Cisco Umbrella is a powerful web filtering solution for managed service providers and businesses. The product is priced at the upper end of the price spectrum and there are more affordable alternatives available that may provide all the features you need.
WebTitan DNS filter from TitanHQ is the main Cisco Umbrella alternative and from a pricing perspective if much better value.
Cisco Umbrella DNS Pricing
The current 2020 Cisco Umbrella pricing comparison that we are seeing when talking to prospective customers is as follows:
2020 Web Filtering Pricing – Cisco Umbrella Cost versus WebTitan Web Filter
Cisco Umbrella Pricing: $2.70
TitanHQ WebTitan Pricing: $0.90c (SAVE $1.80c)
(this price is per user per month, with 100 users for the same key feature set and threat intelligence.)
The monthly costs for 100 users would be as follows:
Cisco Umbrella Pricing: $270 per month
TitanHQ WebTitan Pricing: $90 per month (SAVE $180 per month)
For a managed service provider who is providing DNS filtering for 3,000 endpoints the monthly pricing differential would be as follows:
Cisco Umbrella Pricing: $8,100 per month
TitanHQ WebTitan Pricing: $2,700 per month (SAVE $5400 per month)
TitanHQ will negotiate pricing at this level as well.
For a managed service provider who is providing DNS filtering for 3,000 endpoints the yearly pricing differential would be as follows;
Cisco Umbrella Pricing: $97,200 per month
TitanHQ WebTitan Pricing: $32,400 per month
Cisco Umbrella Pricing compared to WebTitan Web Filter
Email me the most recent Cisco Umbrella versus WebTitan pricing comparison
WebTitan DNS filter offers flexible pricing options based on the customer's preferences - we can price based on AP's, IP's or locations - the customer decides.
We don't operate monthly minimums and TitanHQ don't tie you to yearly commitments - we'll grow and shrink with our customers
Cisco Umbrella offers complex pricing tiers and charges additionally for support and forces customers to accommodate their overly complex buying process.
Why WebTitan Web Filter is a great alternatve to Cisco Umbrella - The Official Cisco Umbrella Alternatives Video:
Cisco Umbrella Pricing versus WebTitan Pricing
You can see all of our WebTitan web filter pricing completely openly displayed on this page - our pricing is entirely transparent.
Compare Cisco Umbrella pricing to WebTitan DNS Filter pricing live here
WebTitan Web Filtering Trial
You can start a 30 day FREE trial of WebTitan on the following page
Features Comparison Table
Cisco Umbrella Pricing Comparison Versus WebTitan from TitanHQ: Features Comparison Table
This table lays out the key feature comparisons between Cisco Umbrella and WebTitan Cloud.
The most recent G2 crowd satisfaction ratings for secure web gateways had WebTitan beating Cisco Umbrella in 6 of the 7 key success categories.
If you would like an immediate price comparison between Cisco Umbrella and WebTitan as well as a high level summary pdf of all the detail on this page drop me a mail to Natalie@TitanHQ.com with the number of users you are looking to protect. Thanks, Natalie
We also have a detailed comparison between Cisco Umbrella and Webtitan the Cisco Umbrella alternative here
What does Cisco Umbrella do?
Cisco umbrella and webtitan dns filter are the two leading DNS based web filters. So what does cisco umbrella really do.
It identifies and blocks access to malicious links and websites via the DNS layer. So before a user can access a malicious site and before it hits your network cisco umbrella and webtitan block the site.
This has become one of the key methods of protecting businesses against malware and ransomware.
DNS filtering serves two main purposes providing IT teams with visibility into online activities by staff and allows restrictions to be placed on online activities to prevent certain types of website from being accessed.
WebTitan and Cisco Umbrella also improve security posture by blocking downloads of certain file types, such as those commonly used to hide malware and ransomware. A DNS filter is also an important anti-phishing control that prevents employees from visiting known phishing websites, such as via hyperlinks sent in phishing emails. Both types of control can be applied for individual users, guests, patients, departments, or the entire organization.
Cisco Umbrella Customer Reviews and Satisfaction Ratings versus WebTitan:
This table shows the most recent review scores and satisfaction ratings for Cisco Umbrella Versus WebTitan Web Filter on the G2 Crowd reviews website.
WebTitan Web filter BEATS Cisco Umbrella in all 6 key rating factors on G2 Crowd .
