Blog

iboss cloud Integrates With Cisco Umbrella for an Additional Layer of Security and Enhanced Visibility Into User Activity

Cover Image

If your malware defense solution detects suspicious network traffic, can you quickly identify affected users using only its native reporting capabilities?

The iboss platform integrates directly with Cisco Umbrella, extending the capabilities of both platforms with comprehensive, compliance-based filtering, advanced malware defense, and deep file-based, data loss prevention (DLP). It also enhances visibility into network and user activity by capturing usernames and full URLs.

Multi-Engine Malware Defense
Reinforce Umbrella’s standard malware protection with an optimized combination of malware engines and threat feeds from industry-leading vendors and research labs. Multi-engine approaches are more likely to detect malware because each engine uses a different methodology. One engine often detects what another one misses.

Enhanced Visibility Into User Activity
The iboss cloud extends the information reported by Cisco Umbrella by capturing additional details, including usernames and full URLs. This enhances the value of Umbrella by enabling you to quickly identify users who are infected with malware or are engaging in high-risk activity.

Go Beyond Simple DNS Filtering With SSL Decryption
By allowing complete visibility into encrypted HTTPS traffic, SSL decryption enables filtering and reporting capabilities that go beyond simple DNS filtering. Now you can filter search engine queries and fine-tune user access to popular online services, such as YouTube and Dropbox. SSL decryption is included with all iboss packages.

Review Events For Both Platforms From a Single Event Log
The iboss cloud captures events from Cisco Umbrella and consolidates the data from both platforms into a single event log. This provides a convenient, one-stop location for reviewing all network and user activity. Reports can be generated from multiple perspectives and exported to a variety of industry-standard file formats.

Secure internet from any location, through the cloud
The iboss cloud provides secure internet to users from any location. This eliminates the need to have branch offices and remote users “backhaul” traffic to a data center before being sent to the internet. Since the iboss cloud provides 100% dedicated IP addresses, users always present a source IP address that is associated with your organization. This simplifies the integration with SaaS platforms, where access is typically restricted to an organization’s IP range.

Protect Confidential Assets with Deep File-Based DLP
Keeping business data safe is critical—especially when you are responsible for protecting private customer information. iboss Data Loss Prevention (DLP) uses deep file-based detection to identify and stop transfers of sensitive data, including information that is hidden inside compressed archives, like .zip files.

Extend the Capabilities of Cisco Umbrella

The integration also instantly extends the capabilities of Cisco Umbrella, including:

  • Tagging all Cisco Umbrella malware and infection detections with user names and device names for fast infection remediation
  • Applying Cisco Umbrella protection to the full URL for better botnet and malware protection
  • Logging the full URL of any incident detected by Cisco Umbrella’s threat intelligence to identify the actual botnet callback request or URL destination hosting malware
  • Provides protection for all users and devices, regardless of location, including protection for users on the road
  • More visibility and protection as users and devices are connected to iboss cloud at all times resulting in Cisco Umbrella protection at all times

Demonstration: How iboss Enhances Information Captured By Cisco Umbrella

Let’s take a look at how the iboss cloud enhances the information captured by Cisco Umbrella.

Example 1: Cisco Umbrella Activity Search

Figure 1 displays the Cisco Umbrella Activity Search page. In this example, a filter is applied so that only block events are shown.

Figure 1 - A selection of block events from the Cisco Umbrella Activity Search
Figure 1 - A selection of block events from the Cisco Umbrella Activity Search

The events show that Cisco Umbrella is blocking attempts to access domains that are categorized as Social Networking or Gambling. Notice that the values displayed in the Destination column only include the hostname portion of the URL (“xyz.domain.com”). Additional URL path and file details are not recorded. There is also no information captured about the users who are generating the network activity.

Example 2: The iboss Event Log

Now, let’s compare this with an excerpt from the iboss event log for the same timeframe (Figure 2).

The Category column provides the reason why an access attempt is blocked. Block events that are triggered by Cisco Umbrella display Umbrella in this column. The first block event was triggered by iboss DLP.

Notice that the iboss logs provide more detail about the events. The URL/Domain column displays the full URL, including the path and file portions. By inspecting the entire URL, the iboss cloud can distinguish between resources or services that share the same domain. This allows iboss to filter search engine keywords and or selectively control access to specific activities or resources for a single domain.

Figure 2 - The iboss event log displays the same timeframe with additional detail
Figure 2 - The iboss event log displays the same timeframe with additional detail

Significantly, the iboss event logs capture the username associated with an event. In this example, a single user named demouser triggered all of the block events. The iboss cloud records this information regardless of the user’s location.

The iboss event log captures events and information from both Umbrella and iboss and consolidates them into a single, convenient location. By complementing and extending the native capabilities of Cisco Umbrella, the iboss cloud enhances the value of both platforms.

Summary of Key Features

Let’s review the key benefits of integrating the iboss cloud with Cisco Umbrella.

  • The iboss cloud offers powerful multi-engine malware defense.
  • It enables granular filtering and reporting capabilities that go beyond basic DNS filtering.
  • The iboss cloud captures critical information, including usernames and full URLs.
  • It provides a convenient, one-stop event log that displays events from both platforms.
  • You can provide secure internet access from any location, through the cloud.
  • Deep File-based DLP protects confidential data, even when hidden inside a compressed, archive, such as a .zip file.