1 Enterprise Buyer Guide Umbrella s Secure Cloud Gateway vs. Web Proxies or Firewall Filters Evaluating usability, performance and efficacy to ensure that IT teams and end users will be happy.
2 Lightweight vs. Heavyweight Traffic Routing For secure, fast, scalable and reliable Internet connections to content servers via any application, protocol or port, Umbrella Enterprise first enables secure, fast, scalable and reliable responses from name servers. Umbrella uses a unique Secure Cloud Gateway to route only lightweight traffic with selective proxying thru the infinitely scalable and always available OpenDNS Global Network. Protecting every on-net device requires no new hardware, client software, device changes or network topology changes. Simply enter two Anycast IP addresses used by the OpenDNS Global Network. ALL DEVICES INCLUDING BYOD NO DEVICE OR NETWORK CHANGES RELIABLE CONNECTIONS NO LATENCY NO BOTTLENECKS Existing solutions rely on Web proxies and firewall filters that require routing heavyweight traffic thru hardware with limited scalability and availability. NOT SECURE, NOT ALWAYS SOME DEVICES EXCLUDING BYOD PLUS DEVICE OR NETWORK CHANGES SOME SECURE, BUT SLOW, CONNECTIONS AT SCALE 1 or MORE ISPs PROXY FILTER IT teams re-gain visibility and control over unmanaged devices such as user-owned smartphones, tablets and laptops connected to networks as a result of BYOD (bring your own device) initiatives. IT teams also gain visibility and control over every distributed network where existing solutions had been cost prohibitive to deploy. Umbrella s Secure Cloud Gateway does not overlap with Web proxies or firewall filters, so both may be used in tandem to protect unmanaged devices and networks. And to prevent unwanted connections resulting in security, compliance, productivity or bandwidth risks. Restoring scalability to existing solutions. ALL DEVICES INCLUDING BYOD PLUS ANY EXISTING CHANGES SECURE, FEWER SLOW, CONNECTIONS AT SCALE PROXY FILTER SECURE CLOUD GATEWAY CLOUD-HOSTED Protect every on-net device w/o device or network changes Easy to manage w/o any software or hardware to maintain! #* " Secure every Internet connection any app, protocol or port Filter inappropriate sites and grant overrides to select users! Scale to 1000s of network locations cost-effectively FIREWALL FILTERS *NOTE: Many cloud-hosted web proxies require new on-premises devices to redirect traffic. Umbrella s Secure Cloud Gateway vs. Web Proxies or Firewall Filters Page 2
3 Security vendors often focus on threat efficacy, but gloss over its usability or performance. Vendors often assume administrators are investing their time in addition to their organization s money to use the solution, so they do not focus on how easy it is to: provision and setup enforce and report manage and maintain Also, vendors often offer cryptic or rather meaningless specifications regarding the product s performance, which do not always accurately reflect its: reliability and resiliency connection speed bandwidth throughput Finally, while vendors may claim they have superior threat intelligence and prevention, consider more completely its: on-net device coverage attack surface coverage accuracy and timeliness LOW TCO, HIGH ROI, HAPPY USERS It is not uncommon for Web proxies and firewall filters to take days to weeks before it is effectively enforcing devices and reporting activity. Add on training to learn how to manage all the complex bells and whistles, many which go unused, and on-going maintenance to address performance or efficacy issues, and the ownership cost increases. Umbrella can enforce every device on any network and report activity within an hour of asking for an evaluation trial. Our simple cloud-hosted management console and issue-free operation, means you set and forget it. Often Web proxies and firewall filters are deployed within the network using a less redundant topology than if they never existed, which can result in new points of failure. They add new hops for Internet connections and/or processes applied to Internet traffic, which can increase latency and decrease throughput; leading to less happy users. Umbrella simply replaces a mandatory, already in-use cloud service provided by ISPs. Faster, more reliable connections are a result of OpenDNS s Anycast and SmartCache technologies that reduce hops and processes. Web proxies, in particular, provide minimal on-net device coverage depending on the setup of managed devices or networks. Often only traffic sent by configured browsers is protected; not Web-based outbound botnet traffic from infected devices malicious software. The Web may be the most used protocol, but it is one amongst hundreds that threats utilize and proxies are blind to. Firewalls often only filter by destination for Web traffic; some using a built-in Web proxy. Firewalls filtering other application traffic often do not distinguish between good or bad destinations for this traffic. The Umbrella Security Cloud ensures that malware, phishing, inappropriate sites and botnets never touch your network, regardless of the attack surface (any application, protocol, port or non-managed device). The evaluation matrix on the following page provides more detail on how Umbrella s use of a Secure Cloud Gateway compares to other solutions use of Web proxies delivered in-the-cloud or on-premises or on-premises firewall filters. We believe that you will draw the same conclusions, that Umbrella delivers a more usable, high performance and effective solution than competitors traditional solutions. Umbrella s Secure Cloud Gateway vs. Web Proxies or Firewall Filters Page 3