The G2 Crowd independent review platform which leverages more than 650,000 independent and authenticated user reviews read by more than 3 million IT buyers
WebTitan web filter comprehensively beats Cisco Umbrella on the 6 key success rating factors.
The difference in the quality of support is resounding.
WebTitan and Cisco Umbrella are consistently at the top of the G2 Grid for Secure Web Gateways and Cloud Security.
Here is the most recent grid.
Cisco Umbrella Pricing for MSPs?
All this said, Umbrella and platforms like it, are going to have to be the future of content control and CIPA compliance, for the simple reason that from a pedagogical perspective, learning within the physical school network is no longer a guarantee or in some cases, even a desire; and because we are subject to HIPAA etc we must find "defendable" products to accommodate those education goals.
I used to be a opendns fan, but their adult categories have been updated as they should be. So both umbrella and the free opendns tend to miss a lot of sites that should be blocked:
We have Cisco Umbrella and we love it, but its more of a black hole dns not really a content filer, I would not use that for it to be CIPA complient
We use it, it works really good for what the price. It does its job at keeping CIPA compliant, and the added security features are just icing on the cake.
As far as "cisco all the things" we run it on a mixed adtran/ubiquity network, with a fortigate firewall. It works, the VAs and Windows/mac clients work just fine, and the newly released chromebook client is a start, but they have a ways to go with it.
We switched to Cisco Umbrella from Lightspeed this school year and it has its ups and downs.
The downs are the fact that it isn't very good at giving you detailed information about what the kids are searching. Most Content filtering allows you to see what their searching on google, bing, etc. with umbrella you only see that they visited google. Another big problem we ran into is the fact that you can only block or allow the top level domain. For instance if i wanted block a certain google site someone created i have to block sites.google.com vice sites.google.com/personalwebpage. Not sure if you have chromebooks or not but umbrella's new chromebook agent isnt nearly as good as lightspeeds was. You cannot block by a certain group in google it is by user. So you cant have a different policy for Elementary vs HS.
The positives are that it is 2nd to none when it comes to blocking out any kind of malware sites. We got hit with a viruses last year and we used it to quickly identify all affected PC's that were calling out to malicious domains which is one of the reasons we made the switch.
If i had to do it all over again i would probably still go toward a web filter that was more geared to the k12 enviroment vs umbrella.
Do you have an idea of what umbrella is going to cost you for 50k user?
That is definitely not a medium size org imo. The lowest price I see in the market is 50c so you are looking at 25k per month. You're right in saying that dns filtering is the way to go and umbrella has very good threat intelligence and real time updating. All dns filters will answer your cipa compliance so fine there. I know you stated you're not interested in other vendors but we have moved opendns/umbrella out of so so much business in the last 18months. WebTitan can give you all the above at half the price
Competitors of Cisco Umbrella
I think Cisco Umbrella is the bees knees. I think everyone should have it, or a service like it.
However, it's a very technical sale. It's tough to explain how it works or why it's effective without going down technical ratholes about DNS and threat intel.
How do you explain WHY people need it?
Obviously, for many customers, there's a high enough level of trust that they just say "OK" when you say "you need it."
But I'm curious if anyone has come up with clever ways to explain such a technical product to non-technical people that makes them nod their head, and understand why they need it in addition to their antivirus of choice.
We don’t sell it, we include it. Our discussions are focused around how our stack can help them filter and secure content and what sites/content they’d like blocked during onboarding.
Yes. It’s one of those things that allows you to invest less labor in a customer over time because you are cleaning up less garbage on computers, mitigating fewer phishing breaches, and cleaning less ransomware.
This is exactly how I do it. They are buying a collection of solutions and results, how I deliver them is subject to and often does change.
Interesting that you get people to talk about content filtering -- I find that's usually a very low-interest area amongst the customers who we meet. Often times, customers already have this capability in their firewall, and they're not bothering to use it. Any success stories on how you turn disinterest to interest?
Explain it from the context of accidental drive by stuff, not intentionally wasted time by staff. Most small businesses dont want to be big and corporate, and want their staff to feel comfortable and even take some downtime at work - so explain that there is nothing wrong with that, but the internet is malicious and websites get hacked and compromised so what was an OK website yesterday could be bad today, and a content filter helps protect against that.
the conversation needs to be around business objectives and not content filtering as a blanket product. You need to focus and detour the conversation to being around lost productivity, infections, etc. and how thats helping them meet business objectives.Then give a 10-second blurb about DNS
"DNS is like the phone book for the internet, it matches names to IP addresses because names are easier to remember"
"OpenDNS is kind of like calling information instead of looking at the phonebook, and the operator makes sure that you aren't trying to call a scammer when you really just want to call your bank".
