browse
Notice anything different about your Umbrella dashboard? Well, we’re happy to announce that we’re introducing a new set of awesome Umbrella features. With this change, you’ll see two new features in your dashboard right now: file inspection and custom URL blocking via destination lists.
- File inspection scans the files that your identities download to see if they contain malicious code and block them if they do.
- Custom blocked URLs gives you the ability to block your own set of URLs in a destination list. This now gives you the flexibility to block specific pages without blocking entire domains.
To help you take advantage of this new feature, we’ve also released new and updated security reports and a new policy creation experience. The file inspection feature is one of several we have planned for future releases built around advancing our Intelligent Proxy infrastructure to deliver even more cloud-based security for our users.
NOTE: These features are being rolled out in small increments to our customers and these updates are in limited availability as we progress with this release. If you’ve received an alert in your dashboard about these features, you have them! And if you'd like to find out more about these features, contact umbrella-support@cisco.com.
The file inspection feature is only available for customers with the Umbrella Insights or Umbrella Platform packages. Click here to read more about packages and contact your Cisco account representative with any questions.
Great, how can I take advantage of these features?
Access to these new features is available in a couple of places: the policy wizard allows you to enable File Inspection from the summary page, and through destination lists you can add custom URLs to your blocked destination lists. Additionally, custom URL blocking can also be managed specifically from the Destination Lists management page.
On the reporting side, the reports navigation section of the Umbrella dashboard has been updated so you can easily find our new and updated reports. Let’s go through how to enable these features and check out some reports.
File Inspection
File inspection is a feature of the Intelligent Proxy that extends its scope and functionality by adding the ability to scan files for malicious content hosted on suspicious domains. A suspicious domain is neither trusted nor known to be malicious.
With the Umbrella policy wizard, file inspection is easy to implement. Simply navigate to Policies > Policy List and either expand a policy or click the + (Add) icon create a new policy. In the policy wizard, make sure File Inspection is enabled on the summary page, or from a new policy be sure to check Inspect Files, after you’ve enabled the Intelligent Proxy (under Advanced Settings). The full documentation for this feature can be found here: https://docs.umbrella.com/product/umbrella/file-inspection
Testing File Inspection
From a device that’s been enrolled in a policy with File Inspection enabled:
- Browse to http://proxy.opendnstest.com/download/eicar.com.
- You should receive a block page like the one below.
Enable URLs to be blocked in your Destination Lists
To block a URL, simply enter it into a blocked destination list, or create a new blocked destination list just for URLs. To do this, navigate to Policies > Destination Lists, expand a Destination list, add a URL and then click Save.
The full documentation for this feature can be found here:
https://docs.umbrella.com/product/umbrella/custom-url-destination-list-how-to/
In order for the Umbrella infrastructure to inspect a URL to determine if it matches the ones defined in your blocked destination list, you must have the following:
- The Intelligent Proxy and SSL Decryption must be enabled as a part of the policy. For more information, click here.
- The Cisco Umbrella Root CA must be installed on the computer(s) using this policy—ensures https connections are filtered, too. For more information, click here.
It’s important to specify a URL correctly so that what’s in your policy matches what the user is trying to access (and is subsequently blocked). For more information on what URLs you can or can’t use, please read Custom URL Destination List How-to.
Reporting
We have some new and improved reports for you:
- The Security Overview Report
Gives you an easy to read snapshot of your network activity through charts and graphs. You can quickly see what’s going on with your identities and their traffic, illustrating where problems might be occurring. Learn more about it here. - The Security Activity Report
Highlights security events flagged—but not necessarily blocked—by Umbrella threat intelligence. This includes security events filtered through the Intelligent Proxy and file inspection. Learn more about it here.
- Activity Search report
Helps you find the result of every DNS, URL and IP request from your various identities, ordered by descending date and time. This report can list all security related activity within Umbrella for the selected time period, and allows you to refine your search using filters to see only what you want to see. Learn more about it here.
And with our newly updated navigation, these reports are easy to get to as well!
How can I let you know what I think?
We’d love to hear what you think about these new features. Any questions or comments you might have, we want to hear from you! Send your feedback to umbrella-support@cisco.com and include as much detail as possible. For example, screenshots, the browser you're using, your OS and the scenario within which you're using these features.