4 COMPARE THE ADVANTAGES OR DISADVANTAGES BETWEEN DELIVERY PLATFORMS SECURE CLOUD GATEWAY vs CLOUD-HOSTED or or FIREWALL FILTERS Provision & Setup Lightweight DNS traffic redirection without network topology changes for 1 to 1000s of sites No appliances or client software No client setting changes Heavyweight TCP/IP traffic redirection per site Requires network topology change, client software or setting changes Receive and deploy appliance per site Heavyweight TCP/IP traffic redirection per site Requires network topology change, client software or changes Receive and deploy appliance per site Significant configuration to control network traffic flow is likely required to migrate from current firewall Enforce & Report Network-level granularity via public IP Grant override permissions to users Full data retention for 2 years with no hidden fees User-level granularity via directory integration requires complex setup or network-level granularity Data retention often limited or else extra fees User-level granularity via directory integration requires complex setup Data retention limited by internal storage available Network-level granularity via internal IP User-level granularity requires complex setup Data retention limited by internal storage available CHOOSE AN EVALUATION CRITERIA Manage & Maintain Reliability & Resiliency Connection Speed Bandwidth Throughput On-Net Device Coverage Simple set and forget No OS patches or appliance upgrades No security rule tuning No site exceptions to address SSL decryption or authentication issues No outages since launch in 2006 Uses Anycast IPs No new latency Often reduced response time via SmartCache Spikes in traffic will not cause slower speeds Infinite scalability via lightweight queries & responses Any on-net device; managed or not any application, any protocol and any port Often security rules are complex, and require fine-tuning to reduce false positives/negatives SSL or auth. issues require frequent site exceptions Many have had outages despite SLA Lack Anycast IPs Adds new latency due to one or more intermediate hops Likely unlimited, but heavyweight traffic redirection can be limited Depending on setup, only managed devices and configured browser applications only HTTP/S and ports 80/443 OS patch conflicts or upgrade downtime Often security rules are complex and require finetuning SSL or auth. issues require site exceptions Often reduced network redundancy in topology or else expensive Adds new latency due to another intermediate hop Spikes in traffic will cause noticeably slower speeds Limited by resources available on appliance or server; often a bottleneck Depending on setup, only managed devices and configured browser applications only HTTP/S and ports 80/443 Complex and focused on network management, not policy or security, so it is often confusing If SSL or auth. is included, then issues will require site exceptions Sometimes reduced network redundancy in topology May add new latency depending on internal processes and the number of add-on features enabled Limited by resources available on appliance or server Any on-net device; managed or not Filters by destination over HTTP/S, 80/443 May include protocol or application filters, but not by destination Attack Surface Coverage Industry-leading outbound botnet protection Inbound malware and phishing protection Web filtering categories for regulatory & acceptable use policy compliance Ineffective outbound protection due to inadequate network coverage Inbound protection use proprietary and/or 3 rd - party systems Ineffective outbound protection due to inadequate network coverage Inbound protection use proprietary and/or 3 rd - party systems Outbound protection usually not a focus Inbound protection is usually via 3 rd -parties so efficacy is not controlled Accuracy & Timeliness Proactive protection is updated 24x7 via engineers and partners Very few false positives Often need to fine-tune security rules to prevent inaccuracies Often need to fine-tune security rules to prevent inaccuracies Not usually a core focus of business or products, so accurate or timely protection may suffer Umbrella s Secure Cloud Gateway vs. Web Proxies or Firewall Filters Page 4
5 Umbrella is brought to you by OpenDNS. Trusted by millions around the world. The easiest way to prevent malware and phishing attacks, contain botnets, and make your Internet faster and more reliable. OpenDNS, Inc Copyright 2012 OpenDNS, Inc. All rights reserved worldwide. No part of this document may be reproduced by any means nor translated to any electronic medium without the written consent of OpenDNS, Inc. Information contained in this document is believed to be accurate and reliable, however, OpenDNS, Inc. assumes no responsibility for its use. BG-Umbrella-Enterprise-Secure-Channel-vs-Proxy-Filter
White Paper Application Visibility and Monitoring > An integrated approach to application delivery Application performance drives business performance Every business today depends on secure, reliable information
10 Things Your Next Firewall Must Do Introduction Without question, your network is more complex than ever before. Your employees are accessing any application they want, using work or personal devices.