They will be like "yea, but muh bank has fraud protection"
"Yep, just like we have anti-virus, but an ounce of prevention is worth a pound of cure - so while we do our best to remove malware once it is on the machine, stopping it is always the best approach"
if they argue more dive into the idea that AV is reactionary generally, that threats change daily, blah blah blah.
Love it! Yeah, that's largely how I've been explaining it, though I like the phone operator analogy. The only twist that I've added that seems to resonate is when I'm talking to the business principle -- "I know that you probably wouldn't get tricked, but how do you know about your staff? Don't you want as many layers of protection for the people who aren't very technical?" That seems to resonate, as most companies have any size have those 1 or 2 users who tend to click on everything, get suckered by everything.
Good stuff - love the mobile aspect. Thanks!Just make it part of your offering. Do you detail all of the utilities you provide them? Do you bill for each separately?
I think when people ask these questions, yes, they sell everything as a line item.It's sad to say, but most of the people that come here seem to run things in a break fix manor and don't even know what a MSP does or should do. They are confusing traditional IT consulting with MSP work.
Nope! We sell a package! But looking for ideas of how to explain this piece of the package.
Agreed open dns/umbrella is a good product ....... however...we are direct competitors and have seen a major increase in referral business since the Cisco takeover. It's as simple as this: half the world want to play with Cisco, the other half don't. We play in that world.
Also there is disparity in how they price. I've talked to LOTS (couple of hundred) of MSP people over the last 8 weeks and you'd be amazed at the different prices they pay across the world. To answer your question on how to sell it - through all the babble and waffle DNS based web content filtering has two major selling benefits/features: Web Content Management and Control. You own a hotel, stop kids surfing porn in the lobby. You own a factory, stop the staff on FB chat all day.
A Key security layer that blocks bad stuff from the web 😊 - this is a traditional FUD selling/marketing campaign ....ransomware, malware, viruses etc...
I can elaborate further on both points but that's the 10,000 foot view. In our experience MSP's sell based on point 2 and don't give two hoots about point 1. They then do either one of two things - they bake it in for all their customers to save on support/engineers time (not getting hit by shitty malware attacks that take up key CS time) ........or secondly they sell it and try to make a minimum of 100 points on it (if you aren't making that you need to talk to me dgeary@TitanHQ.com)
Some clever MSP's have stacked 5/6 products with opendns/webtitan and sell it as a security bundle - their loyal, good customers trust them that this is what they need, they hit the new customers with the FUD messaging. If you are getting anyway technical in your sales pitch here then you are losing the battle.I'll leave you with one thought when you are thinking about how to sell this - what do 99% of people care about 99% of the time??
It should just be part of your per-seat pricing, you shouldn't need to pitch it individually. At most you should say "securing your systems is important to us so we put in place multiple layers of protection including DNS, firewall, antivirus, etc." Decision makers are like us when we go to the butcher, I don't care what knife the butcher uses, I just care that he gets me a nice cut so I can have my steak. Similarly, they don't care what tool you are using, they care about outcomes so sell the outcomes.
Yes! Completely agreed, and obviously I start there. But a lot of why I'm asking is because we all run into customers who say "I don't need all of that stuff," and it turns into an educational conversation as to why you do. Just looking for tips for that specific conversation. Extending your analogy, I probably would care what knife the butcher uses if one of them costs me $5/pound and one costs $50/pound.
I'm not sure that I would try to justify every part of your stack. You might want to take the approach that your stack is what is required to deliver the type of service that you do. When you're meeting with a potential Client, they aren't just seeing if they want to work with you, you're seeing if you want to work with them.
That's absolutely what we do. I thought to raise this question here because people really grasp the other parts of the stack, but this one is often met with blank stares. So was just curious to see how others explain it (if they need to).
LIke others, we don't sell it, it's included in the MSP agreement. When we rolled it out, we just did a $1/mo. price increase and explained it as enhanced security given the daily new threats that are emerging. We made more on the cost savings from not fighting those fires.
All good answers here so far! I spend quite a bit of time on this subject with our partners - I’m out of town until the 27th but happy to discuss once I’m back. If you haven’t already, ask your rep for the partner enablement pack. We’ve tried to do some of this for you and I’ve seen some folks create really impressive collateral based on the framework we provide. I always tell my customers, its URL filtering and stops their users from getting to known bad links that come in through email, or adds on websites. Its protection for when they click on bad things...and its not if the click on them, its when!
