{"id":5082,"date":"2024-08-29T03:00:00","date_gmt":"2024-08-29T08:00:00","guid":{"rendered":"https:\/\/umbrella-staging.marketops.umbrella.com\/?p=71128"},"modified":"2024-08-29T03:00:00","modified_gmt":"2024-08-29T08:00:00","slug":"cisco-umbrella-for-government-dns-security-integrated-with-cisa-protective-dns","status":"publish","type":"post","link":"https:\/\/ddi.mohflo.net\/index.php\/2024\/08\/29\/cisco-umbrella-for-government-dns-security-integrated-with-cisa-protective-dns\/","title":{"rendered":"Cisco Umbrella for Government: DNS Security Integrated With CISA Protective DNS"},"content":{"rendered":"<p><em>Cisco Umbrella for Government has achieved FedRAMP Moderate authorization*. Eligible customers can now leverage Cisco Umbrella for Government for robust DNS security and to meet the mandate for <\/em><a href=\"https:\/\/www.cisa.gov\/sites\/default\/files\/publications\/FINAL-CSSO-Protective_DNS-Fact_Sheet.pdf#:~:text=CISA%E2%80%99s%20Protective%20DNS%20Resolver%20Serviceprevents%20government%20internet%20traffic,of%20the%20Department%20of%20Homeland%20Security%E2%80%99s%20mandate%20under\" target=\"_blank\" rel=\"noreferrer noopener\"><em>CISA\u2019s Protective DNS<\/em><\/a><em> with enhanced protection for on-premises and roaming client users<\/em>.<\/p>\n<p><a href=\"https:\/\/umbrella.cisco.com\/products\/dns-layer-network-security\">Cisco Umbrella DNS-layer security<\/a> proactively protects against malware and phishing attacks by blocking access to malicious websites before the browser connection is established. Umbrella for Government uniquely offers a differentiated recursive DNS-powered intelligence that quickly blocks threats, protecting users and devices, no matter where they are located, in the office or remote.&nbsp;&nbsp;<\/p>\n<p>Protective DNS is mandated by the U.S. Cybersecurity and Infrastructure Security Agency (CISA) to detect and prevent cyberattacks targeting Federal Civilian Executive Branch agencies (FCEB). U.S. Federal Civilian agencies must integrate with Protective DNS as part of the Department of Homeland Security\u2019s mandate under <a href=\"https:\/\/uscode.house.gov\/view.xhtml?req=granuleid:USC-prelim-title6-section663&amp;num=0&amp;edition=prelim\" target=\"_blank\" rel=\"noreferrer noopener\">Title 6 of the United States Code (USC) 663: Federal Intrusion Detection and Prevention System<\/a>. It also aligns with DNS-related requirements and guidance contained in OMB <a href=\"https:\/\/www.whitehouse.gov\/wp-content\/uploads\/2021\/08\/M-21-31-Improving-the-Federal-Governments-Investigative-and-Remediation-Capabilities-Related-to-Cybersecurity-Incidents.pdf\" target=\"_blank\" rel=\"noreferrer noopener\">M-21- 31<\/a> and <a href=\"https:\/\/www.whitehouse.gov\/wp-content\/uploads\/2022\/01\/M-22-09.pdf\" target=\"_blank\" rel=\"noreferrer noopener\">M-22-09<\/a>.<\/p>\n<p>Cisco Umbrella for Government integrates directly with CISA Protective DNS. Developed in collaboration with CISA and Federal agencies, Umbrella supports both on-premises customers through our Virtual Appliance and hybrid\/remote users running Windows, Mac, Chromebooks, iPhone and Android running the Cisco Secure Client. Umbrella customers benefit from Cisco\u2019s industry-leading security that enhances and extends the benefits of Protective DNS while ensuring customers meet the Protective DNS mandate.<\/p>\n<h2 class=\"wp-block-heading\">What are the benefits of the Umbrella for Government integration with Protective DNS?<\/h2>\n<p>The dual-protection model brings the following benefits, in addition to single-stage Protective DNS integration:<\/p>\n<ul class=\"wp-block-list\">\n<li><strong>User-level granularity: <\/strong>Umbrella for Government identifies DNS traffic from individual users when they are on-premises and roaming anywhere in the world. By itself, Protective DNS can only enable policies for on-premises networks. Umbrella maintains that capability and extends it to allow fine-grained policies based on groups and individuals.<\/li>\n<li><strong>Policy creation:<\/strong> User-level granularity enables security personnel to create policies and pinpoint the source of suspicious behavior to the exact user and device anywhere in the world, enhancing Protective DNS beyond the capability to identify suspect behavior on individual on-premises networks.