Improve your Cyber Security Posture in 2022 with Cisco Umbrella

Improve your Cyber Security Posture in 2022 with Cisco Umbrella
Improve Cyber Security Posture with Cisco Umbrella banner

Cyber security expertise has become a hot commodity in the past few years. The emergence of several high-profile cyberattacks and widespread vulnerabilities has been damaging to many companies globally. Coupled with the fact that cyber security talents are at an all-time low globally, making it even more so in the Philippines. This issue affects both enterprise and SMB companies alike. However, the main difference, is that SMB companies do not have the resources nor the budget of enterprises. around 60% of small and medium businesses go out of business within six months of a cyberattack.

So what can SMB companies do to prevent being part of that chilling statistic? This is where security solutions like that can improve cyber security posture like Cisco Umbrella can help. Cisco Umbrella was awarded last year as the best SME Security Solution in the SC awards and is nominated again for this year. Cisco Umbrella helps businesses block threats before they reach the network, endpoints, and end users. It does this by monitoring the DNS requests of users and checks for any known malicious websites associated with the said URL link.  This allows for your team to monitor and enforce policies in a more central way. Written below are a few features in which you can improve your cyber security posture with Cisco Umbrella.

Preparing for Remote Work/Hybrid Setups

Improve Cyber Security Posture with Cisco Umbrella wfh

Whether your company is returning to the office or adopting for a hybrid or remote work setup, your business should always be ready to protect your users outside the office perimeter. As the past year has shown, we can always be put into a spot where we have to work outside the office perimeter. Keeping your users secure from malware and enforcing security policies anywhere at anytime is key to protected business data.

Cisco Umbrella can help filter out the content and enforce security protocols event outside your network. This can even be set on a timely basis to ensure that users are not disrupted from personal commitments and can be location based.

Strengthening Security Infrastructure to lessen Disruptions

Improve Cyber Security Posture with Cisco Umbrella disruptions

There has been many instances of network disruptions, outages, and downtime during the past years. While they may not be instances of cyberattacks, they are also a cause for concern in the business perspective.

Take for example the 2021 Akamai outage, many companies were crippled during this software configuration update. However, those subscribed to CISCO Umbrella were able to leverage the unique DNS logging system included in the DNS-layer security. This kept them connected to their critical cloud tools despite the provider outages.

Security at no cost to Performance

Your security within your company should not hinder your network’s performance for end users. If users start experiencing slow downs due to your security solution, you effectively sacrificed performance for security. This in the long run can end up costing your company a significant amount of profit and might encourage users to use backdoor applications for convenience.

Cisco Umbrella works seamlessly behind the scenes to ensure that your users don’t even know it’s running in the background. In fact, Cisco Umbrella can also help your performance with some SaaS applications with its secure connection to some of the leading SaaS applications.

We will be covering this topic in-depth in a later article to further discuss the capabilities of Cisco Umbrella. If you would like to learn more now however, you may contact us at marketing@www.ctlink.com.ph so we can set a customer meeting with you at your convenience!

Cisco Umbrella: Camuto Group Case Study

Cisco Umbrella: Camuto Group Case Study

The Challenge

A US footwear and lifestyle brand company, the Camuto Group, has been thriving in their industry due to the unique designs that sets them apart from the competition.  However, the company’s creativity is also one of its IT’s main pain points when it comes to security.  With almost 100 employees working remotely and another 250 roaming laptop users, it makes it difficult for IT to allow the flexibility to access the wide range of edgy sites which many web filtering solutions block incorrectly.

Tom Olejniczak, Camuto Group’s network engineering manager says that they found the traditional approach to securing the web experience (Proxy servers) caused too many problems that needed manual resolution.  Meaning whenever someone could not access a site, someone from IT had to go to that user to help resolve the issue, which was not feasible for them given the multiple remote and roaming users.

They needed to find a network security solution that protected on and off-network devices which didn’t add to their latency that could help them as malware and social media started to cut into the productivity of the users.

The Solution

Tom says that the company has been following Umbrella as their first line of defense since it was still OpenDNS.  However, to test if there were better alternatives, they decided to try two similar products to Umbrella.  The result of the test was that Umbrella outperformed both products whether it was by malware protection and overall user experience.

This was achieved by deploying Umbrella’s virtual appliances.  This gave them the visibility to see if internal networks or Active Directory users were infected or targeted by attacks without the need to touch devices or reauthenticate users.  Users working out of the corporate network are protected via Umbrella’s roaming client which was simple to put in place as adding someone to a group in Microsoft Active Directory.

The Camuto Group saw immediate impact on the security, almost four hundred detections of malware were redirected on a daily basis.  The solution itself also was great for user experience as it is unobtrusive and even helped improve the speed of the internet slightly, about five to ten percent.

The ability to white and black list sites was one of the main concerns of the company that Umbrella helped solve quite easily.  Tom says that they are able to choose safe and HR-acceptable categories for content filtering fast, it would usually take them about 3 minutes make a change.

To learn more about the Cisco, you may check out our product page here or you can contact us directly at 893-9515 for more details!

University of Kansas Hospital: A Cisco Umbrella Case Study

University of Kansas Hospital: A Cisco Umbrella Case Study

The challenge: gaining transparency to secure sensitive data

Ranked among the nation’s best hospitals every year since 2007 by U.S. News & World Report, The University of Kansas Hospital is the region’s premier academic medical center. Physicians teach as faculty members at the KU School of Medicine and are at the forefront of medical discoveries taking place at the KU Medical Center, a research leader in cancer treatment and prevention, neurology and liver and kidney transplantation.