Like a few have said, we don't sell it. We include it. We force the client to use it as a part of our stack. Were are hired to provide business continuity, that includes taking measures to prevent infections and phishing attacks. We decide what is best for the client based on our testing and decades of experience.
Anyone using Cisco Umbrella?
We have a typical use case we are architecting a solution which considers content filtering and protection while off the Corp network. We are tossing around the idea of using Cisco umbrella as a SIG while on the Corp network, connected to Corp via VPN and also while connecting to cloud resources outside the corporate network. The threat intel aspects are attractive and the ease of deployment is a consideration. Any of you guys work at places that use Umbrella (openDNS) and can share your experiences?
Can only share a bit. I don’t know anything about pricing, performance etc. It is easy to set up, and it has found and stopped multiple malware attacks, especially by blocking inside traffic to c&c servers. It doesn’t give that many false alarms, and it seems to catch far more than our endpoint protection at the moment.
Pricing is not horrible, so long as you work with a good reseller and can work on pricing. Also dependent on package, pricing is roughly $4/per user/month. This is a per user, not per device tool. Solution works well so long as it’s configured properly and is best as a stand-alone client not the AnyConnect converged tool. Solution gives quite a bit of oversight and at the price I believe is a good bang for your buck considering you can leverage it to monitor your whole environment.
It's a good tool. I found it to be very expensive for what it provided and we eventually decided not to add it to our security stack based on value for money.
One thing I found out after purchase sadly is that the VPN module and full roaming client are 2 different things and if you use Cisco VPN the full roaming client won't work well so you have to install the module. No problem right? Well, if you don't use the full roaming client you do not get the SSL inspection or proxy sandbox features. Do you know if you can import your own rules into the SSL inspection component? Is it using Snort as the detection engine? emails into it, etc.
We are currently evaluating it. So far I don’t mind it but I’m also coming in as a customer being forced to change from their ScanSafe solution to Umbrella due to them setting an end of life for scansafe. It works well on and off premise. The big thing I do like is it isn’t a proxy (unless you turn intelligent proxy on) so the non-negligible performance hit that scansafe had on response times for web traffic is gone.
I've used it for a few years now, as others said, it's not cheap. But, it's stopped a fair bit of malicious stuff. Many phishing attempts that get through the spam/malware filters have been blocked by Umbrella. It's lightweight and kills a fair bit at an early layer.
We don't use the endpoint client, so anyone internal or on VPN are protected but beyond that there is a hole. We use it and it works well, with very little interference.
I think it's a great product (we use the Multi-Org with deployed VA's hooking into AD via connector). It blows with Citrix products and VMWare Horizon just like ALL similar products do.
Just deployed it for a large telecom company. PM for very specific questions, but one thing I recommend is to use the VAs. The reporting capability is pretty terrible without the AD integration aspect.
Virtual Appliance. You need them in order to integrate with AD and extract the most useful information surrounding the end user who makes the request.
We started using it about a year ago. It’s pretty good for what it is. I always worry about things that connect via IP only since Umbrella won’t see it unless you have the client installed (which you can’t have on servers).
It is great so far the only issues is pricing for the plan that can integrate with your threat intel, and the proxy will break sites that use cert pinning, and you cant exclude specific sites, only exclude categories.
From a capability standpoint it works great. Add in the endpoint client for endless visibility/policy enforcement for "off network" users I'd certainly give it kudos.
We use it with full client for on/ off network blocking. Works very well with AD integration for user based exceptions. Not using the threat intel piece now but will evaluate this year. Pricing was in line with our expectations for a small enterprise. Deployment was simple and blocking of new domains has saved our butt a few times.
Works decently. Use the Cisco any connect module over the roaming client. Really only makes sense because we have an ELA with Cisco, so the integrations and pricing make it a no brainer. If you are a smaller shop, there are definetly better priced options out there.
Echoing other users, for on prem devices use the VAs. Also, be sure to block newly seen domains; this has saved us quite a few times, albeit to our developers needing to submit tickets for new sites.
I use it pretty regularly - it is a very simple tool to use and set up; especially if you are wanting to set a one size fits all across your enterprise. There is a little more to it and it can get granular if need be, such as regional configurations or subnets, etc. The reporting can be automated as well for ROI reporting to executives (i.e. number of malicious sites blocked, etc.)
