OpenDNS is now part of Cisco Learn More

Off-Network Coverage

OpenDNS restores network security benefits for offices and devices that are not always connected to your network.

Today, over 50% of PCs are mobile and over 70% of branch offices go “direct-to-Internet”. Most users don’t stay connected to the VPN and most branch offices don’t backhaul all traffic back to corporate. Typically, only endpoint-based protection remains. But when over 70% of malware is unique to each organization, signature-based AV tools are not enough. When data exfiltration starts minutes after a system is compromised, advanced detection tools may not help your short-staffed security team stop breaches in time. To help address these challenges, all Umbrella packages provide the OpenDNS Roaming Client to protect Windows or Mac OS X devices outside the network perimeter without sacrificing performance.



  • Breach Protection and Internet-wide Visibility Everywhere

    visibilityThe OpenDNS Roaming Client enforces security at both the DNS and IP layers to prevent system compromise and data exfiltration—over any port or protocol. When devices are on or off the corporate network, OpenDNS logs or blocks all Internet activity destined to malicious infrastructures—unlike antivirus, sandboxes, or other agents that log or block some device activity from malicious payloads.

    Our client simply forwards DNS requests or tunnels suspect IP connections to the nearest data center in the OpenDNS Global Network. Something so simple is so powerful because it enables OpenDNS to be a virtual “bump-in-the-wire” for every Internet connection. We allow good requests. We redirect users to a block page for malicious requests. And we can even proxy the connection for deeper inspection, as needed.

    Learn how we work at the DNS layer →
    Learn why we also work at the IP layer →

  • Lightweight and Transparent Software Requires No Maintenance

    lightweightWe know everyone promises it. And we know you already have multiple clients on your endpoints. Our client’s footprint in memory and on disk is 5 times smaller than antivirus because enforcement happens in the cloud. Our client neither scans the system nor runs in kernel space, so unlike other advanced endpoint protections it will not crash, hog memory, or pester the end user.

    Deploying the client to thousands of devices is easy using Windows GPO, Apple Remote Desktop, or any agent deployment tool (e.g. BigFix) with our command line interface. And the client updates automatically without manual intervention or reboots as soon as a new version is available.

  • Extend Protection Beyond the Perimeter

    extendYour existing threat defenses and intelligence sources—FireEye, Cisco, Check Point, ThreatConnect, and others—are continuously discovering new malicious domains. Using turnkey and API-based custom integrations, you can programmatically log or block Internet activity destined to these domains in seconds.

    Learn about our integrations →

  • Extend Protection to Mobile Devices

    mobileUmbrella also includes a Mobile App for iOS. While Apple does a superb job of keeping malware out of their app store, there is no built-in protection against phishing. This threat is even more effective when users cannot hover over email links to verify the destination URL. Our app sets a VPN profile to enforce security at the DNS layer over all wi-fi or carrier connections.