The Umbrella User Guide Developer Hub

Welcome to the Umbrella User Guide developer hub. You'll find comprehensive guides and documentation to help you start working with Umbrella User Guide as quickly as possible, as well as support if you get stuck. Let's jump right in!

Get Started    

Manage IPS

Umbrella's Intrusion Prevention System (IPS) works with the cloud-delivered firewall to provide signature lists, containing thousands of unique signatures for malware and other threats. Using IPS signature lists with your firewall policy protects your network from known threats.

SSL Decryption

At this time, SSL decryption is not yet available for IPS. Traffic is not decrypted before inspected by IPS.

How IPS Works

Umbrella IPS uses signature-based detection and provides an added layer of protection against threats such as malware, botnets, phishing, and command and control call backs. When IPS is enabled, it's enabled for your entire environment, including all of your network tunnels.

IPS Signature Lists contain signatures filtered by three actions:

  • Block—Signatures are screened for threats on your network and recorded in Activity Search.
  • Log Only—Signatures are recorded in Activity Search, but not screened for threats.
  • Ignore—Signatures are completely ignored and not recorded in Activity Search.

Hit Counts

Hit counts represent the amount of times signatures were detected on your network for a certain period. By default, hit count durations for all lists are set to the last 24 hours. Each list's hit count duration can be changed to the last five minutes, last hour, yesterday, or the last 30 days. Hit counts may also be reset at any time.

Default IPS Signature Lists

The default IPS signature lists are constructed based on the balance between network connectivity and network security. The more a list is focused on security the more signatures are set to Blocked in that list rather than Log Only or Ignored.

  • Connectivity Over Security—This signature list places an emphasis on network connectivity and throughput at the possible expense of security. Traffic is inspected less deeply, and fewer rules are evaluated.
  • Balanced Security and Connectivity—This signature list attempts to balance network connectivity and security to keep users secure while being less obtrusive toward normal traffic. Less strict than Connectivity Over Security.
  • Security Over Connectivity—This signature list emphasizes security over network connectivity. Traffic is inspected more deeply and more rules are evaluated. The result is an increase in false positives and network latency.
  • Maximum Detection—This signature list places all emphasis on security, such that network connectivity and throughput are compromised. Only select this setting when total protection is required as alerts must be monitored and validated manually.

Enable Cloud Malware Protection for Webex Teams < Manage IPS > Configure IPS

Updated 4 days ago

Manage IPS


Suggested Edits are limited on API Reference Pages

You can only suggest edits to Markdown body content, but not to the API spec.