What is the Umbrella Intelligent Proxy?
The Intelligent Proxy is the ability for Umbrella to intercept and proxy requests for malicious files embedded within certain so-called "grey" domains.
Some websites, especially those with large user communities or the ability to upload and share files, have content that most users want to access while also posing a risk because of the possibility of hosting malware. Administrators wouldn't want to block access to the whole "grey" domain for everyone but they also don't want your users to access files that could harm their computers, compromise your company data or worse!
The Intelligent Proxy bridges the gap by allowing access to most known good sites without being proxied and only proxying those that could pose a potential risk. The proxy then filters and blocks against specific URLs hosting malware while allowing access to everything else.
Wait, What's a Proxy?
A proxy is just a step between your computer or mobile device and the Internet. It intercepts requests to content on the Internet, inspects it and if no problems found are found, allows access. On the other hand, if there's a security threat posed by the content the computer or mobile device was trying to access, it's blocked by the proxy. This quickly and easily protects you without the threat ever coming near enough to do harm.
How Does the Intelligent Proxy Work?
Normally, when you send DNS request to the Umbrella DNS resolvers, we check to see if it's a malicious site, or if it's blocked by a domain list or a content setting. If it is blocked, we return our block page for the request. If it's not blocked we return the IP address of the domain and you would visit that site directly.
Now with the Intelligent Proxy, if a site is considered potentially suspicious or could host malicious content, we'll return the IP address of our Intelligent Proxy. The request to that domain is then routed through our cloud-based secure gateway, and malicious content is found and stopped before it's sent to you.
Why Did You Build the Umbrella Intelligent Proxy?
It's pretty simple really: we want to ensure our customers are receiving the best possible protection while also broadening the ability of the Cisco security research team to block the latest threats from malware, APT, phishing and more.
Although Umbrella already delivers excellent security via DNS, the team always wants to see and stop even more threats. We can do that by proxying HTTP requests for certain "grey" domains, providing yet another level of security without the latency of traditional proxies. This also gives us additional insight into building our big data analytics that are at the heart of the security that Umbrella delivers and helps us stay one step ahead of tomorrow's advanced threats.
It also opens up a new world of possibilities for enhancements and features down the road, including additional 'safe search' filters, filtering out certain content while allowing most of the rest and more. This is just the first step toward making that happen.
What are the Advantages of using the Umbrella Intelligent Proxy?
The stumbling block for most proxies in the past was that they couldn't scale with the size of the Internet. Almost every week, the Internet seems to grow in ways that proxy hardware manufacturers can't prepare for—whether that's something like massive streaming video feeds, video conferencing, Voice over IP, and so on. In the past, all of that traffic needed to be proxied and all of it needed to be scanned—this slowed down traffic at the gateway proxy, and devices that were outside of the gateway weren't protected.
But the Intelligent Proxy has three big advantages that make it not just more secure, but faster too!
- With Umbrella, our services are cloud-based and can be scaled to handle any amount of Internet traffic. That means while other proxy services might slow you down, we won't.
- If you leave your corporate network with your laptop or mobile device, the Intelligent Proxy makes sure your protection follows you where ever you go, keeping you secure 24/7/365.
- Our predictive intelligence allows us to determine what gets proxied, and not all traffic needs to be proxied. Some domains we know are bad; those are stopped right away by our DNS service. Other domains we know are going to be always good; those are always allowed by our DNS service. For those domains that are in the grey list, we proxy HTTP traffic to and from the device to protect you from malicious files being accessed.
Will I Need to Re-learn Umbrella to Get a Hang on the Intelligent Proxy?
No! There's no additional software (or hardware) required to use it, and no cost. In fact, the Intelligent Proxy is just another security category you can pick as a part of the policies you've created in your Umbrella dashboard. You'll find it as an option to enable under Policy Settings > Security Settings. Pick the security you want to edit, or just Default if that's all that you have. At the bottom of the security settings, you'll see a light blue box to enable the Intelligent Proxy:
Okay, Great. I'm Interested in the Intelligent Proxy, How Can I Use It?
Actually, clicking the button in your policy to enable it for the identities in the policy is all you have to do. No kidding, that's it. As with any change we recommend making this change on a small subset of your user base first to ensure full compatibility.
Now That It's Enabled, How Should I Test to See How It's Working?
Once you've applied the policy to an identity, such as your laptop or mobile device, go to the test site:
Follow the instructions on the page to test to see how we can block an image within an otherwise good website, or block entire websites using the Intelligent Proxy.
If you find that the test site indicates you're not using the Intelligent Proxy, check to make sure the identity you're using has the Intelligent Proxy enabled in the policy that's applicable to it.
Can I See Reports of the Requests That Used the Intelligent Proxy?
You bet! There's a filter that includes activity from the Intelligent Proxy included in the Activity Search and other reports. You can filter just on traffic that was filtered:
Does the Intelligent Proxy Handle HTTPS Traffic?
Yes! This requires deploying a root CA from Cisco. See our article on SSL Decryption for the Intelligent Proxy here.
Can I Request or Add Domains in to be Proxied by the Intelligent Proxy?
Right now, the decision whether to proxy a domain is made by the Cisco security research team. However, down the road, we are definitely planning on adding more user-configurable features that use the Intelligent Proxy in the near future. Stay tuned!
Can I Use My Own Proxy or Tunneling VPN With the Intelligent Proxy?
Yes; however, there are some steps to ensure compatibility. First, this VPN or proxy must also be using the Umbrella DNS service for DNS resolution in order for the Intelligent Proxy to work correctly. Second, Umbrella IPs may need to be excluded from your proxy to use the Intelligent Proxy.