Many security products provide visibility into what’s happening on your own network.

But do you see what’s happening on the whole internet, beyond your perimeter?  That’s where attackers are staging infrastructure in preparation for launching attacks.

Cisco Umbrella Investigate provides the most complete view of an attacker’s infrastructure, and enables security teams to discover malicious domains, IPs, and file hashes, and even predict emergent threats.

How we do it with Cisco Umbrella Investigate?

We begin with a massive, diverse dataset. In 2006, we started building the world’s largest internet security network to acquire global intelligence. Today, over 65 million daily active users across 160+ countries point their DNS traffic to our global network, which now provides visibility into more than 100 billion internet requests every day.

Plus, more than 500 peering partners exchange Border Gateway Protocol route information with us, which shows us the connections and relationships between different networks on the internet.

This massive and diverse set of data gives us a view of the internet like no other security company.

ransomware protection

We apply statistical models to discover patterns and detect anomalies across our data, and we’ve designed statistical models to categorise and score it. For example:

  • Many models analyse spatial relationships, such as graphing the relationships between networks across the internet.
  • Some models analyse time-based relationships, such as discovering domain co-occurrences as a result of consecutive DNS requests over very short timeframes, repeated by thousands of users.
  • Other models analyse statistical deviations from normal activity, such as measuring the geographic distribution of IP networks requesting a domain name.
  • Our Natural Language Processing Rank model identifies phishing domains that spoof brand names by analysing their lexical structure and location on the internet.

Combining human and computer intelligence

These models are built and tuned by the Cisco Umbrella security researchers: our team of data scientists, engineers, mathematicians, and security researchers.

Umbrella security researchers leverage 3D visualisation, numerous data-mining techniques, and security expertise to develop the models and add additional context to the output of those models. They continuously come up with new ways of analysing the data to find new connections and patterns.

Result: Predictive Intelligence

As a result of this analysis, we can accurately identify malicious domains, IPs, networks, and file hashes across the internet, and even predict where future attacks may be staged.

How it helps you

See attacks like never before with internet-wide visibility, speed up incident response, prioritise incident investigations & use threat intelligence more effectively.

Want to investigate even further how you can protect your infrastructure against attacks with Cisco’s Umbrella solution? Click the banner below to contact Tarsus Distribution and book a security demo.

ransomware protection