tools

© 2023 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 6

From a security perspective, the rising threat activity certainly raises some
challenges. We hear from organizations that they are still dealing with attacks like
malware, ransomware, phishing, and more.
Why?
To begin, there are gaps in observability and coverage. As networks become more
decentralized, remote users find ways to go directly to the internet, thus bypassing
the centralized security stack. This user behavior significantly raises the risk of a
successful attack or compliance violation.
There can also be significant volume and complexity in security tools. In the face of
growing threats, many organizations continue to purchase new tools, which adds
integration and management complexity.
Furthermore, organizations usually have limited security resources to handle the
point products that are generating thousands of alerts. Company analysts are having
a difficult time keeping up and many alerts simply go untouched.

6
Cisco Delivers on SASE Convergence
Unifying cloud security and networking with SD-WAN automation

Security Networking

Cisco Umbrella Cisco SD-WAN

Cloud-delivered App optimization, cloud
secure web gateway, networking, integrated security,
DNS security, firewall, analytics, and assurance
CASB, Cloud Malware
Detection RBI, and DLP

Zero Trust
Network Access

Remote Access

Observability | ThousandEyes
© 2023 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 7

So what is Cisco doing to help address some of these challenges?

We are increasing our networking and security capabilities in the cloud by leveraging a Zero
Trust framework, all while offering the observability needed to identify and maintain users
and applications across the network.

Cisco released automation between SD-WAN and cloud security, a single offer that
automates the connection between Cisco SD-WAN and Umbrella. As organizations move to
direct-to-internet access, many find that the initial deployment -- such as getting tunnels set
up, or directing traffic to the cloud -- is often a hindrance.

So now Cisco has made it easy for organizations to connect SD-WAN with cloud security – for
10s, 100s, or even 1000s of remote sites. Our edge is built from the ground up on a native
cloud architecture. We aren’t “lifting and shifting” an on-premises paradigm like some of our
competitors. We even extend the solution to the management paradigm of Cisco SD-WAN
powered by Viptela and Meraki. We truly have the expertise to build cloud-scale
infrastructure globally.

7
 Secure Access

© 2023 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 8

So what is SASE?
The acronym stands for Secure Access Service Edge, which is a cloud
architecture model. It bundles network and security-as-a-service functions together
and delivers them as a single cloud service. The purpose of the service is to provide a
simple security and networking tool that is independent of where employees and
resources are located.

The Secure Access portion of SASE is a collection of the security functions based in
the cloud.

Together, the SASE solution includes cloud secure web gateway (SWG), zero trust
network access (ZTNA), cloud delivered firewall with IPS, and cloud access security
broker (CASB), to help manage secure access to websites and applications from
anywhere users are accessing them.

8
 First Step: Converge Security Capabilities in the
Cloud

80% 37%
of enterprises will of respondents
adopt a strategy to reported that they
unify web, cloud have too many
services and private security solutions to
application access by Cloud
achieve cyber
2025 DNS Access resiliency (2021
security Security
Secure survey)
Broker
web Firewall
gateway

© 2023 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 9

The move for customers to SASE is more of a journey than it is a sprint, and the
typical first step is Converging Security Capabilities in the Cloud.
One problem is that the market is emerging rapidly toward converged cloud-delivered
security.
Industry analysts at Gartner say that, by 2025, 80% of enterprises will have adopted a
strategy to unify web, cloud services and private application access—which is a 20%
increase from 2021.
• Source: “Critical Capabilities for Security Service Edge,” Gartner, 16 February 2022
(no hyperlink because Gartner only allows subscribers to access their research).
Another problem is that, as centralized security policy enforcement diminishes, the
risk of successful attacks or compliance violations increases. Security teams clearly
struggle to keep up – especially since organizations often have many separate point
solutions that are difficult to integrate and manage. In fact, a July 2021 survey of
over 3,600 IT and security professionals reported that 37% of the respondents said
they have too many security solutions and technologies to achieve cyber resiliency.
• Source: The sixth annual Cyber Resilient Organization Study from IBM Security™,
July 2021, https://www.ibm.com/resources/guides/cyber-resilient-organization-
study/

9
Value Proposition

Now let’s turn to the customer value proposition for Cisco Umbrella.

10
Umbrella top-line benefits
Inconsistent security and control Complexity straining performance Inflexible/restrictive tooling
and resources
Customer Difficultly managing risks and Difficulty adjusting to unpredictable
challenge adhering to acceptable use Tool sprawl leads to complexity that business changes while
polices. limits performance and strains maintaining secure, high
resources. performance internet connectivity.

Greater security efficacy End-to-end simplicity Agility to adapt to demands

Umbrella • Provides immediate increase in • Simplicity that lowers total cost of • Built-in flexibility and scalability to
benefits security and compliance posture. ownership. confidently launch new initiatives
or adjust to unexpected changes.
• Intelligently optimize protection • Security capability simplifies
with a multi-layered defense. management and creates greater • Extend and scale security
efficiencies at scale. capabilities as needs evolve.

