Introducing Cisco Umbrella Roaming

2023 SEASON SALE Networking and Security Showcase In-stock ICT products at exclusive discounts

We introduced the Cisco Umbrella Branch before (a new cloud-delivered security service on Cisco ISR 4000s that provides an added layer of security protection for branch offices.)

Now, there is a new Cisco Umbrella Roaming, the security when you’re off the VPN.

Cisco Umbrella Roaming is a cloud-delivered security service for Cisco’s next-generation firewall.

Cisco Umbrella Roaming-Architecture

Cisco Umbrella Roaming-Architecture

It protects employees when they are off the VPN by blocking malicious domain requests and IP responses as DNS queries are resolved. By enforcing security at the DNS-layer, connections are never established and files are never downloaded. Malware will not infect laptops and command & control (C2) callbacks or phishing will not exfiltrate data over any port. Plus, you gain real-time visibility of infected laptops with C2 activity.

Protect your mobile workforce with no extra agents or user actions

All Internet activity that bypasses your perimeter security is now enforced through our security service, so your off-network blind spot is eliminated. Umbrella Roaming is fully integrated into AnyConnect for Windows or Mac OS X. And unlike using the VPN, there’s absolutely nothing new for end-users to do or any performance sacrifice.2

Cisco Umbrella Roaming-Solution

The Solution

Cisco NGFW + Cisco Umbrella

Security on and off the VPN, over any port, for Windows and Mac OS X roaming laptops.

The way your employees work has changed

82% of your workers admit to not always using the VPN2

Employees are using more cloud apps for work and leveraging their work laptops for personal use— the reality is that not every connection goes through the VPN. Your network extends beyond the perimeter, and your security must too.

49% of your workforce is mobile and under defended3

Zero-day malware spikes at night and on weekends when we’re roaming and attackers know we’re vulnerable. In fact, 22% of malicious email links are clicked when roaming.4 While security may never stop 100% of the threats, it must work 100% of the time.

How we predict threats before they happen

Real-time, diverse data reveals internet activity patterns

Correlating DNS, WHOIS, BGP, IP geolocation, SSL certificates, and even file connectivity provides a complete view of domains and IPs where threats are staged.

Automated statistical models identify malicious destinations

Similar to Amazon learning from shopping patterns to suggest the next purchase, or Pandora learning from music listening patterns to play the next song, we learn from internet activity patterns to identify attacker infrastructure being staged for the next threat.

Simple for both security & sysadmin teams

Enable Roaming in Minutes

• Simply enable the Roaming Security module available in Cisco AnyConnect v4.3 for Windows or Mac OS X.


• Deploy a stand-alone Umbrella Roaming Client for Windows or Mac OS X alongside any other remote access VPN client.

Enable Roaming in Minutes

Global Security by Default

• As soon as Roaming Security is enabled, mobile workers are protected against malicious destinations.

• If a threat is requested via a web browser, end-users receive a customizable block page.

• To immediately access a blocked site, just allow the domain.

Global Security by Default

Instant Visibility into Threats

• View your daily, weekly, or monthly security events occurring off-network either in your inbox or our dashboard.

• Check if threats are trending up or down as well as the domains and laptops with the most security events.

• Respond to an incident by drilling into the full activity per domain or laptop.

Instant Visibility into Threats

Detailed Logs for Incident Response

• View and optionally filter the last 30 days of detailed, real-time Internet activity by time, domain, category, laptop, or IP location.

“Top N” summary reports are retained for up to 2 years and can be scheduled to your and others’ inboxes.

Detailed Logs for Incident Response


More details from


More Related

What is the Cisco Umbrella Branch?

Share This Post

Post Comment