<\/li>\n<li><strong>Seamless mobile deployment:<\/strong> Every device running Cisco Secure Client (which includes Cisco AnyConnect VPN (Virtual Private Network)) can be integrated with Umbrella for Government, leveraging our Protective DNS integration without having to install a separate endpoint package. Protective DNS alone does not directly support mobile devices, which are required to be protected per the DHS mandate.<\/li>\n<li><strong>Enhanced policies, including AI (artificial intelligence):<\/strong> Umbrella for Government incorporates the full suite of Cisco\u2019s commercial threat intelligence capabilities which provide a wider range of policy types than the Protective DNS service. These include AI-based policies to gate employee access to these new technologies \u2014 enhancing control while still enabling innovation.<\/li>\n<li><strong>Centralized reporting:<\/strong> The Umbrella for Government logging service has been updated to capture information on user access that was blocked by Protective DNS. These logs are available directly in the user interface (UI) and can be filtered for enhanced analysis and comparison.<\/li>\n<li><strong>Landing pages for blocked content:<\/strong> When user activity that is blocked by Umbrella for Government, users are redirected to a custom block page explaining the reason for restricting access, with a custom page built to identify Protective DNS-based policy restrictions.<\/li>\n<\/ul>\n<figure class=\"wp-block-image size-large\"><img data-recalc-dims=\"1\" fetchpriority=\"high\" decoding=\"async\" width=\"640\" height=\"334\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/08\/cisco-umbrella-for-government-dns-security-integrated-with-cisa-protective-dns.jpg?resize=640%2C334&#038;ssl=1\" alt=\"Protective DNS reports in the Umbrella UI\" class=\"wp-image-71144\" srcset=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/08\/cisco-umbrella-for-government-dns-security-integrated-with-cisa-protective-dns.jpg 1024w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/08\/cisco-umbrella-for-government-dns-security-integrated-with-cisa-protective-dns-3.jpg 300w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/08\/cisco-umbrella-for-government-dns-security-integrated-with-cisa-protective-dns-4.jpg 768w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/08\/cisco-umbrella-for-government-dns-security-integrated-with-cisa-protective-dns-5.jpg 1536w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/08\/cisco-umbrella-for-government-dns-security-integrated-with-cisa-protective-dns-6.jpg 1600w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/08\/cisco-umbrella-for-government-dns-security-integrated-with-cisa-protective-dns-7.jpg 1140w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/08\/cisco-umbrella-for-government-dns-security-integrated-with-cisa-protective-dns-8.jpg 1520w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/08\/cisco-umbrella-for-government-dns-security-integrated-with-cisa-protective-dns-9.jpg 287w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/08\/cisco-umbrella-for-government-dns-security-integrated-with-cisa-protective-dns-10.jpg 574w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/08\/cisco-umbrella-for-government-dns-security-integrated-with-cisa-protective-dns-11.jpg 200w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/08\/cisco-umbrella-for-government-dns-security-integrated-with-cisa-protective-dns-12.jpg 400w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/08\/cisco-umbrella-for-government-dns-security-integrated-with-cisa-protective-dns-13.jpg 520w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/08\/cisco-umbrella-for-government-dns-security-integrated-with-cisa-protective-dns-14.jpg 1040w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/08\/cisco-umbrella-for-government-dns-security-integrated-with-cisa-protective-dns-15.jpg 1960w\" sizes=\"(max-width: 1024px) 100vw, 1024px\"><figcaption class=\"wp-element-caption\">Protective DNS reports in the Umbrella UI (underlined in red)<\/figcaption><\/figure>\n<h2 class=\"wp-block-heading\">How does this help the customer enhance security?<\/h2>\n<p>Cisco Umbrella for Government simplifies the deployment, management and response to protecting on-premises and mobile devices through granular, user-based policies and reporting for security, content and application control. DNS-layer security offers proactive threat protection, reducing the number of infections and alerts seen from other security products by stopping threats at the earliest point. With threat intelligence backed by Cisco Talos, and features like resolver-native, machine learning-based and real-time DNS Tunneling protection, Umbrella for Government provides an integrated security platform.