We introduced the Cisco Umbrella Branch before (a new cloud-delivered security service on Cisco ISR 4000s that provides an added layer of security protection for branch offices.)
Now, there is a new Cisco Umbrella Roaming, the security when you’re off the VPN.
Cisco Umbrella Roaming is a cloud-delivered security service for Cisco’s next-generation firewall.
Cisco Umbrella Roaming-Architecture
It protects employees when they are off the VPN by blocking malicious domain requests and IP responses as DNS queries are resolved. By enforcing security at the DNS-layer, connections are never established and files are never downloaded. Malware will not infect laptops and command & control (C2) callbacks or phishing will not exfiltrate data over any port. Plus, you gain real-time visibility of infected laptops with C2 activity.
Protect your mobile workforce with no extra agents or user actions
All Internet activity that bypasses your perimeter security is now enforced through our security service, so your off-network blind spot is eliminated. Umbrella Roaming is fully integrated into AnyConnect for Windows or Mac OS X. And unlike using the VPN, there’s absolutely nothing new for end-users to do or any performance sacrifice.2
Cisco NGFW + Cisco Umbrella
Security on and off the VPN, over any port, for Windows and Mac OS X roaming laptops.
The way your employees work has changed
82% of your workers admit to not always using the VPN2
Employees are using more cloud apps for work and leveraging their work laptops for personal use— the reality is that not every connection goes through the VPN. Your network extends beyond the perimeter, and your security must too.
49% of your workforce is mobile and under defended3
Zero-day malware spikes at night and on weekends when we’re roaming and attackers know we’re vulnerable. In fact, 22% of malicious email links are clicked when roaming.4 While security may never stop 100% of the threats, it must work 100% of the time.
How we predict threats before they happen
Real-time, diverse data reveals internet activity patterns
Correlating DNS, WHOIS, BGP, IP geolocation, SSL certificates, and even file connectivity provides a complete view of domains and IPs where threats are staged.
Automated statistical models identify malicious destinations
Similar to Amazon learning from shopping patterns to suggest the next purchase, or Pandora learning from music listening patterns to play the next song, we learn from internet activity patterns to identify attacker infrastructure being staged for the next threat.
Simple for both security & sysadmin teams
Enable Roaming in Minutes
• Simply enable the Roaming Security module available in Cisco AnyConnect v4.3 for Windows or Mac OS X.
• Deploy a stand-alone Umbrella Roaming Client for Windows or Mac OS X alongside any other remote access VPN client.
Global Security by Default
• As soon as Roaming Security is enabled, mobile workers are protected against malicious destinations.
• If a threat is requested via a web browser, end-users receive a customizable block page.
• To immediately access a blocked site, just allow the domain.
Instant Visibility into Threats
• View your daily, weekly, or monthly security events occurring off-network either in your inbox or our dashboard.
• Check if threats are trending up or down as well as the domains and laptops with the most security events.
• Respond to an incident by drilling into the full activity per domain or laptop.
Detailed Logs for Incident Response
• View and optionally filter the last 30 days of detailed, real-time Internet activity by time, domain, category, laptop, or IP location.
• “Top N” summary reports are retained for up to 2 years and can be scheduled to your and others’ inboxes.
5. cs.co/dns-latency, system.opendns.com
More details from https://www.cisco.com/c/dam/en/us/products/collateral/security/firewalls/umbrella-roaming-customer-facing.pdf