OpenDNS is now part of Cisco Learn More

Off-Network Coverage

The easiest & fastest way to protect users 100% of the time

Your perimeter security (e.g. NGFW) is blind to 25% of traffic because 82% of your mobile workers admit to not always using the VPN. And 49% of your workforce is mobile and typically defended by only endpoint-based protection. But when over 70% of malware is unique to each organization, signature-based AV tools are not enough. When data exfiltration starts minutes after a system is compromised, advanced detection tools may not help your short-staffed security team stop breaches in time. To help address these challenges, all Umbrella packages provide the OpenDNS Roaming Client to protect Windows or Mac OS X devices outside the network perimeter without sacrificing performance.



  • Breach Protection and Internet-wide Visibility Everywhere

    visibilityOur Windows and Mac OS X endpoint footprints enforce security at both the DNS and IP layers to prevent system compromise and data exfiltration—over any port or protocol. When devices are on or off the corporate network, OpenDNS logs or blocks all Internet activity destined to malicious infrastructures—unlike antivirus, sandboxes, or other agents that log or block some device activity from malicious payloads.

    Our endpoint footprint simply forwards DNS requests or tunnels suspect IP connections to the nearest data center in the OpenDNS Global Network. Something so simple is so powerful because it enables OpenDNS to be a virtual “bump-in-the-wire” for every Internet connection. We allow good requests. We redirect users to a block page for malicious requests. And we can even proxy the connection for deeper inspection, as needed.

    Learn how we work at the DNS layer →
    Learn why we also work at the IP layer →

  • No Extra Agents or User Actions using Cisco AnyConnect Client

    If you already use Cisco AnyConnect, simply upgrade your existing client to v4.3 and enable Roaming Security. And unlike using the VPN, there’s absolutely nothing new for end-users to do or any performance sacrifice.

  • No Extra Maintenance using OpenDNS Roaming Client

    lightweightWe know everyone promises it. And we know you already have multiple clients on your endpoints. Our endpoint footprint in memory and on disk is 4 times smaller than antivirus because enforcement happens in the cloud. Our client neither scans the system nor runs in kernel space, so unlike other advanced endpoint protections it will not crash, hog memory, or pester the end user.

    Deploying the client to thousands of devices is easy using Windows GPO, Apple Remote Desktop, or any agent deployment tool (e.g. BigFix) with our command line interface. And the client updates automatically without manual intervention or reboots as soon as a new version is available.

  • Extend Protection Beyond the Perimeter

    extendYour existing threat defenses and intelligence sources—FireEye, Cisco, Check Point, ThreatConnect, and others—are continuously discovering new malicious domains. Using turnkey and API-based custom integrations, you can programmatically log or block Internet activity destined to these domains in seconds.

    Learn about our integrations →