<\/p>\n<p>Umbrella provides the security of encrypted DNS using DoH (DNS Over HTTPS), DoT (DNS over TLS) and DNSCrypt without added latency or the operational complexity of a VPN tunnel. Umbrella serves over 715 billion DNS requests per day to more than 30,000 enterprise customers and leverages experience of operating at scale, longevity and expertise in the DNS-layer security space since 2015.<\/p>\n<h2 class=\"wp-block-heading\">How does the Cisco Umbrella-Protective DNS integration work?<\/h2>\n<p>Umbrella for Government\u2019s approach to meet the CISA requirement uses a purpose-built integration mechanism that secures customer DNS traffic using the inspection capabilities of both Umbrella and Protective DNS.<\/p>\n<figure class=\"wp-block-image size-large\"><img data-recalc-dims=\"1\" decoding=\"async\" width=\"640\" height=\"378\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/08\/cisco-umbrella-for-government-dns-security-integrated-with-cisa-protective-dns-1.jpg?resize=640%2C378&#038;ssl=1\" alt=\"Protective DNS-Umbrella integration flow\" class=\"wp-image-71151\" srcset=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/08\/cisco-umbrella-for-government-dns-security-integrated-with-cisa-protective-dns-1.jpg 1024w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/08\/cisco-umbrella-for-government-dns-security-integrated-with-cisa-protective-dns-16.jpg 300w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/08\/cisco-umbrella-for-government-dns-security-integrated-with-cisa-protective-dns-17.jpg 768w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/08\/cisco-umbrella-for-government-dns-security-integrated-with-cisa-protective-dns-18.jpg 1140w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/08\/cisco-umbrella-for-government-dns-security-integrated-with-cisa-protective-dns-19.jpg 254w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/08\/cisco-umbrella-for-government-dns-security-integrated-with-cisa-protective-dns-20.jpg 508w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/08\/cisco-umbrella-for-government-dns-security-integrated-with-cisa-protective-dns-21.jpg 200w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/08\/cisco-umbrella-for-government-dns-security-integrated-with-cisa-protective-dns-22.jpg 400w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/08\/cisco-umbrella-for-government-dns-security-integrated-with-cisa-protective-dns-23.jpg 520w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/08\/cisco-umbrella-for-government-dns-security-integrated-with-cisa-protective-dns-24.jpg 1040w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/08\/cisco-umbrella-for-government-dns-security-integrated-with-cisa-protective-dns-25.jpg 1504w\" sizes=\"(max-width: 1024px) 100vw, 1024px\"><figcaption class=\"wp-element-caption\"><strong>Umbrella-Protective DNS Integration Flow<\/strong><\/figcaption><\/figure>\n<h2 class=\"wp-block-heading\">How does the customer access the integration?<\/h2>\n<p>The integration with Protective DNS is a configuration option set both within the customer\u2019s Protective DNS configuration and Umbrella\u2019s cloud-based management. It is available at no additional charge for customers of Cisco Umbrella for Government (both DNS and the future SIG (Secure Internet Gateway) and Secure Access \/ Zero Trust offerings).<\/p>\n<figure class=\"wp-block-image size-large\"><img data-recalc-dims=\"1\" loading=\"lazy\" loading=\"lazy\" decoding=\"async\" width=\"640\" height=\"300\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/08\/cisco-umbrella-for-government-dns-security-integrated-with-cisa-protective-dns-2.jpg?resize=640%2C300&#038;ssl=1\" alt=\"Selecting the Umbrella resolvers inside the PDNS page\" class=\"wp-image-71158\" srcset=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/08\/cisco-umbrella-for-government-dns-security-integrated-with-cisa-protective-dns-2.jpg 1024w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/08\/cisco-umbrella-for-government-dns-security-integrated-with-cisa-protective-dns-26.jpg 300w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/08\/cisco-umbrella-for-government-dns-security-integrated-with-cisa-protective-dns-27.jpg 768w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/08\/cisco-umbrella-for-government-dns-security-integrated-with-cisa-protective-dns-28.jpg 1140w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/08\/cisco-umbrella-for-government-dns-security-integrated-with-cisa-protective-dns-29.jpg 