Cisco Umbrella
Cisco Umbrella is used as the first layer defense for security against threats before they happen. Our Managed Cisco Umbrella service works at the DNS layer to protect all devices connected to a network, both on and off the corporate network.
Features
- DNS layer security with Whitelisting/ Blacklisting
- Cisco Umbrella provides security protection on and off network
- Block malware, phishing, and command/control call-backs over any port/protocol
- Web based management with threat intelligence features
- Flexible policy control
- Malicious content blocking and web filtering plus customisable URL blocking
- API’s for 3rd party integrations
Benefits
- Allows threats to be stopped before they reach your network.
- Policies are consistently enforced everywhere.
- Allows for faster incident investigation and response
- Immediate value and low total cost of ownership
- Centralised control and visibility via a single management dashboard
- Enrich your SIEM data for improved security posture
- Increase visibility into internet activity across all locations/users
Pricing
£2 to £5 a user a month
- Education pricing available
- Free trial available
Service documents
Request an accessible format
Framework
G-Cloud 13
Service ID
1 4 9 5 4 9 8 1 5 0 4 9 9 7 1
Contact
NOC365 LTD
Zeshan Tahir
Telephone: 0345 862 5586
Email: gcloud@noc365.com
Service scope
- Software add-on or extension
- Yes, but can also be used as a standalone service
- What software services is the service an extension to
- Cisco Umbrella can be used as a stand-alone product but can be used as an add-on for Cisco Secure X. Cisco Umbrella also offers as an extension to many SIEM and SOC Services.
- Cloud deployment model
- Public cloud
- Service constraints
- None
- System requirements
-
- Windows 10 (roaming client)
- Windows 8 (roaming client)
- Windows 7 (roaming client)
- Mac OSX 10.9 or newer (roaming client)
- AD Connector Requirement
- Virtual Appliance Requirements (for Detailed User Reporting)
User support
- Email or online ticketing support
- Email or online ticketing
- Support response times
-
NOC365 UK Business Hours (9am - 5pm): Business Impact & Target Response Times: High - 1 Hour Medium - 2 Hours Low - 4 Hours None - 8 Hours NOC365 UK Non Business Hours (24/7): Business Impact & Target Response Times: High - 2 Hour Medium - 4 Hours Low - 8 Hours None - Next Business Day
Please note any Escalations to Cisco Support will fall under their SLA's - User can manage status and priority of support tickets
- Yes
- Online ticketing support accessibility
- None or don’t know
- Phone support
- Yes
- Phone support availability
- 9 to 5 (UK time), Monday to Friday
- Web chat support
- No
- Onsite support
- Yes, at extra cost
- Support levels
- We provide support via email, telephone, on site and through our client portal. Where extra assistance is required that is not covered by the standard service, customers may purchase this at the rates shown in the SFIA rate card.
- Support available to third parties
- Yes
Onboarding and offboarding
- Getting started
- All new customers are assigned a Technical Manager that will provide online training (if applicable), proactive support, and advise for the first 30 days. Documentation is included for all services from NOC365.
- Service documentation
- Yes
- Documentation formats
-
- HTML
- End-of-contract data extraction
- We will return all your data and materials which cannot be deleted or exported by you, and securely destroy all copies of your data on your written instruction. We will return any pre-paid sums for services not delivered to you. We will also return all of your confidential information, unless there is a legal requirement that we keep it.
- End-of-contract process
- At the end of the contract the Umbrella service will stop. We will return all your data and materials which cannot be deleted or exported by you, and securely destroy all copies of your data on your written instruction. We will return any pre-paid sums for services not delivered to you. We will also return all of your confidential information, unless there is a legal requirement that we keep it.
Using the service
- Web browser interface
- Yes
- Supported browsers
-
- Internet Explorer 11
- Microsoft Edge
- Firefox
- Chrome
- Safari
- Opera
- Application to install
- Yes
- Compatible operating systems
-
- Android
- IOS
- Linux or Unix
- MacOS
- Windows
- Designed for use on mobile devices
- Yes
- Differences between the mobile and desktop service
- Same level of of service/ protection delivered for both mobile and desktop service. Please note, a Cisco Security Connector is required for Apple iOS devices. Further, a third party MDM is required to enforce Umbrella on iOS and Android devices.