© 2023 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 11

So as you can see, Cisco Umbrella has a number of top-line benefits. Simply put, Cisco
Umbrella DNS protects users globally in a matter of minutes.

It can take inconsistent security policies and give them greater security efficacy
through compliance posture.
It can overcome limited performance by amplifying security capabilities.

And it can manage complexity with built-in flexibility and scalability as security needs
evolve.

Overall, Cisco Umbrella helps to reduce the time, money, and resources required for
deployment, configuration, and integration.

11
 DNS security Fast, reliable Unmatched
industry leader infrastructure intelligence
(Cisco Talos)

24K+ 38+ 30B

business customers data centers worldwide Endpoint events per day

620B+ 1000+ 1.4M+

DNS requests resolved daily peering partnerships New malware samples per day

170M+ 6K+ 200+

malicious DNS queries blocked daily peering sessions new vulnerabilities discovered each year

99%
DNS service business uptime since 2006

© 2023 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 12

Here's why Cisco’s view of the internet is unmatched.

We have over 24,000 business customers worldwide and we process and resolve over
620 billion DNS requests daily.
Our customer base is global and we have a massive amount of data.

What's more, when you connect to a cloud security platform, performance is

critical. It cannot break or slow down your internet connection. Umbrella has had
99% uptime since its inception in 2006. This is, in large part, due to automated re-
routing made possible by our Anycast routing system.

In addition, we have unparalleled intelligence. Our DNS data serves as the

foundation for our threat intelligence. We use it to learn where the threats are
coming from, who is launching them, where they are going, how wide the net of the
attack is, and more. We combine that intelligence with data from Cisco Talos, which is
the largest non-government threat intelligence organization on the planet.

Plus, our researchers use advanced techniques like data mining and 3D visualization
to identify patterns. They are finding new ways to uncover fingerprints that attackers

12
leave behind – and then building models to score and classify the data
automatically. Our models run against our data so we can uncover malicious domains,
IPs, and URLs before they’re even used in attacks. So our security researchers are
always innovating and creating new models to provide better threat detection and
classification.

Cisco Talos also analyzes 2 billion malware samples daily, and blocks 20 billion threats
daily. That’s more than 20 times what any other vendor does! Why does that
matter? Well, when you see more, you block more. And with Cisco Umbrella and
Cisco Talos combined, we see more threats, more malware, and more attacks than
any other security vendor in the world. That’s power that every organization should
have!

12
Cisco Networking Integrations
Easily extend security across the network

MX
ISR 1K SD-WAN RV series ISR 4K
(Meraki MX)

MR
SD-WAN Meraki MR Mobility Express WLAN controller
(Viptela)

© 2023 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 13

Next, let’s review a quick summary on the networking integrations we’ve added.
Integrations with the ISR 1K and Cisco SD-WAN--powered by either Viptela or Meraki
and others--are available alongside integrations with ISR4K and WLAN.

We’re going to focus on Cisco SD-WAN powered by Viptela and Meraki integrations
today; however, it is important to note the value that all these integrations deliver.
The Cisco Umbrella network integrations allow customers to use the infrastructure
they have already invested in to deploy a solution that can help them reduce malware
by 75% and reduce security alerts by 50% - all in a matter of minutes.

What customer wouldn’t appreciate spending less time and effort deploying,
orchestrating, and managing a solution that can ALSO save them even more time and
effort?

13
SD-WAN: Umbrella + Viptela Integration
Fast forward time to value with automated security
• Hands-off automation: deploy cloud security Cisco Umbrella
across thousands of branches in minutes
DNS-layer Secure web Cloud-delivered Cloud access
• Top notch protection: defend against threats at security gateway firewall (w/IPS) security broker

the branch with the leader in security efficacy Interactive

Remote browser Data loss Cloud malware
threat
isolation prevention detection
intelligence
• Deeper inspection and controls:
SWG and cloud-delivered firewall
Direct Internet Access
with IPsec tunnels (DIA)
• Flexibility: deploy cloud security across your
Viptela platforms
• Simplified management: single pane of glass
across all offices and users HQ Branch

© 2023 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 14

Cisco Umbrella integrates with Cisco SD-WAN powered by either Viptela or Meraki to
enable effective cloud security across an organization's distributed locations and
users. Using an intuitive dashboard, a customer can automatically set up an
encrypted tunnel between Meraki or Viptela, and Umbrella. This extends the SD-WAN
fabric into Umbrella, making it easy for customers to instantly gain protection against
threats and enforce policies at a scale not possible with on-premises hardware.
Advanced security and controls include SSL decryption and inspection, as well as
protection of sensitive data. Powered by Umbrella's global cloud architecture and
Cisco Talos threat intelligence, it's the fastest, most reliable, and secure path to
applications regardless of where they are hosted.

So let’s focus on the integration between Cisco Umbrella and Cisco SD-WAN powered
by Viptela. This integration enables you to infuse effective cloud security throughout
your Cisco SD-WAN fabric. Umbrella delivers multiple security capabilities in a single
cloud-delivered service -- creating a powerful, integrated, and cloud-native security
solution that is easy to deploy and to manage.

