Network / Servers

Cisco Umbrella is a must have tool for SysAdmin Monitoring

Share this post

After a month ago I get an opportunity to try Cisco Umbrella in a business environment and I am very pleased satisfied. Because of that, I decided to share my experience. According to Cisco Umbrella webpage, it is a cloud security solution built into the foundation of the internet.

Using this system I find a lot of vulnerability and malware on my network. I always think that I have a good and secure network but after my first use, I find a lot of malware and crypto mining requests. Most of them were blocked but I find that they all have sources on my network.

Cisco Umbrella uses the internet’s infrastructure to block malicious destinations before a connection is ever established. By delivering security from the cloud, not only do you save money, but we also provide more effective security.

In this guide, I will show how Cisco Umbrella looks like and what is the biggest advantage for SysAdmin’s if they have Cisco Umbrella. When you set up your umbrella and login on the first page you can see all the important data. There are a few charts and you can see a daily trend or weekly or monthly, depends on what you want. On the charts, you can see information about your network security, blocked object, malware, …

Cisco-Umbrella-Overview
Cisco Umbrella Overview

If you click on the chart you will see Activity Search – Report. On this page, you can track traffics from source to destination. And if you have an unusual activity you can always check your source host and see what is happening on it. In the picture below you can see my Activity Report.

Activity-Search-Report
Activity Search Report

On this picture you can see a lot of blocked traffics from host to 76236osm1.ru after I research on the internet I find that this traffics caused some kind of virus on my host. I use a lot of anti-virus programs and he always back. Then I find a post on Malwarebytes forum and after I follow this guide I finally delete the virus and release my network from the threat.

And that is just a fraction of possibility, you can set up your policies and block specific traffics or some specific content categories. Also, you can create reports and logs depends on your needs. If you wish to set up any of umbrella settings you can use  Cisco Umbrella Documentations and follow the guide.

That is it fellas, after I discover umbrella I think that this is a good tool for every SysAdmin. Using this we can monitoring every host on our network. We can track and filter all traffic from our network and even save all of it. We can see all our logs back to 30 days and also can have all report on daily bases on e-mail.

 

Related Stories