What I am currently evaluating with it is, the SSL decryption. I'm looking for a way to implement decryption across out environment so I have been leaning towards the ease of use of SSL Decryption with Umbrella.
I really want to like the Cisco Umbrella product but they are quoting $2 per seat up to 500 seats and can't negotiate any further down.While I can see some benefit to their product, $2 per user just seems pretty hight to me... especially when I compare that pricing to what we are paying for Labtech agents or AV.
Just curious what other's thoughts are...
No, it does not. It's a fully supported deployment scenario. All /u/just_some_random_dud is saying is that he's not deploying the agent. You can register a client's public IP and point their DNS at OpenDNS and get their filtering, but all you get is broadstroke office-wide stats like # of lookups vs # of blocked lookups.
You lose some other features like the workstation lock-down when it thinks a machine is infected, but it's perfectly supported and not a violation--so long as you're licensed for the appropriate number of users overall. You can't buy 1 user then point someone's DC at it and be good, you're right about that. If you're licensed for 10 users and an office of 10 has their DC pointed at OpenDNS, you're perfectly fine.
I flatly asked a sales rep about how they track per-user licensing in his deployment model and she told me that it's honestly a on your honor system, but that they have internal metrics to help them identify when someone is using more DNS lookups than the number of users they are licensed for.This is accurate. You don't need to deploy the agent if you don't want to, but we'er always licensed based on the number of internet users being protected. It is based on the honor system, but I got through a list of "overages" monthly and end up making about half a dozen calls per month (across 3,500 MSPs) about usage.
Right, and that's what my point was. The OP of this thread seemed to be implying that he could deploy on a site basis for a single user cost, or at least that's how I read it.
We did have a guest wifi only level of service for managed wifi providers, but it doesn't provide the same security benefits that our normal package has. This also shouldn't cover any internal users. If something was done incorrectly on our end I'll make sure we get it fixed. I've some gripes with it in terms of granularity (the group config and per user reporting side of the VA thing doesn't work with RD environments even with AD!) but the price isn't a problem. I don't think so. You get your ROI extremely quickly when you consider the costs of your customers getting infected and how that would impact your resources and service.
$2 is less than 2% of our per-user pricing. Well worth it IMHO. The price your customers are paying should be covering the cost of it. your charging over $200/user? Thanks. Meant to say less than 2% lol. Comes out to slightly over 1%.
yea and the price you pay is small compared to the value it provides. one cryptolocker remediation can be thousands I don't believe it is as valuable for ransomware anymore because the new iterations don't have to phone home. They can do all their damage without ever having to perform a DNS query. That being said we still use it on every endpoint for our clients. IP and point their DNS at OpenDNS and get their filtering, but all you get is broadstroke office-wide stats like # of lookups vs # of blocked lookups.
You lose some other features like the workstation lock-down when it thinks a machine is infected, but it's perfectly supported and not a violation--so long as you're licensed for the ap
It doesn't only do DNS, but IP Layer filtering as well. I know. Either way, recent ransomware variants aren't stopped by OpenDNS. That was my only point. We're actually blocking a LOT more ransomware now compared to when there was just the one or two variants out there that needed to talk back to the C&C to get a key before doing damage. Difference now is that we're blocking them earlier on in the infection chain, so you aren't seeing the "xyz machine has a botnet contained" message as often.
How would your product combat a self-contained file that performs encryption? If my users get a zip file, that contains a vbs, js or any other type of file that might contain some malicious code, I don't believe open DNS can do anything about that. Correct me if I'm wrong.
You are correct - if that payload makes it to the machine and executes we won't see/do anything. Exactly! I would gladly spend 1% of the MRR on each user to avoid ransomware/virus/etc. IT saves me more in the long run to include this service than it does to avoid it. If you have to - raise you rates. This is a value-add; Services like this are how you justify raising your rates
At first, yes. But over time I realized its worth it. Like most here I bundle it in a Monthly agreement so I look at it as a value added to my clients to justify the cost they are spending per device/user. And knowing there is that added protection (along with everything else) makes the job easier.
I just priced it, and it seems a little high. I've had zero ransomware with my Webroot endpoints, and that's cheaper than umbrella. It bothers me that it costs more per month for OpenDNS than antivirus that I know works.
Also, it should have better granularity for that price.