- Service interface
- Yes
- User support accessibility
- None or don’t know
- Description of service interface
- A web based service management portal for configuration of policies, user provisioning, day to day management, reporting and service usage.
- Accessibility standards
- WCAG 2.1 A
- Accessibility testing
- All interface testing has been performed by Cisco who are the manufacturer of the cloud software service. Details can be provided from Cisco on request.
- API
- Yes
- What users can and can't do using the API
- The API is provided via an open framework to allow for integration into other threat management and threat intelligence platforms. Details of the API can be provided on request from Cisco.
- API documentation
- Yes
- API documentation formats
-
- HTML
- API sandbox or test environment
- No
- Customisation available
- Yes
- Description of customisation
- Customer Admins can customise the Umbrella Block & Warn pages.
Scaling
- Independence of resources
- Umbrella’s DNS security services have delivered 100% business uptime since 2006. Umbrella peers directly with more than 1000 organisations to reduce hop count and pump up performance. With more than 6000 peering sessions, Umbrella is able to create shortcuts to major internet cloud providers that shrinks latency and improves scalability for customers networks. Cisco uses Anycast Augmented Routing to rapidly scale up or down based on user demand.
Analytics
- Service usage metrics
- Yes
- Metrics types
-
A range of flexible service metrics reports and dashboards are available from the management portal.
Service usage data can also be output to other management systems, including many SIEM and SOC platforms and applications. - Reporting types
-
- API access
- Real-time dashboards
- Regular reports
- Reports on request
Resellers
- Supplier type
- Reseller providing extra support
- Organisation whose services are being resold
- Cisco
Staff security
- Staff security clearance
- Conforms to BS7858:2019
- Government security clearance
- Up to Baseline Personnel Security Standard (BPSS)
Asset protection
- Knowledge of data storage and processing locations
- Yes
- Data storage and processing locations
-
- United Kingdom
- European Economic Area (EEA)
- Other locations
- User control over data storage and processing locations
- Yes
- Datacentre security standards
- Managed by a third party
- Penetration testing frequency
- At least once a year
- Penetration testing approach
- ‘IT Health Check’ performed by a CHECK service provider
- Protecting data at rest
-
- Physical access control, complying with another standard
- Encryption of all physical media
- Data sanitisation process
- Yes
- Data sanitisation type
-
- Explicit overwriting of storage before reallocation
- Deleted data can’t be directly accessed
- Equipment disposal approach
- Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001
Data importing and exporting
- Data export approach
- Data export is performed by the user via the Cisco Umbrella service options available within the management portal. Exporting of data is provided to the customer on a self service and as required basis. Data is not hidden, restricted or locked from end users that hold the correct service access privileges. Data, reports and logs will be available for export from the service in the formats and options supported by Cisco.
- Data export formats
- CSV
- Data import formats
- CSV
Data-in-transit protection
- Data protection between buyer and supplier networks
-
- Private network or public sector network
- TLS (version 1.2 or above)
- IPsec or TLS VPN gateway
- Data protection within supplier network
-
- TLS (version 1.2 or above)
- IPsec or TLS VPN gateway
Availability and resilience
- Guaranteed availability
-
The Umbrella global network has maintained 100% uptime since it
launched in 2006. Cisco publicly display the operational system status and stats: https://cs.co/umbrellasystems. If one or more of Cisco's global data centres has scheduled maintenance or an unanticipated issue, their Anycast infrastructure instantly re-routes your DNS requests to the next closest data centre without any disruption in service. - Approach to resilience
- Available on request.
- Outage reporting
- Public Dashboard for Service Status & Email alerts
Identity and authentication
- User authentication needed
- Yes
- User authentication
-
- 2-factor authentication
- Username or password
- Access restrictions in management interfaces and support channels
- The control is use of rights management within the web interface of the Umbrella Management Console.
- Access restriction testing frequency
- At least once a year
- Management access authentication
-
- 2-factor authentication
- Username or password
Audit information for users
- Access to user activity audit information
- Users have access to real-time audit information
- How long user audit data is stored for
- At least 12 months
- Access to supplier activity audit information
- Users have access to real-time audit information
- How long supplier audit data is stored for
- At least 12 months
- How long system logs are stored for
- At least 12 months
Standards and certifications
- ISO/IEC 27001 certification
- No
- ISO 28000:2007 certification
- No
- CSA STAR certification
- No
- PCI certification
- No
- Cyber essentials
- Yes
- Cyber essentials plus
- Yes
- Other security certifications
- No
Security governance
- Named board-level person responsible for service security
- Yes
- Security governance certified
- No
- Security governance approach
- NOC365 Internal policies. All staff are security checked and security briefed. We are also certified for the Government Cyber Essentials PLUS accreditation.
