Please share with the community what you think needs improvement with Cisco Umbrella.
What are its weaknesses? What would you like to see changed in a future version?
This solution is difficult to configure. I would like to see a graphical representation of the entire network. For example, the network topography that shows connections to the server, as well as the communication that is coming into and going out of Umbrella.
Cisco Umbrella does not have a Malware Protection engine itself. It would be useful if they had a malware protection engine running inside their own VM. They have some VM appliances with the installing enterprises for limited access for the DNS proxy to the cloud. If they had this feature running inside the VM, it would be much better. It would improve this solution to have applications hosted on the cloud. I would like to see the application that they promised. If you have an application running inside your environment, with multiple portals, as an example, we have our employee portal, ERP and some other portals. These portals will be accessed through the Cisco Umbrella Cloud, and the deployment will be a VPN-based deployment, Cisco Umbrella Cloud will be connected to your enterprise and afterward, you can just click on this application using Cisco Umbrella Cloud subscription, and you will have the access to your application anywhere in the world, and you don't have to publish it. You will save public IPs, and a lot of bandwidth because publishing requires bandwidth. All of the users from outside will be coming inside your environment and will be accessing the web servers, so there is no need to publish. It will be some time before this feature is introduced. They are working on it and it is still not ready. I would like to see IPS-based solutions. To have an IPS solution inside the Cisco Umbrella cloud. If there were an IPS product built inside the solution, it would be very good. It would be a one-box solution. With this one-box solution, you wouldn't need any extra security layers, and you don't need any WAN solution. There is a solution called Carbon Black. This solution can do sandboxing solution inside the PC. It checks the application which you are accessing, and what you are installing on your PC. It checks everything. It does a compliance check. If these types of features are available on the Cisco Umbrella, so you wouldn't need any other solutions installed on your PC. It would be one solution that does everything together. I would, like to see this.
We would like to improve nothing in particular on Cisco Umbrella. They are very good.
Security, overall, can always be improved.
I would like to see DLP integration in the next release of this solution. Including this would give us headroom with some of the infrastructures that we have today.
While technical support is good, there are features in the backend development side that were initially promised but are not there yet. More granularity in the product would be helpful. The reporting functionality should integrate better with SIEM products because it lets us report in PDF, but we want more flexibility. Support for multiple domains is important to us.
* Its DNS service does not support IPv6 query. * Some countries don't have a DNS server leading to a domain resolution IP, not at a local level.
* It needs better integration with external threat feeds to improve scoring. * I would like it to automatically feed to the customer's SIEM.
There should be a way to monitor traffic at the user level. I use Meraki Dashboard and Cisco Firepower to do this for different networks. I understand this tool monitors the network as a whole but adding that information will let us cut the cost for other tools.
If the virtual appliances could also gather traffic bandwidth reports, that would be great.