Issue link: https://insights.oneneck.com/i/1093615
CHAPTER 4 Deploying Cisco Ransomware Defense 27 These materials are © 2017 John Wiley & Sons, Inc. Any dissemination, distribution, or unauthorized use is strictly prohibited. CISCO IT IMPLEMENTS UMBRELLA TO DEFEND AGAINST RANSOMWARE AND OTHER RESIDENT EVILS In April 2016, Cisco adopted Umbrella for its internal IT with two primary goals: • To increase protection against malware, botnets, and breaches: As a global DNS provider network, Umbrella sees 2 percent of the world's Internet requests. It quickly learns about and blocks emer- gent threats before they have a chance to do harm. • To gain insights about risky user behavior: Umbrella generates a log showing all activity on the Internet, regardless of port and protocol. The logs give Cisco's security and IT teams increased visibility and audit capabilities. Transitioning to Umbrella was exceptionally simple. "We added pow- erful new controls without needing to deploy new hardware, reconfig- ure the network, conduct extensive interoperability testing, or change any of our other systems," says Rich West, Cisco Information Security (InfoSec) architect. Cisco formed an eight-member team from IT and InfoSec to plan and implement Umbrella. The technical aspects of the transition took very little time. The team members spent most of their time meeting with application owners and network operations teams to explain the ben- efits of the transition and to answer any questions related to potential impacts to application or network performance. The conversion was as simple as adding four lines of code to the DNS configuration file on Cisco's internal DNS servers to direct queries to Umbrella. Now Cisco IT's DNS servers ask Umbrella for recursive DNS queries instead of asking their upstream neighbors. The conversion was so seamless that internal users didn't even know a change had occurred.