To get started, customers can quickly deploy cloud security across their SD-WAN to
thousands of branches in minutes and instantly gain protection against threats on the
internet — powered by Umbrella’s global network and threat intelligence. With

14
simple tunnel creation to Umbrella’s secure web gateway and cloud-delivered
firewall, customers get additional security and more granular controls. Some key
benefits of the integration include accelerating time-to-value with automated
security. As you may know, deploying secure SD-WAN used to take months. But with
our automated provisioning and tunnel creation, you can easily protect branch offices
and users in minutes.

Additionally, a Secure Web Gateway (SWG) full proxy solution provides the highest
level of protection and security efficacy--and Umbrella’s Secure Web Gateway (SWG)
beats the competition.

Flexibility is key to deploy effective cloud security across all your Viptela platforms,
both vEdge and cEdge.

And we offer simplified management via the Cisco Umbrella dashboard. This
dashboard provides a single pane of glass into your security across branch offices and
users. Built-in redundancy offers protection from regional data center failure --
without added complexity.

14
Extend Umbrella Across Meraki SD-WAN Networks
• Meraki SD-WAN extends directly to
Umbrella with Auto VPN
Umbrella
• Flexible security options
(DNS or more advanced SIG
capabilities)
M
• Native SD-WAN traffic engineering
• Meraki Umbrella SD-WAN
Connector will enable SD-WAN Meraki
fabric for more intelligent path SD-WAN
Fabric
selection with zero cost!
Data center Branch

© 2023 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 15

The integration between Cisco Umbrella and Cisco Meraki MX extends the SD-WAN
fabric to the cloud with a few clicks, enabling full Umbrella Secure Internet Gateway
(SIG) capabilities for advanced inspection and control over web and application
access. The integration leverages the proprietary Meraki Auto VPN functionality to
easily configure and steer traffic from Cisco Meraki MX devices to Cisco Umbrella,
including intelligent path selection to provide users with secure access and best user
experiences when connecting to cloud applications.

15
Limitations
and
Considerations

With all of this good news, it is important for you as a seller to accurately manage
customer expectations.

16
Sizing Consideration for IPsec tunnels and
SIGraki
• Consider the number of branches and the number of tunnels required to protect these
branches.
• By default, 50 IPsec tunnels are allocated per deployment
• Increasing the number of tunnels requires further validation
• Each tunnel is limited to 250 Mbps throughput
• Edge devices need to support policy-based routing (PBR) or equal cost multi path (ECMP) to
achieve higher than 250 Mbps throughput
• Recommended 20 sites per connector

© 2023 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 17

Sizing considerations are critical.

To properly ensure customers can get the results they seek, be very careful to step
through each item on this slide – both when talking about the final customer solution
and also when preparing the Bill of Materials.

17
Cloud Delivered Firewall
• NOT to be positioned as a replacement for an on-premises next generation firewall (NGFW)
• NOT an inbound firewall
• No fully-qualified domain name (FQDN)-based policies
- Review DNS and Web policies to achieve the outcome required.

• No active directory (AD) Groups/Users-based policies

- Review DNS and Web policies to achieve the outcome required.

© 2023 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 18

While Cisco Umbrella has many capabilities, it is not a replacement for on-premises
firewalls.
There are also policy considerations shown on the slide that could be important to
your customer.

18
Data Loss Prevention (DLP)
• Not to be positioned as a replacement for an on-premises enterprise DLP solution
• Inline DLP policies apply to web traffic only
• DLP policies do not apply to isolated websites

© 2023 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 19

Furthermore, Data Loss Prevention is a huge area of importance to customers. Be

sure you understand how to position the DLP capabilities of Cisco Umbrella so that
customers can supplement it as appropriate.

19
 • Market trends necessitate
security architecture changes
• Cisco leads in SASE including
automation between cloud
security and SD-WAN
• Umbrella secures access to
Key Takeaways internet and usage of cloud
apps everywhere through
cloud-delivered service
• How and why customers use
Umbrella and its operational
benefits

© 2023 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 20

Now that we've covered the basic messaging and positioning for Cisco Umbrella, let's
summarize some of the key takeaways.

As you know, market realities and trends are causing customers to re-evaluate their
security infrastructure and management.
IT departments are recognizing the importance of embracing the digital
transformation, where their networking and cloud security worlds get connected.

Cisco Umbrella delivers user protection everywhere via a cloud-delivered service ---
offering multiple layers of observability, integration with existing networking
infrastructure, agility to address changing business demands and agility to address
changing business demands.

As you prepare for customer meetings, be sure to review the reasons why
customers use Cisco Umbrella, its primary capabilities, and some of the limitations
and considerations that will help ensure your customers keep turning to you for
sound and trusted advice.

20
This concludes the Messaging and Positioning module for Cisco Umbrella. Thank you.

21