How Cisco Umbrella (OpenDNS) protects your company
Cyberattacks are on the rise.
It’s just a plain fact. Numerous studies, reports, and surveys have pointed to the findings that not only are cyberattacks on the rise but specifically ones designed around social engineering such as phishing attacks.
Worse still – these attacks have seen an even bigger jump in frequency since remote work requirements have also increased. Cybercriminals see the amount of company devices outside the typical protections of their traditional offices being an opportunity to harvest data, lock up those devices, and make a quick buck (by the thousands).
That’s why I wanted to talk to you about Umbrella (formally OpenDNS).
At Kelser, we’ve been using this cybersecurity technology for years and as a managed service provider (MSP) in Connecticut, we’ve deployed, configured, and monitored Umbrella for many of our clients.
I truly believe that every organization regardless of industry or size should evaluate Umbrella if not actually be using it.
I recorded the video below to cover what DNS is, what DNS-based protection (like Umbrella / OpenDNS) is, what it does for you and why it's imperative to secure you and your employees regardless of where you’re working from.
If you’re already using Umbrella (OpenDNS), you may still learn more about it or how it’s protecting your organization today.
Check out my video here: https://share.vidyard.com/watch/mJHez2o9NpyboioZSJCRuU?
What is DNS?
DNS stands for domain name service or domain name system. It is, without question, the linchpin of the internet. Without DNS, the normal functionality of the internet that you’re familiar with would cease to exist.
What it does is it allows you to browse the internet by name by looking up a domain (www.kelsercorp.com for example) or machine name then DNS converts that conventional look up request to an IP address. This allows your browser to route to that target device whether it's a website, internet of things (IoT) device, video camera, or whatever it is.
So, give the DNS servers a name and they return to you an IP address. It’s a process that’s simple, elegant, and immediate.
It’s also ultimately scalable. It has scaled since day one on the internet all the way up to today with billions upon billions of websites and devices attached yet it still resolves those named IP addresses in milliseconds.
That is an amazing thing but it is also very, very simple. You give it a name; it gives you an IP address. There is no thought process to it whatsoever. It just goes out and gets it.
While that’s great, it’s also where the danger lies.
Internet-based DNS vs. Internal DNS
I want to differentiate something quickly to provide some clarity.
There are two types of DNS:
- Internet-based DNS - I would consider this “external” or “outside” by comparison. It typically applies specifically when browsing the internet or websites and devices outside of your internal environment.
- Internal DNS - Most businesses in the commercial environment likely have some sort of Windows network and if they use active directory internal to that environment there is a separate internal DNS.
For the sake of this article and video, we’re referring to internet-based DNS when referring to DNS, DNS-based protection, Umbrella (OpenDNS), and what Umbrella protects against from a DNS perspective.
How Does Umbrella (OpenDNS) Protect My Business?
When you have Umbrella running in your environment and give it a domain request, it doesn't just return the IP address record it finds and moves on like a standard DNS. Instead, it reviews and checks both the request and what would be returned before serving it to you.
It aims to determine things like:
- Is the IP address known?
- Is it valid?
- Has it been spun up in the last minute or so?
- Is it going into a geographic location that you don't want to go to?
- Is the domain a known distributor of malware or other malicious content?
If Umbrella determines that the destination that you’re looking up isn’t actually somewhere you want to be going or isn’t in your best interest (or is blocked by filters put on by you or your organization) then it doesn’t let you go to that site. This occurs on a case by case basis, but it doesn’t add any latency to the DNS process we talked about earlier.
Umbrella does all of that investigative work in a matter of milliseconds so you may not even know it’s there until you get a message that you were blocked from reaching a certain site for whatever reason.
Some examples of the cyberattacks that Umbrella can help thwart and how it does so:
Phishing – If you are sent a phishing email with a malicious link in it, and you click that link by accident or it’s a convincing email that tricks you into clicking it, Umbrella can automatically block you from going to that destination if it determines it’s a fake, spoofed, or other generally malicious type of site. Instead of being sent to that malicious site, you’d simply see a message from Umbrella in your browser window informing you that it won’t take you to that site because it determined that it’s dangerous.
Drive by attacks – Drive by attacks are typically run in conjunction with malvertising campaigns in an attempt to drop malware on your machine without you knowing. For example, you could be on a reputable site that runs ads, and perhaps you click on one by mistake. When that malicious ad goes to grab its payload to deploy on your machine, Umbrella could take note and thwart that attempt; instead returning a gray box without any content in it.
Umbrella can also help protect against bot traffic, command and control traffic, and other threats. In addition, it can provide content filtering by category for anything you don’t want your employees viewing while using their company devices (gambling, adult content, etc.).
In my opinion, this approach of shutting down attack attempts before they can even reach your environment is preferable to other situations. For example, antivirus software is pretty good at what it does, but in order for its protection features to trigger the threat (like malware or a virus) has to already be in your environment.
Paid vs. Free Umbrella (OpenDNS)
There are multiple levels of product features available for Umbrella (OpenDNS) but there are free and paid tiers.
The difference between the free and paid versions are the level (or inclusion) of customization, reporting, notification, monitoring, feedback, support, protection coverage, and number of devices protected that you’re looking to have. The OpenDNS free tiers are also for consumer home use.
There are walkthroughs available from OpenDNS for setting up the free version but basically you just need to configure their two universal IP addresses: 184.108.40.206 and 220.127.116.11.
The other major difference is that the free versions don’t provide protection if you leave your local area network. For example, if you were to have the free version setup on your local network and had laptops in your environment, those laptops would have that DNS-based protection while on your local network.
However, if you only had the free version and those laptops left your local network (for example, if an employee were to take that laptop to work remotely), the device would no longer be receiving that DNS-based protection off of the network.
The paid versions allow you to install an agent on your mobile devices that then allows them to still be protected off the local network and wherever they are. Even with the agent, the speed of the product isn’t impacted.
Every Organization Should Have DNS-based Protection
DNS-based protection should be a mandatory layer in your environment if you’re following a defense in depth strategy.
Even if you’re not following a defense in depth strategy, though it’s always recommended, I believe every company in the world should be using Umbrella (OpenDNS). It provides a nice level of insurance and protection by just applying intelligence to a very simple but critical process.
Though we recommend Umbrella (OpenDNS) for every environment, how it is deployed and monitored/managed is a different question. If you feel you have the resources and expertise internally to handle it, you’re ahead of the game.
If you think it's something beyond your expertise or bandwidth, I'd recommend bringing in an experienced resource to take care of the deployment (and potentially configuration, monitoring, and on-going management).
Either way, we’d be happy to talk with you more about DNS-based protection and all the ways it can help protect your network, users, and data. The quickest way to reach us is by one of the methods on this page.
Please also feel free to reach out if you are using Umbrella today but this rundown has prompted some questions you’d like to explore further.