Notice anything different about your Umbrella dashboard? Well, we’re happy to announce that we’re starting the process of moving people over to a new set of awesome Umbrella features. The first feature we're introducing is file inspection. File inspection scans files your identities download to see if they contain malicious code and blocks them if they do.
To help you take advantage of this new feature, we’ve also released new and updated security reports and a new policy creation experience. This feature is one of several we have planned for future releases built around advancing our Intelligent Proxy infrastructure to deliver even more cloud-based security for our users.
These features are being rolled out in small increments to our customers. If you’ve received an alert in your dashboard about these features, you have them! And if you'd like to be an early adopter of these features, contact firstname.lastname@example.org.
The file inspection feature is only available for customers with the Umbrella Insights or Umbrella Platform packages. Click here to read more about packages and contact your Cisco account representative with any questions.
Great, how can I take advantage of file inspection?
On the reporting side, the reports navigation section of the Umbrella dashboard has been updated so you can easily find our new and updated reports. Let’s go through how to enable the feature and check out some reports.
Enabling File Inspection
File inspection is a feature of the Intelligent Proxy that extends its scope and functionality by adding the ability to scan files for malicious content hosted on suspicious domains. A suspicious domain is neither trusted nor known to be malicious and is listed in our 'grey list' of domains.
With the Umbrella policy wizard, file inspection is easy to implement. Simply navigate to Policies > Policy List and either expand a policy or click the + (Add) icon to create a new policy. In the policy wizard, make sure File Inspection is enabled on the summary page, or from a new policy be sure to check Inspect Files, after you’ve enabled the Intelligent Proxy (under Advanced Settings). The full documentation for this feature can be found here: https://docs.umbrella.com/product/umbrella/file-inspection
We recommend enabling SSL Decryption to make the most of this feature.
Testing File Inspection
From a device that’s been enrolled in a policy with File Inspection enabled:
- Browse to http://proxy.opendnstest.com/download/eicar.com.
- You should receive a block page like the one below.
Reporting for File Inspection
As a part of helping to provide more visibility into what was blocked (as well as when, why and how), we've updated some reports in Umbrella, including a revamped Security Activity report:
- The Security Overview Report
Gives you an easy to read snapshot of your network activity through charts and graphs. You can quickly see what’s going on with your identities and their traffic, illustrating where problems might be occurring. Learn more about it here.
- The Security Activity Report
Highlights security events flagged—but not necessarily blocked—by Umbrella threat intelligence. This includes security events filtered through the Intelligent Proxy and file inspection. This report is especially important in showing what was blocked, why and how. Learn more about it here.
- Activity Search report
Helps you find the result of every DNS, URL and IP request from your various identities, ordered by descending date and time. This report lists all activity within Umbrella for the selected time period, and using filters, you can refine your search to see only what you want to see. Learn more about it here.
And with our newly updated navigation, these reports are easy to get to as well! Just expand the left hand menu pane and jump to any report directly from anywhere else in the dashboard.