Sold by: Cisco Systems, Inc.
The leader in DNS-layer security As a trusted partner of over 24,000 companies, Cisco Umbrella provides the quickest, most effective way to improve your security stack. Gain a new layer of breach protection in minutes, with internet-wide visibility on and off your network, no matter your company size.
4.4
Overview
Enterprise security and networking are facing a significant transformation as organization embrace SASE, a Secure Access Service Edge. Wide-scale adoption of cloud applications, an increase in remote workers, and expansion of branch offices has rendered the centralized, on-premises security model impractical. The convenience, cost savings, and performance benefits of going direct to the internet is driving a new decentralized approach to networking. Yet with change comes risk and a new set of security challenges. Organizations require a broader set of protection that not only improves security, but simplifies management.
The Umbrella DNS Security Advantage package includes all the capabilities of DNS Security Essentials plus it enables organizations to proxy risky domains for URL blocking and file inspection using AV engines and Cisco AMP. For organizations looking for deeper context during incident investigations, DNS Security Advantage offers unmatched threat intelligence in the Investigate console and on-demand enrichment API.
For questions related to product, pricing or private offers, reach out to our team at cisco-security-inquiry@cisco.com
Highlights
- DNS-layer security - Umbrella uses DNS to stop threats over all ports and protocols. Stop malware earlier and prevent callbacks to attackers if infected machines connect to your network.
- App discovery & blocking - Umbrella provides visibility into cloud apps used across your organization, so you can identify potential risk and block specific applications easily.
- Web security via selective proxy - Umbrella routes requests to risky domains to a selective proxy for deeper URL and file inspection. Effectively protect without delay or performance impact.
Details
Sold by
Categories
Delivery method
Deployed on AWS
New
Introducing multi-product solutions
You can now purchase comprehensive solutions tailored to use cases and industries.
Features and programs
Buyer guide
Gain valuable insights from real users who purchased this product, powered by PeerSpot.
Financing for AWS Marketplace purchases
AWS Marketplace now accepts line of credit payments through the PNC Vendor Finance program. This program is available to select AWS customers in the US, excluding NV, NC, ND, TN, & VT.
Pricing
Pricing is based on the duration and terms of your contract with the vendor. This entitles you to a specified quantity of use for the contract duration. If you choose not to renew or replace your contract before it ends, access to these entitlements will expire.
Additional AWS infrastructure costs may apply. Use the AWS Pricing Calculator to estimate your infrastructure costs.
Dimension | Description | Cost/12 months |
|---|---|---|
Umbrella DNS Advantage | Umbrella DNS Advantage with enhanced support, per user | $65.88 |
Vendor refund policy
Please refer to the seller's website.
Custom pricing options
Request a private offer to receive a custom quote.
Legal
Vendor terms and conditions
Upon subscribing to this product, you must acknowledge and agree to the terms and conditions outlined in the vendor's End User License Agreement (EULA) .
Content disclaimer
Vendors are responsible for their product descriptions and other product content. AWS does not warrant that vendors' product descriptions or other product content are accurate, complete, reliable, current, or error-free.
Delivery details
Software as a Service (SaaS)
SaaS delivers cloud-based software applications directly to customers over the internet. You can access these applications through a subscription model. You will pay recurring monthly usage fees through your AWS bill, while AWS handles deployment and infrastructure management, ensuring scalability, reliability, and seamless integration with other AWS services.
Resources
Vendor resources
Support
Vendor support
When customers purchase Umbrella, support is embedded
AWS infrastructure support
AWS Support is a one-on-one, fast-response support channel that is staffed 24x7x365 with experienced and technical support engineers. The service helps customers of all sizes and technical abilities to successfully utilize the products and features provided by Amazon Web Services.
Updated weekly
By Cisco Systems, Inc.
By Palo Alto Networks
By Netskope
Sentiment is AI generated from actual customer reviews on AWS and G2
Functionality
Ease of use
Customer service
Cost effectiveness
Positive reviews
Mixed reviews
Negative reviews
AI generated from product descriptions
DNS-Layer Threat Prevention
Utilizes DNS protocol to block threats across all ports and protocols, preventing malware callbacks from infected machines attempting to connect to attacker infrastructure.
Cloud Application Visibility and Control
Provides visibility into cloud applications deployed across the organization with capability to identify risks and block specific applications.
Selective Proxy-Based URL and File Inspection
Routes requests to risky domains through selective proxy for URL blocking and file inspection using antivirus engines and advanced malware protection.
Threat Intelligence and Investigation Capabilities
Offers threat intelligence data accessible through Investigate console and provides on-demand enrichment API for deeper context during incident investigations.
Internet-Wide Security Visibility
Delivers security visibility both on and off the network across internet-wide traffic regardless of user location or network connectivity.
Advanced Threat Prevention
Safeguards network from known and zero-day threats including exploits, malware, spyware, and command and control attacks using researcher-grade signatures and machine learning inspection engine.
