What is the Intelligent Proxy?


Support for the intelligent proxy is deprecated and only available for legacy deployments of the MSP console. The intelligent proxy is not available for new deployments of the MSP console.

The intelligent proxy is the ability for Umbrella to intercept and proxy requests for malicious files embedded within certain so-called "grey" domains. Some websites, especially those with large user communities or the ability to upload and share files, have content that most users want to access while also posing a risk because of the possibility of hosting malware. Administrators wouldn't want to block access to the whole "grey" domain for everyone but they also don't want your users to access files that could harm their computers, compromise your company data or worse!  

With the use of a smarter proxy, we avoid the need to proxy requests to domains that are already known to be safe or bad. Most phishing, malware, ransomware, and other threats are hosted on domains that are classified as malicious. It's simple—Umbrella blocks those threats at the DNS layer, with no need to proxy. A domain that poses no threat, such as a content-carrying domain (CDN) for Netflix or YouTube? Umbrella will allow it, and again, no proxy required.

Yet some domains are a little trickier—like domains associated with a web server or site that have the possibility of hosting malware. These can include sites that allow users to upload and share content such as Reddit or Pastebin—making them difficult to police. Obviously, if you allow all traffic to these risky domains, users might access malicious content, resulting in an infection or data leak. But if you block traffic, you can expect false positives, an increase in support inquiries, and thus, more headaches. By only proxying risky domains, the Umbrella intelligent proxy delivers more granular visibility and control.

The intelligent proxy bridges the gap by allowing access to most known good sites without being proxied and only proxying those that could pose a potential risk. The proxy then filters and blocks against specific URLs hosting malware while allowing access to everything else. 

The Umbrella intelligent proxy is built using a container-based microservices architecture. The proxy itself, and the services we integrate into the proxy, run and auto-scale independently from one another. For example, if our proxy notices a lot of files coming through for antivirus (AV) scanning, then it will automatically scale and provide more capacity for that function. This results in more effective performance for the Umbrella intelligent proxy.

Advantages of using the Intelligent Proxy

The stumbling block for most proxies in the past was that they couldn't scale with the size of the internet. The internet grows in ways that proxy hardware manufacturers can't prepare for—massive streaming video feeds, video conferencing, Voice over IP, and so on. With other proxies, all of that traffic needed to be proxied and all of it needed to be scanned—this slowed down traffic at the gateway proxy, and devices that were outside of the gateway weren't protected. 

The intelligent proxy has three big advantages that make it not just more secure, but faster, too!

  • Umbrella's services are cloud-based and can be scaled to handle any amount of internet traffic. This means that while other proxy services (especially full proxy solutions) might slow you down, Umbrella does not. 
  • If you leave your corporate network with your laptop, the intelligent proxy makes sure your protection follows you where ever you go, keeping you secure 24/7/365.
  • Our predictive intelligence allows us to determine what gets proxied, and not all traffic will be proxied. Some domains we know are bad; those are stopped right away by our DNS service. Other domains we know are going to be always good; those are always allowed by our DNS service and never proxied. For those domains that are on the grey list, we proxy HTTP and HTTPS traffic to and from the device to protect you from malicious files being accessed.   

Sites that are not proxied by the intelligent proxy

Lots of big name domains like Google and Facebook are not proxied because there is a very low risk of these domains hosting malicious content. In fact, we have a list of highly popular domains—approximately 100 at the moment—that are low risk and will never be proxied.

Localized (language-specific) web content like Google searches or bandwidth intensive SaaS apps like Office 365 can experience issues when sent through a cloud-based proxy. But because these types of services don’t host malware, they aren’t considered “risky”. So, by default, our proxy doesn’t intercept this traffic. This means that your users receive accurate, localized content and services without the burden of creating a proxy exceptions.

The 'greylist' of risky domains is compromised of domains that host both malicious and safe content—we consider these “risky” domains. These sites often allow users to upload and share content—making them difficult to police, even for the admins of the site.

There's no reason to proxy requests to domains that are already known to be safe or bad. Umbrella’s intelligent proxy only routes the requests for risky domains for deeper inspection.

Can I request or add domains to be proxied by the Intelligent Proxy?

Right now, the decision whether to proxy a domain is made by Umbrella security researchers, based on the intelligence of the Umbrella threat intelligence.

Configuring the Intelligent Proxy to handle HTTPS traffic

The intelligent proxy's SSL Decryption feature allows the intelligent proxy to go beyond simply inspecting normal URLs and actually proxy and inspect traffic that's sent over HTTPS. This would not take place for websites with personally identifiable information, such as banking, which are known to be good. Instead, it will only proxy and decrypt traffic from those domains known to be risky and on our greylist.

It's easy to set up SSL Decryption for the intelligent proxy, but it does require a little extra step to ensure your end users won't see unnecessary errors. The SSL Decryption feature does require the root certificate be installed.

Manage the Intelligent Proxy < What is the Intelligent Proxy? > Enable the Intelligent Proxy