The way companies use WANs (wide area networks) has changed over the years. Today, employees connect to business apps not only from the office, but also from home, cafes and airports. The latter three options often rely on public internet, which isn’t as secure as an office and puts organizations in the predicament of choosing application experience or security.
One of the most common areas where we see this dilemma played out is with the Microsoft Office 365 (O365) suite. SaaS apps like O365 don’t typically perform well in organizations that backhaul traffic to a data center (DC) and secure web gateway (SWG) or use a cloud proxy to intercept and decrypt all of the traffic. These performance issues can stall O365 adoption, frustrate users and result in a higher number of shadow IT solutions.
Cisco is addressing these challenges by evolving its SD (software defined)-WAN portfolio. As a part of this initiative, the company is working with Microsoft to enhance the O365 application user experience. Cisco’s SD-WAN monitors all available paths to O365 in real time and connects users to the nearest cloud DC using Microsoft Office URLs, resulting in up to 40% faster performance.
A key component of Cisco’s security solution is Umbrella, which provides the first line of defense against threats hosted on the internet, whether users are on or off the corporate network. Here are a few ways Umbrella complements O365:
- Because of the way Umbrella works at the DNS layer and thanks to Umbrella’s selective proxy, it doesn’t break the traffic from the start, unlike many other vendors which require implementing additional mechanisms to prevent this.
- Umbrella is directly peered with O365 in more than 90% of the locations in Cisco’s global network, enabling better DNS resolution performance.
- Umbrella uses EDNS (extension mechanisms for DNS) client subnet (ECS) to retain the context of requests including the location. Leveraging this data to select the best route for O365 traffic provides better performance than just relying on the centralized customer location or customers’ cloud proxy DC point of egress.
- While Microsoft doesn’t support EDNS in their entire O365 infrastructure, Cisco has worked with Microsoft to ensure that all DNS queries for O365 destinations will always be resolved to the best Microsoft DC for the user’s breakout egress, regardless of location of the Umbrella DC that resolved the request.
- Umbrella’s intelligence is applied at the time of DNS resolution, in most cases without the need for further inspection of traffic. This applies to all requests to O365, including non-web, encrypted and other proprietary traffic. If a requested destination is highlighted by Umbrella’s models as risky or malicious (for example, the requested host may have been compromised), security is still applied in one of two ways:
- If Umbrella sees the requested destination as malicious, the request will be blocked at the time of DNS query.
- If Umbrella sees the requested web destinations as risky, the request will be redirected to Umbrella’s selective proxy for further inspection.
Contact Ingram Micro’s Cisco security team lead, Collin Rauen
, to learn more about Cisco’s security solutions
and set up a free trial or demo.