WHITE PAPER: TWO-FACTOR AUTHENTICATION: A TCO VIEWPOINT........................................ Two-Factor Authentication Who should read this paper This whitepaper is directed at IT, Security, and Compliance
white paper Public or Private Cloud: The Choice is Yours Current Cloudy Situation Facing Businesses There is no debate that most businesses are adopting cloud services at a rapid pace. In fact, a recent
Index. Executive Summary. Cost Drivers in the Total Cost of Ownership Analysis 4. Capital expenses 4. Design and deployment costs 4.3 Ongoing infrastructure costs 5.4 Ongoing operations and support costs
BUSINESS PHONE SOLUTION Buyers Guide 10 Questions Every Business Should Ask Introduction BOLD OPTIONS AND NEW POSSIBILITIES Today s business owners have extensive options for selecting a business phone
The Definitive IP PBX Guide Understand what an IP PBX or Hosted VoIP solution can do for your organization and discover the issues that warrant consideration during your decision making process. This comprehensive
Controlling Web 2.0 Applications in the Enterprise SOLUTION GUIDE FORTINET Controlling Web 2.0 Applications in the Enterprise PAGE 2 Summary New technologies used in Web 2.0 applications have increased
Essential Ingredients for Optimizing End User Experience Monitoring An ENTERPRISE MANAGEMENT ASSOCIATES (EMA ) White Paper Prepared for Neustar IT MANAGEMENT RESEARCH, Table of Contents Executive Summary...1
MOBILE FIRST ENTERPRISE 1 White Paper Mobile-first Enterprise: Easing the IT Burden 10 Requirements for Optimizing Your Network for Mobility 2 MOBILE FIRST ENTERPRISE Table of Contents Executive Summary
VoIP Solutions Guide Everything You Need to Know Simplify, Save, Scale VoIP: The Next Generation Phone Service Ready to Adopt VoIP? 10 Things You Need to Know 1. What are my phone system options? Simplify,
The Critical Security Controls for Effective Cyber Defense Version 5.0 1 Introduction... 3 CSC 1: Inventory of Authorized and Unauthorized Devices... 8 CSC 2: Inventory of Authorized and Unauthorized Software...
Microsoft System Center 2012 R2 Why Microsoft? For Virtualizing & Managing SharePoint July 2014 v1.0 2014 Microsoft Corporation. All rights reserved. This document is provided as-is. Information and views
ProfileUnity with FlexApp Technology Help Manual Introduction This guide has been authored by experts at Liquidware Labs in order to provide information and guidance concerning ProfileUnity with FlexApp.
RingCentral IT Buyer s Guide 1 RingCentral IT Buyer s Guide As an IT manager or consultant, you have important responsibility for your company s or clients business infrastructure. And because small- and
Making Middleboxes Someone Else s Problem: Network Processing as a Cloud Service Justine Sherry UC Berkeley Arvind Krishnamurthy University of Washington Shaddi Hasan UC Berkeley Sylvia Ratnasamy UC Berkeley
M86 MailMarshal Exchange USER GUIDE Software Version: 7.1 M86 MAILMARSHAL EXCHANGE USER GUIDE 2011 M86 Security All rights reserved. Published November 2011 for software release 7.1 No part of this Documentation
OpenScape Business The all-in-one Unified Communications solution for SMBs. Improve your performance and take your business to the next level with Unified Communications. Amplifying opportunities The success
VoIP and IPT Best Practices for Implementation A Guide to Ensuring a Solid Foundation for Unified Communications Executive Summary Gary Audin, Delphi, Inc. Migration is the movement from one place or condition
Siebel Email Administration Guide Siebel Innovation Pack 2013 Version 8.1/8.2 September 2013 Copyright 2005, 2013 Oracle and/or its affiliates. All rights reserved. This software and related documentation
White Paper Information Security, Virtualization, and the Journey to the Cloud By Jon Oltsik August, 2010 This ESG White Paper was commissioned by Trend Micro and is distributed under license from ESG.
Cyber Security Planning Guide The below entities collaborated in the creation of this guide. This does not constitute or imply an endorsement by the FCC of any commercial product, service or enterprise
Privacy and Tracking in a Post-Cookie World A whitepaper defining stakeholder guiding principles and evaluating approaches for alternative models of state management, data transparency and privacy controls