Like every hospital, University of Kansas Hospital prioritizes its IT security as to avoid threats such as malware from affecting or theft of its patient’s sensitive data.  This means that they have to safeguard every medical device that is connected to their network, any compromise to this could cause a life-or-death situation.  Besides this, as an academic hospital as well, they also deal with a lot of sensitive research data and intellectual property.

When the time ransomware was beginning to impact hospitals around the world, University of Kansas Hospital started to look for security solutions that would help deliver their commitment for the best possible healthcare experience.  This led them to realize that visibility was a major challenge and attacks were starting from DNS.

The solution: security that starts at the DNS layer

To start improving the existing security design, University of Kansas Hospital started to initially implement different solutions to help produce very basic information about the infected machines, however they lacked full visibility into the source of the infection.  Meaning that they could see the malicious sites being accessed but only trace the infection only till the proxy server, IP address, or their DNS server.

 “First we just pointed our external DNS requests to Cisco Umbrella’s global network, which netted enough information to prompt an instant ‘Wow, we have to have this!’ response,” Duong says. “When our Umbrella trial began, we saw an immediate return, which I was able to document using Umbrella reporting and share with executive stakeholders. Those numbers, which ultimately led to executive buy-in, spoke volumes about the instant effect Umbrella had on our network.”

After they did an initial test of pointing their external DNS requests through the Cisco Umbrella global network, it provided enough information for them to immediately start a trial with Umbrella.  After beginning their trial, they were able to see immediate returns, which were then documented through Umbrella’s reporting and shared to their executive stakeholders.  This eventually led to an executive buy-in for Umbrella.

The result: Bolstered security and unprecedented insight

For University of Kansas Hospital, Deploying Umbrella was fast while also giving them an immediate time-to-value experience.  In just one hour of Umbrella going live, they saw a huge increase in visibility, protection, and blocked malicious traffic.  From their usual 100,000 hits against the network (20 to 30 percent of which were ransomware), they were able drop the number down to nearly zero with Umbrella.

Once they enabled AD integration as well to their Umbrella (which took only an hour), they were able to move from struggling to find attacks to being able to correlate users with events and trace every clock of their online journey.  This also gave them ways on how to investigate and understand each threat that was hitting their network to help better understand user behavior to help better mitigate them as efficiently as they can.

Cisco Umbrella has dramatically improved the incident response of University of Kansas hospital for the better, one incident before Umbrella would have taken 2 days now has been lessened by at least 75% or even can be done in 30 minutes.



To learn more about Cisco products, you can visit our Cisco Product Page here or you may call us at 893-9515 and we would be happy to answer your inquiries!

New Vulnerability aLTEr Discovered by Researchers

New Vulnerability aLTEr Discovered by Researchers

Researchers from Ruhr-Universität Bochum & New York University Abu Dhabi have recently discovered three types of attacks/vulnerabilities for devices using Long-Term Evolution (LTE) network protocol that cyber criminals can use to steal your data.  The researched team has dubbed the attacks as “aLTEr”.  With LTE (a form of 4G) as a standard in the mobile communications industry, many of their users can be affected by these new attacks.  However, according to the researchers, the efforts in which to do these attacks are so high that they will most likely only target those of special interest like politicians or high-level management of corporations.

aLTEr attacks can either be passive or active in nature.  The passive attacks are considered so as they do not directly interfere with network connections, what they cyber criminals do are to release a type of tool in which they use to eavesdrop on the activities of the user.    This means that they can monitor your internet activities and collect information on the user’s habits on the internet and use it to their advantage.

An active attack on the other hand, makes use of the middle-man method.  Through the vulnerability found within the data layers, attackers are able to intercept your traffic with the network.  They are able to fool the network into thinking that they are the user and vice versa so that they may redirect you to a malicious website rather than the intended destination so that they may try to steal your data or infect your device without you nor the network knowing.

Although stated that this is not vulnerabilities which will affect the majority of LTE users, there are still those at risk.  The researchers have recommended the following steps you can take to avoid prevent these attacks:

  • Update the specification. A specification updates means that the implementation of all devices must be changed, which leads to a high financial and organizational effort. This is likely not feasible in practice.
  • Correct HTTPS configuration. Using correct parameters for HTTPS (especially HTTP Strict Transport Security (HSTS)) helps to prevent the redirection to a malicious website. It can act as an additional layer of protection.
  • Virtual Private Network (VPN). Using VPN tunnel with integrity protection and end point authentication helps to prevent the attack. The VPN tunnel acts similar to HTTPS as additional security layer.

For those interested in an extra layer of defense against attacks like aLTEr, Cisco Umbrella and Cisco AMP for endpoints are the solutions you are looking for.  Cisco Umbrella acts as your first layer of defense as it protects your endpoints from downloading malicious requests such as phishing attempts or infected websites trying to download in the background.  For threats that can’t be blocked by umbrella, such files downloaded by the user outside of the Umbrella network, there is Cisco AMP for endpoints.  Cisco AMP for endpoints can block malware using global data analytics, perform exploit prevention, uses machine learning, perform rootkit scanning, and has a built-in antivirus engine.

To learn more about aLTEr attacks you may read up on the official website.  To learn more about Cisco Umbrella and Cisco AMP for Endpoints, you may call us at 893-9515 for more information!