So, you're saying that it's worth the price. Gotcha. I have always liked OpenDNS, but I just thought the price they were asking seemed a little high and it doesn't even seem to have any sort of grouping/granularity for content controls. Plus they charge per user, but they're really not giving you a per user product... more like per public IP product. (Excluding the client for roaming PCs) That was just my take from the phone call & what I've read.
Well it's always had granular per user controls, at the AD level, with the use of Virtual Appliances. However, it's just been made easier , the latest Roaming Client supports the user control without the use of the VA's. We have management, and regular groups etc with different access going at one client. The price is kind of high but we don't sell it, it's included in our per user price and overall it saves OUR ass and helps us make a profit. It's more for us than it is for them in a way.
One thing I liked about it. Have rolled it out to about 250 seats at the moment and literally 0 tickets no one even noticed.
Our last web filter had multiple issues for legitimate blocked sites and sites only half loading when we rolled it out.
Still another 250 seats to go but its looking good so far.
I just want to throw out there that this is one of my favorite products. It's easy to deploy in any environment, documentation is great, it's non-intrusive and easy to maintain. I just work for an MSP and don't pay the bills around there so I won't speak to the pricing but I do love the product.
Should your customers really have to PM you on Reddit to receive appropriate pricing? No. No they shouldn't. I hate it when companies do this. I really hated it when OpenDNS did it to us.
Yeah, sorry, that's the best pricing I have available.
OK, it's not for us then. Our SMB clients won't pay for it.
Wait, I found better pricing!
Of course you did. Of course you magically found better pricing the moment I told you we weren't moving forward.
I'm not starting a vendor relationship based on a lie. Stop treating customers this way.
I've never seen anything cisco that I didn't think was high... not saying it isn't worth it in some cases, but it most cases there are cheaper alternatives that work just as good or better.
do you guys have anything for micro-businesses with two or three seats? I think I saw that 10 is three minimum.
It is a great value at $2 per month per user. Even preventing one malware cleanup a year is well worth $24. Preventing cryptolocker can save thousands in both your time, and downtime for the business. The web content filtering and other features are just icing on the cake
If it's what you know and work with every day sure. But their support blows, and the way their networking equipment works these days is dated and overpriced.
All due respect, if your Cisco partner doesn't answer his or her phone then you're definitely with the wrong partner. There are plenty of partner reps out there who will go out of their way to ensure that their clients can depend and rely on their support.
Fill out the form below:
Here are two great case studies on Cisco Umbrella customers moving to WebTitan Web Filter:
Learn how St. Josephs College uses WebTitan cloud security to protect its users and data.
Saint Joseph Seminary College uses WebTitan’s intuitive UI and uncomplicated usability to manage web security and secure the college network.
It was extremely difficult for the IT department at Saint Joseph’s to get the information needed from the Cisco Umbrella dashboard. It reached a point that getting basic visibility on web activity became so onerous they avoided the task.
“In my opinion, after Cisco bought OpenDNS, they made some major changes to the UI which made it virtually useless for quickly looking through blocked traffic for signs of particular types of usage”.
Network Needs MSP moves from Cisco Umbrella to WebTitan Web Filter to eliminate customer onboarding complexity
The biggest challenge facing managed service provider Network Needs was finding the right solution that would allow them provide malware protection for 1200 different customers in multiple locations.
Each customer has unique needs and requires a flexible malware protection solution.
Customer Quotes explaining why WebTitan is a more favourable web filtering solution then Cisco Umbrella:
"I am liking it a lot better than Umbrella by Cisco, which we were previously using.
The simple interface is the best feature. When Cisco bought OpenDNS, they revamped the UI to make it look "modern", but they also made it a lot slower to use and find the info you need. With WebTitan, I am finding that I can log in, quickly look for blocked users, check their individual traffic, and get out in less than 5 minutes. With Umbrella (formerly known as OpenDNS), I just wasn't even bothering to look at traffic because the experience was frustrating. Now with WebTitan, I am finding that I am using it daily again because it is quick and easy to use and doesn't make me feel like I am fighting with the UI."
Mr. Todd Russell, Director of IT, Saint Joseph Seminary College, Covington, Louisiana
"The cost of WebTitan was a whole lot less than OpenDNS for the same functionality. We looked at OpenDNS last year and ended up going with WebTitan, I've been happy with it so far. It is cloud based, but install the VM appliance they offer for free to help it sync with your AD to show what user is accessing the content. The cost of WebTitan was a whole lot less than OpenDNS for the same functionality.”