320w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/08\/cisco-umbrella-for-government-dns-security-integrated-with-cisa-protective-dns-30.jpg 641w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/08\/cisco-umbrella-for-government-dns-security-integrated-with-cisa-protective-dns-31.jpg 200w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/08\/cisco-umbrella-for-government-dns-security-integrated-with-cisa-protective-dns-32.jpg 400w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/08\/cisco-umbrella-for-government-dns-security-integrated-with-cisa-protective-dns-33.jpg 520w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/08\/cisco-umbrella-for-government-dns-security-integrated-with-cisa-protective-dns-34.jpg 1040w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/08\/cisco-umbrella-for-government-dns-security-integrated-with-cisa-protective-dns-35.jpg 1486w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\"><figcaption class=\"wp-element-caption\">Selecting Umbrella resolvers inside the Protective DNS page<\/figcaption><\/figure>\n<h2 class=\"wp-block-heading\">Learn more about Cisco Umbrella for Government<\/h2>\n<p>Cisco Umbrella for Government reflects Cisco\u2019s commitment to provide comprehensive, reliable cloud-native cybersecurity solutions to enable SASE (Secure Access Service Edge). In hyper-decentralized, hybrid work environments, Umbrella for Government is a crucial milestone in a long-term holistic cloud security strategy. Cisco has a full SSE (Security Services Edge) product family of Cisco Umbrella and Cisco Secure Access to address the challenging security reality of managing connectivity from anything to anywhere while simultaneously protecting against sophisticated, motivated threat actors.<\/p>\n<p>Looking for more information? Check out the following resources:<\/p>\n<p class=\"has-small-font-size\">*<strong>Please Note:<\/strong> Cisco Umbrella for Government has been granted FedRAMP Moderate ATO (Authority to Operate) as of 8\/1\/2024.<\/p>\n<p><a href=\"https:\/\/umbrella.cisco.com\/blog\/cisco-umbrella-for-government-dns-security-integrated-with-cisa-protective-dns\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Cisco Umbrella for Government has achieved FedRAMP Moderate authorization*. Eligible<\/p>\n","protected":false},"author":4,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[2547,108,116,117,2548,104],"tags":[2549,114,118,119,2550,110],"class_list":["post-5082","post","type-post","status-publish","format-standard","hentry","category-cisco-umbrella-for-government","category-dns-layer-security","category-fedramp","category-government","category-government-cybersecurity","category-products-services","tag-cisco-umbrella-for-government","tag-dns-layer-security","tag-fedramp","tag-government","tag-government-cybersecurity","tag-products-services"],"featured_image_urls":{"full":"","thumbnail":"","medium":"","medium_large":"","large":"","1536x1536":"","2048x2048":"","chromenews-featured":"","chromenews-large":"","chromenews-medium":""},"author_info":{"display_name":"Umbrella","author_link":"https:\/\/ddi.mohflo.net\/index.php\/author\/umbrella\/"},"category_info":"<a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/cisco-umbrella-for-government\/\" rel=\"category tag\">Cisco Umbrella for Government<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/dns-layer-security\/\" rel=\"category tag\">DNS-layer security<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/fedramp\/\" rel=\"category tag\">fedramp<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/government\/\" rel=\"category tag\">Government<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/government-cybersecurity\/\" rel=\"category tag\">Government Cybersecurity<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/products-services\/\" rel=\"category tag\">Products &amp; Services<\/a>","tag_info":"Products &amp; Services","comment_count":"0","jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/5082","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/comments?post=5082"}],"version-history":[{"count":0,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/5082\/revisions"}],"wp:attachment":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/media?parent=5082"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/categories?post=5082"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/tags?post=5082"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}