New NS1 + Cisco Umbrella Integration Ensures Fast and Secure Application Access for All Users

Monica Miller
September 25, 2019

One of the things I have been most passionate about throughout my career working in DNS is the ability to solve the variety of deliverability and security challenges that customers face. Whether you’re on an infrastructure maturation journey, looking to create an easy-to-use self service model for internal users, or working to increase performance, helping clients through these complicated deployments motivates me every day. 

Before I joined NS1 over a year ago, I was on the Cisco Umbrella security team, helping clients create proactive approaches to complex network security issues. Cisco Umbrella helps protect companies’ users and devices by using the internet’s infrastructure to block malicious destinations before a connection is even established. Customers liked being able to protect users anywhere with a cloud-based deployment model that is easy to deploy and simple to manage. Umbrella uses recursive DNS to stop threats over all ports and protocols — even direct-to-IP connections. It has many features related to malware, botnet and phishing protection, in addition to granular content filtering controls.

At NS1, I advise some of the world’s largest brands and trusted enterprises about how to use next-generation DNS, DHCP and IP Address Management to simplify, scale and automate application infrastructure. NS1 offers its application traffic optimization technology as a managed service for external use cases or as software for internal needs. Our solutions are based on authoritative DNS, or the yin to the recursion’s yang. Authoritative and recursive DNS work together to route users’ requests to websites and apps.  

NS1 improves end-user application experiences and helps teams manage complex environments. Many times, the complexity comes from a combination of what applications are being deployed (a hybrid mix of legacy technology and microservices) and where they will live. Many of our biggest customers have taken a hybrid approach, combining some legacy technologies with more modern microservices deployments, and often they’ll live in a mix of locations, including data centers in co-location facilities, the cloud, or even an edge network the customers have built out themselves. 

Security is very much a part of the application experience; users and employees expect that companies are taking every precaution to protect them and their assets against malicious actors. Company policy adds another layer of complexity. Being able to combine rich security protection with guaranteed team productivity through app and category controls provides an easy control plane for securing the network, no matter where users are working from.

This is why I’m so excited that NS1 has partnered with Cisco and has integrated with Cisco Umbrella. We are bringing our software-defined, API-first approach to DNS, DHCP and IP Address Management behind the firewall to work alongside Cisco Umbrella’s enterprise approach to network security to optimize user experiences and keep our mutual customers and their users secure.   

Available to customers now through a native API integration, the unified NS1 and Cisco Umbrella solution supports agile application deployment and delivery while protecting an organization’s most critical assets. The integration allows customers to get the best of intelligent DNS traffic steering behind the firewall while protecting outbound queries with Umbrella security. NS1 delivers performant and resilient DNS internally and externally, protecting application development and consumption over any port. When integrated with Cisco Umbrella’s predictive and analytical approach to security, DNS becomes a control plane for the modern enterprise. 




Combining Technologies for Secure, Policy-Driven Application Experiences

Cisco is executing on a cloud networking and security vision that’s deeply aligned with NS1’s own strategy. We are committed to helping customers provide secure, reliable and high-performing application experiences. With NS1 and Cisco Umbrella, organizations can secure users no matter where they are, what they do and how they work.  

How the Integration Works The Cisco Umbrella integration is available to any NS1 Enterprise DDI or Private DNS customer. As part of the new integration, Cisco Umbrella will examine every recursive DNS query and stop connections to known or suspected malicious sites, protecting organizations against DNS-based security attacks. Cisco Umbrella also helps teams identify the source of a suspicious DNS query, enabling them to locate the infected endpoint, quarantine it and fix it. 

All queries made from a device within an internal network are sent to the organization’s on-premise server, which would be NS1’s next-generation DNS server. This server resolves all queries to and from IP addresses within the network. All public DNS queries are forwarded to the Umbrella’s network of recursive resolvers. Based on the organization’s custom security policy, Umbrella responds with the IP address for approved domains or a block page for those that are restricted.


By registering each DNS server deployed with NS1 within the easy-to-use Umbrella portal, our clients have the ability to detect, block and report on all outbound queries that recurse through NS1’s DNS servers. These policies provide granular security controls for the modern enterprise, designed to prevent security incidents by using machine learning, statistical models, data analysis and reputation, all scored and implemented by the Umbrella Research Team. 


When a query is made to, say, internetbadguys[.]com by any device in your network, Umbrella’s recursive resolver network goes to work. Each query that comes from any Umbrella-enabled network is tagged with identifying information to be able to report user and device information, internal IP and the domain or IP being requested. In addition to this, the network details of the particular NS1 DNS server that issued the request are also taken into account to apply any security policies and content filtering restrictions. Once the query hits the recursive resolver, Umbrella use all of this information plus ECS data to respond quickly and either block or allow the particular request. For this domain in particular, we would, of course, expect it to be blocked. 

By utilizing this integration, you can prevent attackers from redirecting queries to known malware drop sites and malicious locations if they are already within your network, otherwise known as command and control callbacks. Umbrella makes it easy to identify the source of the query then mitigate and remediate within minutes. Other attacks that can be prevented include malicious direct-to-IP connections, zero day threats and DNS tunneling. 

Get Up and Running in a Few Hours

For existing Cisco Umbrella clients, it’s easy to take advantage of the integration. Deployment with NS1’s authoritative DNS solution provides the ability to be up and running in hours with a full internal DNS solution that benefits from the proprietary traffic steering and performance that NS1 is known for, while securing all outbound traffic to ensure you stay protected. 

We’re a Part of the Cisco Security Technology Alliance

NS1 is now a member of the Cisco Security Technology Alliance (CSTA) — Cisco’s security development, integration and certification framework. For more information about how our integration can protect your enterprise, download our Umbrella data sheet.

For more information, contact sales@ns1.com.


Request a Demo

Contact Us

Get Pricing