By all accounts Cisco Umbrella pre and post-sales support is really struggling since the OpenDNS hand over.
Here are some verbatim quotes from frustrated MSPs online :
Posted by u/_atms 6 hours ago
What do you actually need to do to sign up for this thing?
We’ve signed up for a trial (last week)and ready to go. Sent two requests to their sales team requesting someone to reach out so that we can convert to a paid subscription. Nothing!
sirshorty 3 hours ago
Good luck. It took me 8 months to get them to reply to me AFTER we signed our contract with them.
Appalling account management.
Cisco AMP and Umbrella is officially the worst communication and support I have ever seen in my entire IT career. How can a company treat a customer THIS freaking poorly after asking for the amounts of money we have paid them?
UPDATE: We have Dropped Cisco for security. They reached out to us and said it would be another 48+ hours till they could get us licensing. So we are being refunded (THIS is a complex thing with this much money "Refund" Does not give it justice. but for now "Refund") Our Partner went to a 2nd solution and is moving heaven and earth to get us techs who work with the new product. And yes it was Cisco who dropped the ball here and not the partner.
I don't know what else to say. It has been a nightmare. They are seriously the worst company I have ever dealt with in my life.
Literally never had a worst customer experience in any other way with any other business.
They do not give a shit about their customers in the slightest.
What do Cisco Umbrella reps say about WebTitan?
Cisco Umbrella reps continually talk about the size of their threat intelligence database. However sometimes sizes doesnt matter!
Freshness of Threat Intelligence is much more important than size.
Determining the efficacy of a malicious database does not equate to protection. The internet is made up of nearly two billion websites and many times more full-path URLs. It is also continuously changing—most times legitimate and safe content updates. Some changes are nefarious, such as compromised websites, new phishing sites, or new forms of malware, ransomware etc. Because domains and URLs on the internet are continuously changing—any premium URL database or malicious database that stores a classification must “revisit” those destinations on a regular basis in order to stay current (or “fresh”). This “freshness” is particularly important for malicious categories (i.e. phishing, malware distribution, C&C, etc.) which often “blink” on/off to fulfill a specific purpose. You can also refer to this as a “short shelf life”.
Regular revisits of malicious classifications do two things:
1) ensure the malicious database is an active representation of current threats on the web and
2) prevent database “bloat” It’s easy to find lists of malicious threats or feeds and include all of them into one “master malicious database.” But unless you have the AI-based and crowd-sourced systems to revisit and re-analyze at scale (and with high accuracy) that database quickly becomes obsolete. As you can imagine, this also means that the size of a premium malicious database will fluctuate from day-to-day, week-to-week, etc. WebTitans malicious dataset can fluctuate (NOTE: ONLY domains and paths classified as malicious—NOT including objectionable or other highly dynamic categories that may support malicious threats) from 2 million to upwards of 10 million malicious threats.
Using additional technologies and services, we provide increased protection by identifying other indicators, such as sources of data center and non-human traffic (NHT)—known as our IVT blocklist. Simply put—the takeaway here is that a larger database DOES NOT equate to higher levels of protection. Accuracy (including “freshness” of the database, how recently analysis and classifications were made) as well as high coverage (which we accomplish through crowd-sourcing) are the most important criteria for measuring protection and quality of a malicious database.
There have been some fantastic Cisco Umbrella conversations in the reddit MSP sub recently.
Here's a selection of the most relevant:
Cisco Umbrella: Thoughts, Opinions, Gripes?
We're a medium-size org (50k users), but we're moving away from Lightspeed. We're using GoGuardian for Chromebooks, and maybe Windows (although I'm not impressed with the GG Windows beta, so probably not). Lightspeed has been the baseline filter for us for 5 years or so, but we're moving away from Lightspeed and are liking Cisco Umbrella. That being said, anyone have experiences, thoughts, opinions, and/or gripes about Cisco Umbrella? We really just want to use it for base CIPA compliance, along with the security features it offers.
My own thoughts: outside of having an agent/proxy on individual devices, I think the future of content filtering is the approach Cisco Umbrella is taking. I think inline filters are becoming long in the tooth and have scalability problems. However, all that being said, it's a Cisco product, so pricing is always an issue along with their VARs constantly trying to tell you (or your management) how you REALLY need Cisco-everything (I digress).What I'm not looking for: vendor alternatives. Just curious about Cisco Umbrella.