Cisco Umbrella for Government has been granted FedRAMP Moderate Authority-To-Operate (ATO) and is now available to U.S. federal, state, and local government agencies, as well as other organizations that require FedRAMP authorization. This reflects Cisco’s commitment to providing one of the most comprehensive and reliable cloud-native cybersecurity solutions to government customers.
As government and public-sector agencies shift to hybrid work models and multi-cloud application strategies, Cisco Umbrella for Government securely enables this transformation while ensuring compliance with enhanced government cybersecurity mandates of FedRAMP, StateRAMP and TX-RAMP. As an example — Umbrella provides advanced threat protections and secure communications that align with user, traditional, branch office and cloud use cases; Executive Order on Improving the Nation’s Cybersecurity 14828; Moving the US Government toward Zero Trust OMB Memo M-22-09; and additional cybersecurity mandates, such as the NIST Cybersecurity Framework and Authentication CONUS.
The commercial Cisco Umbrella version — a mature, proven and extensively validated cloud security solution trusted by over 30,000 customers — serves as the foundation for Umbrella for Government. It significantly uplevels government cybersecurity, offering comprehensive protection against phishing, malware and ransomware and helps prevent data loss from cyberattack and unsanctioned applications like social media platforms or Generative AI.
There are three key reasons Umbrella for Government is the optimal solution to secure your hybrid workforce and cloud applications, meet government cybersecurity mandates and help you achieve your agency’s mission.
Reason #1: Enhanced security that meets government requirements
Cisco Umbrella for Government includes Protective DNS (PDNS) integration, additional DNS-layer security capabilities and Secure Internet Gateway (SIG) features of secure web gateway, cloud-delivered firewall with Snort intrusion prevention, cloud access security broker (CASB) and data loss prevention (DLP) — capabilities available today in the mature commercial Umbrella offer.
DNS-layer security proactively protects against malware and phishing attacks by blocking access to malicious websites before the browser connection is established. Umbrella for Government meets the Cybersecurity Infrastructure Security Agency (CISA) mandate for Protective DNS (PDNS), and uniquely offers a differentiated recursive DNS-powered intelligence — powered by Cisco Talos — that quickly blocks threats, protecting users and devices no matter where they are located, in the office or remote. This integration with CISA PDNS and Umbrella DNS-layer security powered by Cisco Talos allows agencies to be compliant with the CISA mandate while leveraging the advanced threat protection from Cisco Umbrella for Government.
Building on the protection of DNS security, Secure Internet Gateway closes gaps in visibility, extends control, enforces consistent policies and relieves strained security resources in an evolving threat landscape. Key SIG capabilities include:
- Secure web gateway — A full proxy that logs and inspects web traffic to deliver full visibility, URL and application-level controls, enforce acceptable use policies and protect against advanced web-based threats.
- Cloud-delivered firewall — This provides better visibility and control for internet traffic originating from client requests. It also provides layer 7 application visibility and control, intrusion prevention system (Snort Intrusion Prevention System (IPS)) and layer 3/4 firewall to protect traffic without performance degradation.
- Cloud access security broker (CASB) — CASB ensures employee access to essential cloud applications while blocking access to unapproved applications to better manage risk and securely maintain productivity. Shadow IT can be exposed thanks to the ability to detect and report on cloud applications in use. Cloud malware detection identifies and removes malware from approved cloud file storage applications to prevent downloading and sharing of infected files.
- Cloud data loss prevention — Cloud data loss prevention offers visibility and protection over sensitive data leaving your organization, leakage through social media platforms and Generative AI applications, or exposure in the cloud. Data can be protected both inline in real time, and out-of-band, data at rest with robust data classification and unified policies and reporting in a single interface.
Reason #2: Cisco Talos threat intelligence
Cisco Umbrella for Government utilizes statistical models, machine learning algorithms, and enormous volumes of threat intelligence data from Cisco Talos Intelligence Group, one of the world’s largest non-government threat intelligence teams. These world-class researchers, analysts and engineers are supported by unrivaled telemetry and sophisticated systems to create accurate, rapid and actionable threat intelligence for Cisco customers, products and services. Talos defends Cisco customers against known and emerging threats, discovers new vulnerabilities in common software and stops threats in the wild before they can further harm the internet at large. Its immense scale and breadth allow it to resolve 715 billion web requests resolved daily, process 1.4+ million malware samples daily and discover 200+ new vulnerabilities yearly.
Umbrella uses this threat intelligence to map a holistic view of the threat landscape to better detect malicious activity and anticipate future attacks by seeing the relationships between malware, domains and networks across the internet, learning from internet activity patterns to automatically identify attacker infrastructure being staged for the next threat.
Cisco TALOS ensures Umbrella for Government security protections stay up-to-date to defend against the latest nation state-sponsored activity providing a long-term partnership for government agencies to maintain and improve security posture and reduce risk.
Reason #3: Ease of deployment and use
The complexity and costs of managing a diverse set of security solutions can strain IT resources and stretch budgets. Cisco Umbrella for Government solves this problem by bringing together multiple security technologies into a single, integrated cloud service, managed by a single browser interface for rapid configuration and easy day-to-day management, providing comprehensive protection for distributed networks and roaming users.
Customers tell us that setting up Umbrella DNS security is a simple process; in a few hours they were able to enhance branch office protection and protect their roaming users globally. The integration with CISA’s PDNS is easy to configure and implement through the Umbrella for Government management console. Administrators can start with DNS security and then flexibly add additional security defenses customized to the needs of their environment, such as enabling firewall inspection with Snort IPS or blocking social media platforms or the usage of generative AI applications. Umbrella’s ease of deployment can show near-immediate value in defending against modern threats.
Umbrella for Government’s cloud-delivered security means there is no hardware to install or maintain. Customers with existing Cisco Secure Client (formerly AnyConnect VPN) deployments can enable DNS security without the installation of additional client software, providing Protective DNS integration for roaming users. It is a comprehensive cloud security solution that is designed to simplify your environment, accelerate cloud migration and provide flexible security that can grow with your organization.
A Forrester TEI study conducted with existing Umbrella commercial customers showed Umbrella decreased the effort to deploy and enforce web and cloud security policies by 65%, and increased security efficacy by 30%. Umbrella customers saw a 21% reduction in data breaches resulting in lower compensatory, remedial, regulatory, and reputational costs.
Conclusion
Cisco Umbrella for Government provides advanced, comprehensive cloud-native security. It is FedRAMP Moderate, State RAMP and TX-RAMP authorized and helps agencies meet Federal security mandates for enhanced cybersecurity (OMB Memos M-22-09, M-21- 31), PDNS. It combines enhanced security that meets or exceeds government requirements, advanced threat detection with Cisco Talos and ease of implementation.
Want to learn more? Check out some of our resources:
We’d love to hear what you think. Ask a Question, Comment Below, and Stay Connected with Cisco Security on social!
Cisco Security Social Channels
Instagram
Facebook
Twitter
LinkedIn
Share:
Leave a Reply