Cisco Umbrella — Content Filtering ((hot))

With Encrypted Client Hello (ECH) in TLS 1.3, the domain name can be hidden from passive DNS observers. However, Umbrella operates as the DNS resolver, so it still sees the plaintext domain request. This remains effective.

Cisco Umbrella offers a DNS-layer security solution that filters requests before a connection is made. By acting as a recursive DNS resolver, Umbrella can block requests to malicious or prohibited domains without decrypting traffic, reducing overhead and improving privacy. cisco umbrella content filtering

Content filtering is a fundamental component of acceptable use policies (AUPs) and regulatory compliance (e.g., CIPA, GDPR). Traditional solutions rely on inline proxies or endpoint agents that inspect HTTP/HTTPS traffic after connection establishment. However, the shift to remote work, SaaS applications, and encrypted web traffic (TLS 1.3) has rendered legacy architectures less effective. With Encrypted Client Hello (ECH) in TLS 1

Cisco Umbrella supports custom destination lists (up to 1000 entries). However, regex or wildcard domains are limited (only prefix/suffix wildcards). For granular filtering, external threat intelligence feeds via API are recommended. Cisco Umbrella offers a DNS-layer security solution that

| Solution | Filtering Layer | Decryption | On-prem option | Price (approx) | | :--- | :--- | :--- | :--- | :--- | | Cisco Umbrella | DNS + SWG | Optional | No (cloud-only) | $$ | | Zscaler Internet Access | Proxy + SSL | Required | No | $$$ | | FortiGate (UTM) | Proxy + DNS | Optional | Yes | $$ | | Cloudflare Gateway | DNS + HTTP | Optional | No | $ |