OpenDNS is now part of Cisco Learn More

Off-Network Coverage

The easiest & fastest way to protect users 100% of the time

Your perimeter security (e.g. NGFW) is blind to 25% of traffic because 82% of your mobile workers admit to not always using the VPN. And 49% of your workforce is mobile and typically defended by only endpoint-based protection. But when over 70% of malware is unique to each organization, signature-based AV tools are not enough. When data exfiltration starts minutes after a system is compromised, advanced detection tools may not help your short-staffed security team stop breaches in time. To help address these challenges, all Umbrella packages provide the OpenDNS Roaming Client to protect Windows or Mac OS X devices outside the network perimeter without sacrificing performance.

off-network-graphic

Benefits

  • Breach Protection and Internet-wide Visibility Everywhere

    visibilityOur Windows and Mac OS X endpoint footprints enforce security at both the DNS and IP layers to prevent system compromise and data exfiltration—over any port or protocol. When devices are on or off the corporate network, OpenDNS logs or blocks all Internet activity destined to malicious infrastructures—unlike antivirus, sandboxes, or other agents that log or block some device activity from malicious payloads.

    Our endpoint footprint simply forwards DNS requests or tunnels suspect IP connections to the nearest data center in the OpenDNS Global Network. Something so simple is so powerful because it enables OpenDNS to be a virtual “bump-in-the-wire” for every Internet connection. We allow good requests. We redirect users to a block page for malicious requests. And we can even proxy the connection for deeper inspection, as needed.

    Learn how we work at the DNS layer →
    Learn why we also work at the IP layer →

  • No Extra Maintenance using OpenDNS Roaming Client

    lightweightWe know everyone promises it. And we know you already have multiple clients on your endpoints. Our endpoint footprint in memory and on disk is 4 times smaller than antivirus because enforcement happens in the cloud. Our client neither scans the system nor runs in kernel space, so unlike other advanced endpoint protections it will not crash, hog memory, or pester the end user.

    Deploying the client to thousands of devices is easy using Windows GPO, Apple Remote Desktop, or any agent deployment tool (e.g. BigFix) with our command line interface. And the client updates automatically without manual intervention or reboots as soon as a new version is available.

  • Extend Protection Beyond the Perimeter

    extendYour existing threat defenses and intelligence sources—FireEye, Cisco, Check Point, ThreatConnect, and others—are continuously discovering new malicious domains. Using turnkey and API-based custom integrations, you can programmatically log or block Internet activity destined to these domains in seconds.

    Learn about our integrations →

  • Extend Protection to Mobile Devices

    mobileUmbrella also includes a Mobile App for iOS. While Apple does a superb job of keeping malware out of their app store, there is no built-in protection against phishing. This threat is even more effective when users cannot hover over email links to verify the destination URL. Our app sets a VPN profile to enforce security at the DNS layer over all wi-fi or carrier connections.