Umbrella has a very lightweight DNS client that runs on your Windows or Mac OSX computers. It is not a VPN client or a local antivirus engine. It allows Umbrella security and policy-based protection, including our Intelligent Proxy, to be enforced no matter the network you are connected to. Whether you're at the office, the hotel, a coffee shop, or using a mobile hotspot, the Umbrella roaming client enforces policies set by you in Umbrella.
With our traditional network-based service, or with most traditional appliance-based network perimeter gateways, there are two limitations that are overcome with the Umbrella roaming client:
- Roaming / Off-network—If a laptop leaves the office and is not using a full-tunnel VPN at all times (which can be slow), the laptop is unprotected from threats and undesirable content while roaming outside of the network.
- Granular Reporting and Filtering—All the DNS traffic visible in your Umbrella Reports come from a single network identity. The Umbrella roaming client provides computer-level granularity that is specified in policies which you set up in the Umbrella dashboard. Not only can you enforce different Security and Content Filtering settings on a per-computer basis, but you also see computer-level Reports.
- IP Layer Enforcement—Malware authors might use IP addresses that bypass DNS lookups when creating a threat. For instance, one of your users might receive a phishing email with a URL that has an IP address in it (for example, http://x.x.x.x/malware.exe,) while they're not in your office and protected by your firewalls. Or, a user may go home, insert an infected USB stick into their computer to look at their children's homework, and execute malware that contacts http://x.x.x.x:3000/malicious/bad.exe. Some IP addresses are simply known to be bad. Other IP addresses may host valid content on non-HTTP ports, while the web ports host malicious content. The inverse is also true; IP addresses can host legitimate HTTP websites but also host malicious command and control hosts on a non-standard port. The IP Layer Enforcement feature handles all of these scenarios.
Updated 2 years ago