Advanced URL Filtering
Defends against phishing, ransomware, and web-based attacks using inline machine learning-based web security engine with real-time detection of previously unseen threats and dynamic policy controls.
File-Based Threat Detection
Identifies file-based threats through inline static and dynamic analysis in the cloud with proprietary hypervisor technology for detection of sandbox-resistant malware.
DNS Security
Detects and prevents sophisticated DNS-layer network attacks and data exfiltration attempts.
Dynamic Policy Management
Applies policy definitions to cloud assets based on AWS tags, Application IDs, User IDs, geographies, or zones with automatic adaptation to infrastructure changes without manual intervention.
Cloud Access Security Broker
Unified cloud access security broker (CASB) functionality providing visibility and control over access to managed and unmanaged cloud services with conditional, granular policy enforcement.
Secure Web Gateway
Next generation secure web gateway (SWG) capabilities delivering comprehensive threat protection for cloud and web services with context-aware access control.
Data Loss Prevention
Data-at-rest and data-in-motion inspection with DLP violation detection, malware scanning in cloud storage, and data exfiltration prevention to unmanaged cloud infrastructure.
Cloud Infrastructure Monitoring
Continuous security assessment monitoring of cloud infrastructure for risky misconfigurations including data exposure across AWS and other cloud providers with inventory and configuration visibility.
Compliance and Remediation Automation
Pre-defined compliance profiles aligned with CIS, PCI, and NIST standards, advanced RBAC, scheduled reporting, alert notifications, exception handling, and automated remediation capabilities accessible via REST APIs.
Standard contract
No
No
No
Customer reviews
reviewer2846889
Dns protection has improved off-network security but still needs stronger bypass controls
Reviewed on May 29, 2026
Review provided by PeerSpot
What is our primary use case?
The main use case for Cisco Umbrella in my work is to protect the DNS queries going outside to the internet.
What is most valuable?
One of the best things I appreciate about Cisco Umbrella is that it provides protection for endpoints even while you are off the network and not behind the firewall. If you are working from home, your DNS queries are protected effectively, though there is one caveat: it only protects DNS queries. If you are accessing something via IP address, it does not work as well. IP protection is not blocked by Cisco Umbrella, but DNS queries are, and it works well for endpoints protected even from a public network.
Cisco Umbrella has definitely improved the security posture and the overall organization security posture management.
What needs improvement?
The only frustration I have with Cisco Umbrella is that people can exit the Umbrella roaming client to bypass the security. Some people who are technical can bypass it by putting the IP address into the host file. These are a few things which sometimes become frustrating when people try to bypass the Umbrella protection.
If I could change one thing about Cisco Umbrella to improve that situation, I would include traffic for DNS resolution even on IP addresses to give extra protection on that layer and conduct deeper analysis. Considering AI, which is evolving rapidly, I would suggest including AI as an integration into Cisco Umbrella.
For how long have I used the solution?
I have been familiar with Cisco Umbrella for almost one year.
Which solution did I use previously and why did I switch?
Before we adopted Cisco Umbrella, we did not have any tool. We only used the firewall as a prevention tool and mostly relied on next-generation antivirus which looks at behavioral analytics.
How was the initial setup?
When I first implemented Cisco Umbrella, it took a simple and quick configuration in the SaaS tool on the cloud. To protect the endpoints, we need to deploy the clients on the endpoints, which is time-consuming. Configuring policies and downloading the client is easy, perhaps a one or two-day task, but deploying the clients to all the endpoints definitely takes time.
What about the implementation team?
I was not involved in the POC of Cisco Umbrella, but I was part of the engineering team who deployed it.
Which other solutions did I evaluate?
My advice for someone considering Cisco Umbrella, based on my experience over the past year, is to understand your clear business requirements. Definitely check for all the required features. Cisco Umbrella is good for DNS security, but there are many other competitive tools in the market such as Zscaler that overcome the challenges I saw in Cisco Umbrella. Based on your requirements, cost, and budget, analyze the tool during the POC and finalize it.
What other advice do I have?
The first thing that we do when we open Cisco Umbrella is watch the dashboard, which shows the traffic analysis, what traffic looked like in the last 24 hours, how many malicious queries have been blocked, what the valid usages are, how many blacklisted items there are, and how many URLs that we have blocked have hits. That is how we conduct day-to-day analysis of it.
The scope of monitoring Cisco Umbrella involves two or three people or some people in the SOC team who do the monitoring.
My team needed a small interaction just to explain how the use cases that we implemented in Cisco Umbrella work, which was something important. The knowledge base article available on the Cisco website was good enough and useful to have on hand.
Cisco Umbrella was used company-wide.
The only feature I think about is SSL inspection, which we never enabled because it requires lots of approval and legality.
I have seen improvement in that Cisco Umbrella has cut down on malicious traffic. If there is any new domain registered by a malicious actor or hacker, it was quickly detected by Cisco Umbrella. There was some phishing link that we got to know about and blocked in Cisco Umbrella, so anyone getting that phishing link and trying to reach that domain would be blocked. This feature is especially effective even when you are off the network. I would rate this review seven out of ten.
reviewer2015976
DNS protection has reduced phishing risks but endpoint bypass remains a concern
Reviewed on May 28, 2026
Review provided by PeerSpot
What is our primary use case?
