With employees moving more permanently to remote work, you need a content filtering solution that works no matter where your employees find themselves. Roaming Clients are ideal for situations where employees working entirely remote, split time between the office and home, or travel frequently.
On average, it takes businesses six months to detect a breach. During this time, your company’s and customers’ confidential information is exposed and being collected by the attacker.
However, this doesn’t have to be the case for your business. If you have the right security measures in place, you can catch a threat early on.
One of the most powerful security tools for early threat detection is Cisco Umbrella.
Here at Network Doctor, our security and managed services teams use Umbrella with customers. And when they do, they strongly recommend you include Roaming Client.
What is Roaming Client?
Roaming Client is an additional capability of Umbrella that you can enable (for a cost) on devices, besides servers, in your network. It adds another layer of security by monitoring and reporting threat information from a device level.
Roaming Client protects your remote employees even when they aren’t working off of a VPN connection, and you receive immediate visibility on all users’ devices regardless of where they’re working.
This provides quick and seamless protection against malware, phishing, and command-and-control callbacks wherever your users go.
Why should you enable Roaming Client?
All of the capabilities we discussed above make Roaming Client the most valuable way to use Cisco Umbrella.
Three reasons we think this is the best use case for Cisco Umbrella are:
- It’s easier to identify the source of an attack.
- You can catch threats before they hit your network.
- You can avoid losing money during an attack.
These are all important factors when it comes to securing your IT environment, which is why we think Roaming Client is an essential feature of Cisco Umbrella.
1. Roaming Clients make it easier to identify the source of an attack
By residing on the devices in your network, Roaming Client checks monitors on a granular level.
When Cisco Umbrella is deployed with Roaming Client, you can identify the source of a threat even if it’s from a remote location.
Instead of giving you a notification that a threat exists somewhere in your IT environment, it can tell you the specific device where the threat originated.
Without this feature, your IT department will have to search by trial and error to determine which device is the origin of a threat. Depending on the size of your environment, this can be a lengthy process. In the meantime, the threat is still active.
2. You can catch threats before they propagate
The reason it’s crucial to catch threats early on is that the longer they’re allowed to exist within your environment, the more damage they can cause.
Take advanced persistent threats (APTs), for example. These can make their way into your network through a phishing campaign or a drive-by website. For the next 90 to 180 days, these types of threats do recon on your network, looking for ways to exist in your environment even if users change passwords. They’re also looking for information on users, such as who makes up the executive team and who handles financial information.
During this time, APTs sneak under the radar of many types of endpoint protection, but they’re making command-and-control callbacks to the attacker who is monitoring your environment remotely.
One of the things Umbrella monitors is command-and-control callbacks. With Roaming Clients deployed, you can monitor this at an individual device level and identify threats before they start wreaking havoc on your environment.
3. You can avoid losing money during an attack
The average attack costs businesses of all sizes $200,000. One of the factors in this price is paying an IT consulting company to help you remove the threat, but there are other factors, too, such as productivity loss, fines, lawsuits, etc.
Cisco Umbrella can help mitigate this cost.
With Cisco Umbrella in general, you’re less susceptible to an attack. Without it, one way or another, you’ll lose money from lost or damaged files or impacted productivity.
Without Roaming Client in particular, an attack keeps your IT department exclusively focused on exclusively this (major) issue. Even IT problems that would typically require immediate attention will be put on the back burner until the source of the threat is discovered and managed.
This means that you’re losing money from a productivity standpoint, too. Anything the attack brings down has the potential to hinder workflows, and if anything goes down for any other reason, that can impact productivity as well.
How should you deploy Roaming Client?
Now that we’ve discussed why you should use Roaming Client, we want to make sure we take time to address how you should use them.
That’s because all of the above reasons will only apply to you if you deploy Roaming Client effectively.
Most importantly, this means you should enable Roaming Client with every Umbrella license since this feature is only as effective as how comprehensively you deploy it.
If you have a 400-user environment but only have half of your users with Roaming Client enabled, your IT department could still be looking through 200 devices to find the source of a threat.
However, if you can’t afford the extra cost of enabling Roaming Client, you should at least consider using it for your executive team, accounting department, and remote workers.
Learning more about Cisco Umbrella
Roaming Client is one of the great features of Cisco Umbrella.
It allows you to more easily identify the source of an attack, catch APTs before they hit your network, and even save you money with threat response. And when you use it on all of your devices, it provides comprehensive protection and insight.
However, Roaming Clients is only one of Cisco Umbrella’s notable features. For more information about what to expect with a Cisco Umbrella license, you can read the article Top 5 reasons to try Cisco Umbrella.