Introduction
Security via Cisco Umbrella: Flexible, fast, and effective cloud-delivered security.
Cisco Umbrella offers flexible, cloud-delivered security when and how you need it. It blends multiple security functions into one solution; Umbrella is the easiest way to protect your users everywhere in minutes effectively.
There are three main concepts you need to understand:
- Licensing: Cisco Umbrella is licensed per user, a users can have multiple devices connected, it still counts as a single user
- Roaming clients and devices: To use Umbrella you need to either connect to a compatible, configured device (e.g. Meraki MX / Meraki Z3) - or have a roaming client installed on your device. These devices and clients are allocated to you sites. A site can represent an office, warehouse, retail shop, or a remote worker.
- Policies: You can apply policies (predefined by your service provider) against sites. All devices and roaming clients underneath that site will have that policy applied. Contact you service provider for what each of your policies entail.
There are two main portal pages:
- ‘All Sites’→’Security’ - for across the board site and policy management as well as analytics. This is the documentation for this page.
- The “Security” page for specific sites. These pages are specific to the site only, and allow users to download roaming clients. The documentation can be found here
The security page in ‘all sites’ gives analytics and high level controls on the IT security of your organisation.
Security Dashboard
The dashboard page shows pertinent security analytics in your organisation. This includes the amount of activity, clients, blocks and threats. These are categorised into five views detailed below.
To view the all sites security dashboard page:
- Log on to your account
- Select ‘All sites’ from the site selection menu
- Select ‘Security’
- Select ‘Dashboard’
Clients
The “clients” tab shows you the top users in your organisation (in terms of network events through the security system).
The tab header shows how many clients are connected (A) out of the total clients (B).
The graph shows the top client activity (in terms of number of network events), how many were processed and how many blocked.
To navigate to this view, click on the “Clients” tab from the all sites security dashboard page.
Top Threats
The ‘top threats’ view shows you the top threats detected in your organisation, and how many occurrences were found.
To navigate to this view, click on the ‘top threat’ tab from the all sites security page.
Network requests
Network requests show the total number of network requests processed and blocked through the security system across your organisation.
To navigate to this view, click on “network requests” from the all sites security page.
Usage
Usage shows the total data transferred through the security system across your organisation. For this view, click on “usage” from the all sites security page.
Intrusions
Intrusions shows the detected intrusion attempts into your systems. This is shown on the bottom of all sites security page, you may need to scroll down to see the full table.
Site Page
The sites page lets you see your security stance for all your sites and remote workers at a glance.
From here, you can create remote workers and sites, allocate security resources (licenses and devices) and assign security policies.
After navigating to the all sites security page (as described above) - click the sites tab.
To view the all sites security dashboard page:
- Log on to your account
- Select ‘All sites’ from the site selection menu
- Select ‘Security’
- Select ‘Sites’
Sites table
The sites table lists all the sites (remote worker as well as physical sites) in your organisation.
The columns are defined as:
Name | Description |
Site | The name of the site / remote worker |
Appliance | The status of the security appliance at the site, if it has one. - indicates no appliance, black icon, there is an appliance which is off-line. Green, the appliance is online. Green with a shield, the appliance is online and has security enabled |
Policies | A list of one or more security policies applied to the site. Security policies determine what clients of that site can do. Only sites with Cloud Security User Licenses can have policies assigned. |
Cloud Security Licenses | The number of user licenses assigned to that site. This represents the maximum number of people that are licensed to use the security system in that site. The same user may have multiple devices connected to a site, this still counts as a single user. |
Creating a Remote Worker
Creating a remote worker
Creating a remote worker will:
- Create a new site
- Create a new user, and give them permission only to that site
- Send an activation email to the user, allowing them to login
- Assign security appliances and/or Cloud Security User licenses to the site
- Assign security policies to the site
To bring up the create remote worker wizard:
- Log on to your account
- Select ‘All sites’ from the site selection menu
- Select ‘Security’
- Select ‘Sites’
- Click “New”
- Select “Remote worker”
You will then be presented with a wizard to create a new remote worker:
Select next to continue.
This page captures the details of the remote worker. A new user will be created with these details, and an activation email to the email address provided. The user can follow the activation link on the email to be able to login and see their site. From their portal, they will be able to download and install roaming clients on their devices to secure them. See the site security documentation page for more details.
A new site will be created with these details. The timezone is used for reporting and device schedules.
Select one or more policies to apply to the site. Any security appliances and all roaming clients under this site will have these policies applied.
If available, a security appliance can also be allocated to the site. The appliance will automatically be linked to the security policies.
If you need to create more remote workers, you can select “Create another worker after saving” to start the process again after clicking “Save”.
Creating a new site
Creating a new site
Creating a new site is similar to creating a remote worker, however this process will not create a new user, set portal permissions nor send activation emails.
To create a site:
- Log on to your account
- Select ‘All sites’ from the site selection menu
- Select ‘Security’
- Select ‘Sites’
- Click “New”
- Select “Site”
- Follow the wizard. The steps are the same as “create remote worker” but without the first user setup page.
Assigning policies
For sites that have Cloud Security User Licenses, you can change the security policies applied to the site.
Select one or more sites from the sites table, then click “Assign Policies”. If you cannot see this button, please check that all sites selected have at least one Cloud Security User license - and that your login has permissions to perform this function.
Select the policies you want to apply to the selected sites. This will remove any other policies previously applied to the selected sites. Click “OK”. It will take a few minutes for your changes to be applied.
Changing policies
You will need to contact your service provider to make changes to policies
Unallocating licenses
You will need to contact your service provider to unallocate appliances and/or licenses from a site.
Manage roaming clients
The clients page lists all roaming clients associated with your Umbrella Account. From here you can see the status and usage of all the clients and move them between sites if needed.
To manage roaming clients:
- Log on to your account
- Select ‘All sites’ from the site selection menu
- Select ‘Security’
- Select ‘Clients’
Move roaming clients to a site
If one or more roaming clients are not in a site, or in the wrong site, you can put them into a site from this view. The roaming clients will automatically get the policies assigned to that site.
- Navigate to the all sites security clients page, as described above
- Select one or more roaming clients you wish to put into a site.
- Click Update
You will then be presented with a dialogue. Select the site and click update. Note that sites that do not have Cloud Security Users Licenses cannot be selected - you will first need to allocate one or more licenses to that site.