Many years ago, most companies added Internet access by purchasing some form of Internet line at the corporate office. A firewall was added to keep the bad guys from getting in. Eventually, the powers that be got word that employees were surfing to questionable sites. For instance, at one company I was at I had to show them a list of the sites people were going to – I setup a SPAN port and connected a 3rd party product that looked at HTTP/HTTPS traffic. There were some sites that were really bad and would get people in front of HR really quick (one site I remember seeing was mybigfatwhitebooty.com – seriously).
This started the purchase of URL filtering. Initially it was through something on-site like routing all web traffic through a proxy server. This was good but it created a bottleneck plus did not grow well when a company wanted to add other Internet access points. A few years back, proxy in the cloud was born. One company called Scansafe did a pretty good job at this – it worked so well that Cisco bought the company. That is roughly when I got introduced to them. Cisco rebranded it as Cloud Web Security or CWS for short.
We have been using CWS for a few years and it is definitely better that our own proxy. For starters, there is no hardware for us to deal with. Secondly, we connected our firewalls to it so all web traffic leaving the company goes through it – not just company computers. Finally, through the AnyConnect client we can redirect laptops when they are not within the confines of the company network. All was good with CWS making this security guy really happy. Unfortunately, web traffic is not always ports 80 and 443 so CWS is limited.
Umbrella to the rescue. This is another Cisco purchase previously called OpenDNS. This will eventually replace CWS (actually, CWS is getting folded into Umbrella) so it is about time for all CWS customers to start the migration. Umbrella is really cool with what they did. DNS works as a backbone for Internet traffic by exchanging names for addresses. Think of it like a location on a map. There are not many people that can tell you exactly where something is by geographic coordinates but many more can tell you a city or town name – that is kind of like DNS. Umbrella works at the DNS level and since almost all Internet traffic uses DNS then you are getting almost all traffic even when it does not use ports 80 or 443. Once again, as a security person I really like this since we can secure other connections than standard web browsing.
My current company just signed our contract for Umbrella and we will be migrating away from CWS soon. All my Umbrella knowledge is based on marketing material and talking with the engineers – no first hand experience, yet. Sometime in the future (after we are done with the migration) I will write another post on my thoughts about Umbrella. For now, I am just excited to get started.