My main use case for Cisco Umbrella is to protect DNS queries that are going outside to the internet. When I open Cisco Umbrella , the first thing I do is watch the dashboard to analyze what the traffic looks like in the last 24 hours, how many malicious queries have been blocked, what the valid usages are, and how many blacklisted URLs have hits.
The scope of monitoring Cisco Umbrella involves two or three people or some people in the SOC team doing the monitoring. Cisco Umbrella is used company-wide.
What is most valuable?
From my experience using Cisco Umbrella, one of the best features is that it provides protection for the endpoints even while off the network, which means that if you are working from home, your DNS queries are protected well enough, with the caveat that it only protects DNS queries but does not work well when accessing something via IP address.
Cisco Umbrella has definitely helped improve some aspects of our security posture, contributing to overall organizational security posture management. I have seen improvements in that it cut down on malicious traffic; if there is a new domain registered by a malicious actor or hacker, it is quickly detected by Cisco Umbrella. For instance, there was a phishing link we discovered, and we blocked it in Cisco Umbrella, ensuring anyone trying to access that domain would be blocked, which is a critical feature even when off the network.
What needs improvement?
The biggest frustration I have encountered with Cisco Umbrella is that people can exit the Cisco Umbrella roaming client to bypass security, and some technically savvy individuals might know how to bypass it by modifying the hosts file to exclude Cisco Umbrella.
If I could change one thing about Cisco Umbrella, it would be to include traffic for DNS resolution even on IP addresses for extra protection and to enhance the analysis capabilities, considering the advancements in AI.
During implementation, there were not really any features that we are not using today, but SSL inspection was something we never enabled due to requiring extensive approval and legality considerations.
For how long have I used the solution?
I have been familiar with Cisco Umbrella for almost one year.
Which solution did I use previously and why did I switch?
Before adopting Cisco Umbrella, we did not have any tool and only used the firewall as a prevention tool, mostly relying on next-generation antivirus focused on behavioral analytics.
What about the implementation team?
In terms of implementation, Cisco Umbrella is more of a SaaS tool, and configuring in the SaaS tool on the cloud is simple and quick; however, to protect the endpoints, deploying the clients on the endpoints is time-consuming. Configuring policies and downloading the client is easy, perhaps a one or two day task, but deploying the clients to all the endpoints definitely takes more time.
What other advice do I have?
When evaluating options, I was not involved in the POC of Cisco Umbrella; I was a part of the engineering team that deployed it.
My team did need a small interaction with team members to explain the use cases implemented in Cisco Umbrella, which was important, and the knowledge base articles available on the Cisco website were good and useful to have handy.
My advice for someone considering Cisco Umbrella, based on my experience over the past year, is to understand your clear business requirements, check all the required features, and note that Cisco Umbrella provides good DNS security, though there are other competitive tools, such as Zscaler, which address the challenges I noticed in Cisco Umbrella. Based on your requirements and budget, analyze the tool during the POC and finalize your choice. I would rate my overall experience with Cisco Umbrella as a seven out of ten.
Subhajji S.
Straightforward Policy Creation with Templates Across Cloud Proxy and Prisma
Reviewed on May 09, 2026
Review provided by G2
What do you like best about the product?
Creating policies using templates is straightforward. You can create user-based policies that apply on the cloud proxy, and you can do the same on Prisma as well.
What do you dislike about the product?
The Umbrella selected proxy feature felt unreliable. It sometimes allows URL access, but other times it blocks the same URLs, and we couldn’t whitelist them. We got stuck in that situation.
What problems is the product solving and how is that benefiting you?
Cloud proxy with URL blocking and whitelisting, helping safeguard the environment over a VPN network.
Aman A.
Reliable DNS-Level Protection Anywhere, with Windows Agent and Mobile App
Reviewed on Apr 23, 2026
Review provided by G2
What do you like best about the product?
It does what it states. Protection at a DNS level, it has its own agent for Windows and app for mobile. Where you are connected to office network or not, you are still protected. A great layer of defense on top of AV systems.
What do you dislike about the product?
Cannot thick of anything. Just because you are working at a DNS layer. You need to know what you are configuring to avoid any service disruption.
What problems is the product solving and how is that benefiting you?
It adds defense in depth in our environment. This way we are not just relying on AV. It also adds great visibility in the AI world where everyone wants to access all the AI websites out there. Also they are pretty fast in updating their database about new websites.
Information Technology and Services
Light weight content filter
Reviewed on Apr 09, 2026
Review provided by G2
What do you like best about the product?
Creating policies and testing policies is a breeze
What do you dislike about the product?
Mostly cost, and its proxying behavior did negatively impact some traffic.
What problems is the product solving and how is that benefiting you?
URL filtering on the corporate network and outside of it.