- Information security policies and processes
- Several internal security policies exist and are owned to protect customer data. These are tested regularly both formally and ad hoc. The policies are referenced and included in all employment contracts.
Operational security
- Configuration and change management standard
- Supplier-defined controls
- Configuration and change management approach
- All changes are subject to written approval and an audit trail maintained. Changes are assessed for risk, impact and security.
- Vulnerability management type
- Supplier-defined controls
- Vulnerability management approach
- Regular audits and tests are run against security. Devices are patched according to a standard process. CVE and vendor bulletins are monitored and applied following a risk-based approach with high risk items resolved as a high priority. We utilise a number of industry tools and sources for threat information and also utilise a CHECK accredited company for the tests.
- Protective monitoring type
- Supplier-defined controls
- Protective monitoring approach
- NOC365 uses an automated audit and alerting solution that continuously monitors our services for irregular activity. We also identify potential compromises through scans and monitoring agents installed on servers. Incidents are reviewed locally in a timely manner, prioritised and escalated as appropriate and further corrective actions taken if necessary.
- Incident management type
- Supplier-defined controls
- Incident management approach
- We have pre-defined processes for a set of agreed events/incidents. Users can report incidents via telephone or e-mail, with a P1 response being 15 minutes, P2 45 minutes and P3 4 hours. Incident reports are provided throughout the response with a detailed incident report and root cause analysis following the resolution of the issue. Incidents are reviewed at the management meetings to understand their root cause and what could be done to reduce the likelihood of the same or similar incidents occurring in the future.
Secure development
- Approach to secure software development best practice
- Supplier-defined process
Public sector networks
- Connection to public sector networks
- No
Social Value
- Fighting climate change
-
Fighting climate change
NOC365 is looking to reduce energy consumption wherever possible. Electricity used by commercial entities is a significant contributor to global GHG emissions and, with an increasing number of appliances found in offices and business spaces, making inefficient tech choices will compound this negative impact. We have therefore looked at using heat free printers and looking at supply chain processes that reduce carbon footprint. - Covid-19 recovery
-
Covid-19 recovery
NOC365 is currently adopting the following model: Reflect, Recommit, Re-engage, Rethink and Reboot. We are keeping staff at the heart of these changes and their needs and voices valued. - Tackling economic inequality
-
Tackling economic inequality
Social purpose is woven into NOC365. From creating new businesses and new employment opportunities, to improving education and training. NOC365 is committed to tackling economic inequality at root. Our overriding vision is to help lower the unequal distribution of income and opportunity between different groups in society. - Equal opportunity
-
Equal opportunity
NOC365 believes that innovation starts with inclusion. To create the future, we need people with diverse backgrounds, perspectives, and abilities. That’s why we’re committed to creating a workplace where all kinds of people can do their best work. It’s when everyone’s voice is heard and valued that we’re inspired to go beyond what’s been done before. These values are also aligned with the UK Government Social Value Model for public procurement. NOC365 is a Disability Confident Employer. We champion people with neurodiversity, a concept where neurological differences such as autism, attention deficit hyperactivity, and dyslexia are respected and valued like any other human variation. - Wellbeing
-
Wellbeing
The NOC365 well-being program is open to all our employees. The program is geared to encouraging vitality, a healthy quality of life and a positive working environment in which people thrive. Our program encompasses an array of initiatives; from physical and mental health, nutrition and sleep programs, to financial and legal support, stress management, and support during periods of home working. During the pandemic, we recognised that employees’ experiences might include anxiety, loneliness, frustration, and overwhelm. In response, we are continually monitoring and adapting our Wellbeing program to help improve employees’ mental health, wellbeing, and work-life balance. Our wellbeing campaigns include the following, cancer awareness, sleep training, mindfulness, and mental health awareness.
Pricing
- Price
- £2 to £5 a user a month
- Discount for educational organisations
- Yes
- Free trial available
- Yes
- Description of free trial
- A 14 day full feature trial is available. Further details available on request