Wednesday, December 5, 2012

Umbrella


Umbrella from OpenDNS is a security service that protects all devices within the organization, regardless of whether the employee is connected to the work wireless network or working remotely from a coffee shop. Location doesn't matter; once the administrator defines and applies a security policy on the device, that device is protected as long as it is connected to the Internet.

There are many tools for managing what sites employees can or cannot visit when connected to the corporate network, but it is a little bit more challenging to manage users who are roaming. Umbrella isn't exactly a VPN service, although it creates a VPN connection to the OpenDNS Global Network so that all user traffic is encrypted. Since users are all connecting to the OpenDNS Global Network, administrators can also push out cloud-based anti-malware, anti-phishing, and anti-botnet protections to each device.

The service is tremendously straightforward to administer, and nearly transparent for users, making it a must-have for any IT administrator concerned about what is happening on the wireless network.

Umbrella is offered in three packages. Umbrella Mobility covers "mobile and roaming devices" and is priced at $25 a user a year. It offers cloud-based anti-malware protection and content policies for iOS, Windows, and Macs. Umbrella Enterprise costs $20 per user per year and applies anti-malware protection and policies to distributed networks. Umbrella Insights is priced at $25 per user per year and protects distributed networks and has Active Directory support. The listed price is for 100 users, but the actual price may vary with the actual number of users.

This review focuses on Umbrella Mobility.

The Web Dashboard
OpenDNS sent me the login details to the Web dashboard, but IT administrators would typically receive initial startup instructions over email after signing up for Umbrella Mobility. When I logged into the Web dashboard with my credentials, I saw three tabs on top of the screen, Overview, Configuration, and Reports. The Overview screen has four areas, a "Message Center," "Top Domains," "Top Identities," and "DNS Requests."

The core features are in the Configuration tab as this is where an administrator would apply policies, manage what devices are connected, and define rules. The Report tab has some pre-built reports, such as top domains and activity volume, as well as a way to filter the collected data by connected device, domain, date, and whether or not the action was blocked or not. The reporting felt a little limited as there was no way to customize the search or filters. That isn't necessarily a bad thing, since for most customers, what is available is just enough without becoming too overwhelming.

Getting Started
As the administrator, I sent an invitation to the user to connect my test iPad, much in the same way I sent out email invitations when provisioning iPads with iSimplyConnect. The invitation was an email with detailed download instructions on getting the VPN profile from the iTunes App Store. I did have a problem with the email instructing the user to "tap on the attachment to this email from your mobile device, and the security system will be automatically applied."

On one hand, IT is telling users don't click on links, don't open attachments or install apps you receive via email. And then comes this message from IT. I expected better from a security-savvy company like OpenDNS. The IT team should clearly warn users ahead of time that this email would be arriving and prepare the user that this is an exception to the "don't execute attachments" rule.

The dashboard also has the agent for Windows and Mac laptops. Administrators can distribute the zip file to users or push it out on to computers themselves. Android is not yet supported, although OpenDNS said that is in the works.

When the agent was installed on the laptop, it shows up as a little gray icon in systray indicating I was connected to the OpenDNS Global Network. It took about 90 seconds for the VPN icon to appear on the iPad's status bar.

From a user perspective, even with the way iOS is set up, installation was a breeze and automatic. It's lightweight, almost transparent, and doesn't really interfere with normal use.

Configurations
The fun part is playing with the policies. All the devices are grouped accordingly to type, so the test iPad appeared under Configuration -> Identities -> Mobile Devices and the test laptop under Configuration -> Identities -> Roaming Computers. I could see the laptop's name, the policy assigned to the laptop ("Default Policy"), a green indicator to indicate the policy was active, the last time it was connected, a lock icon to indicate the connection was encrypted, and the version number for the client agent. I could modify the hardware name to whatever I wanted.

Clicking on Default Policy shifted me to Configuration -> Policies where I could view the rules and decide which devices to apply it to. I could say "All Mobile Devices" or specify individual devices. I decided I wanted to apply a different policy to my laptop, so I switched to Configuration -> Policy Settings to define whitelists, blacklists and other settings, and to Configuration -> Block Page Settings to create the error message that users would see. I modified the Global Block List under Configuration -> Policy Settings -> Domain Lists to block the Internet Movie Database (IMDB.com) and Twitter. It took me a few tries to realize I had to enter in the URL without http://. I wish there had been some messaging on the screen to explain the proper format. ?Next: Applying Configuration Settings in Umbrella

Source: http://feedproxy.google.com/~r/ziffdavis/pcmag/~3/Fk7D9w11RRs/0,2817,2412733,00.asp

black friday deals Sephora Cyber Monday 2012 Walmart.com detroit lions NFL.com Thanksgiving Day

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.