We just raised a $30M Series A: Read our story

Cisco Umbrella Competitors and Alternatives

Get our free report covering Zscaler, Microsoft, Infoblox, and other competitors of Cisco Umbrella. Updated: November 2021.
555,139 professionals have used our research since 2012.

Read reviews of Cisco Umbrella competitors and alternatives

Behzad Barzideh
Senior Network Architect at SUNY at Stony Brook
Real User
Top 20
We don't have to worry about DNS infiltrations and helps ensure that end-users don't visit problematic websites

Pros and Cons

  • "When it comes to helping to detect DNS threats, BloxOne is good on all fronts. The number of false positives is very low, close to none. More than once it has detected new names or lookalike names and protected us and saved us from bad characters."
  • "The research side and the reporting side need improvement. Both of those are items on the menu. They could use a little bit of cleanup to make their respective information more easily understood."

What is our primary use case?

BloxOne is for DNS protection. We point our local domain name servers to it and it has a feed for "bad character" domain names. We protect our end-users that way. The way we're using it, that's all it does. It fits in somewhere in the middle of our security stack. DNS is the most important part of networking. Not so many people see it that way, but if you can't resolve, say, "cnn.com", nothing works. If your DNS doesn't work correctly, nothing is going to work correctly on your network. It is one of the first layers that comes into play when going to a website or using email.

It's a SaaS solution, a service that InfoBlox provides. All the systems are run by them and they maintain it.

How has it helped my organization?

It puts us at ease. We don't have to worry about so many DNS infiltrations. It has integrated and helped us make sure that our end-users don't visit websites that are not clean. Overall, it has helped with that side of our security.

BloxOne has also reduced the amount of effort for our SecOps team when investigating events. They have been using it and they're happy with it.

Overall, it's much easier to log, detect, and troubleshoot those aspects of the network.

What is most valuable?

The GUI has been improved a lot. It's easy to use and intuitive to navigate and to do whatever it is that you want to do with the system. Ease of use is one of the top features.

When it comes to helping to detect DNS threats, BloxOne is good on all fronts. The number of false positives is very low, close to none. More than once it has detected new names or lookalike names and protected us and saved us from bad characters.

What needs improvement?

The research side and the reporting side need improvement. Both of those are items on the menu. They could use a little bit of cleanup to make their respective information more easily understood.

For how long have I used the solution?

I have been using Infoblox BloxOne Threat Defense for a year and a half. 

What do I think about the stability of the solution?

We have not had any service outages with BloxOne. It has been very stable.

What do I think about the scalability of the solution?

We have scaled it as far as we need to, and I have not seen any issues in that regard.

BloxOne gets used with every device in our enterprise that does DNS. As the number of devices grows, usage goes up. It is something that gets used without people even noticing that it's there. Almost the entire enterprise is using it.

As for increasing the use of its features, such as the integrations, we have talked about it, but we have way too many other projects and that has been put on the back burner.

How are customer service and technical support?

The only time we contacted them for support was during the initial setup, and that's how we got our SE to help us with the categories. On a scale of one to 10, their support is a 12.

We have been using InfoBlox as a company for more than 10 years. Their support team is well-versed in their products. They know their stuff. And if they don't know something, or there is something they haven't worked with, they are very quick to bring in somebody who knows the environment better. They don't drag you along while they're trying to learn, and that is something I really like.

Which solution did I use previously and why did I switch?

We used something else that does almost the same thing. It provided us with the ability to block DNS. We have been doing this for the past 20 years or so. We switched to BloxOne because it's cloud-based. Logging is easier. With all of the previous systems that we had, we had to sacrifice on the logging feature, reduce the logging, because we couldn't maintain that size of a log. With BloxOne, logging is in the cloud and it's not limited. Also, somebody else is maintaining it, which we like.

How was the initial setup?

The initial setup was "in-between." It wasn't so complex, but it also was not so easy that anybody could do it. It had a learning curve, but the learning curve was not that bad. I tackled the learning curve by asking questions of my SE. He was able to give me directions about the best way to configure it.

The kinds of things I asked about were best practices around which categories to enable. I needed to better understand what all the categories were, and what they mean. The default settings were too rigid and we had to make some changes. The SE helped us to understand all the categories, which categories were redundant and which categories should be more relaxed.

We had a PoC deployment and then production. All together, they took about two to three working days.

Our implementation strategy was to set it up the way we believed it should be set up. We put it in a test environment and then realized that some of the categories were too restricted. We got on the phone and then made some changes to those categories. After a couple of weeks of testing, we put it into production. All the settings that needed to be enabled were enabled at that point.

The team that logs in, in administrative roles, includes about eight people, and I don't think they're in there that often. We're usually in there if there's a report of domains being blocked that shouldn't be blocked. For all intents and purposes, it is set-it-and-forget-it. It has been that simple. We don't go in there unless there is a very specific reason for taking a look at something.

For deployment, it was the networking team, so that everybody was aware of how it was set up. BloxOne doesn't require any maintenance because it's in the cloud and Infoblox is maintaining it.

Which other solutions did I evaluate?

We looked at BlueCat and Umbrella. We went with BloxOne because it integrates better with our system. The functionality also looked a little bit better than that of the other two products.

What other advice do I have?

If a colleague said to me that their next-gen firewall and other security tools mean that they don't need a DNS-specific security solution, I would say to them that, in my opinion, security is layers. Just because you have one layer doesn't mean that you can remove other ones. They work hand-in-hand.

Do a proof of concept for your environment, a test environment, to make sure that it does what you want it to do. And try to understand the categories that it has. Spend some time understanding the categories before you enable them or put them into production.

The biggest lesson I have learned from using BloxOne is patience. It is the cloud, so when you click on something you have to give it a little bit of time to do whatever it needs to do in the back end, before it actually gets implemented. You have to be patient.

I'm sure it would be able to integrate with our firewall company, Palo Alto. But, at the moment, we haven't needed to do that.

Disclosure: IT Central Station contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
Flag as inappropriate
MM
Core Network Manager at a comms service provider with 11-50 employees
Real User
Top 20
Excellent integration capabilities, good UI and offers great security features

Pros and Cons

  • "Overall, it's nice and very user friendly. That's what makes it so successful. They give you complicated features but with a very simple user interface, and that's been a big success for them."
  • "The support needs to be improved."

What is our primary use case?

We mostly implement this product for our clients.

What is most valuable?

There are many great aspects to the product. 

It's flexible. It's possible to have it on a universal CPE. The CPE is a small server or device that can be installed on the client's premises which the FlexVNF software can be installed onto. It doesn't have to be a vendor-specific CPE. This can help users reduce costs. Other solutions don't offer such flexibility.

One of the interesting things about the solution, which is not an easy feat, is that they offer a multi-tenancy solution at the CPE level.

They also allow for the integration of their solution as a provider with other security vendors, like Fortinet, Palo Alto, and Forcepoint. With other vendors, they stick with their own security appliances or images. This solution, however, really does try to integrate with everything.

In terms of support, they are very focused on SD-Wan technology. They are not working on multiple technologies. This ensures your business is very focused. It allows you to be very focused on your support and ensures your level of support will be very high. The customers will be satisfied with the results. 

The development is fast because they are only focused on one direction. Of course, SD-WAN not only means that you are optimizing the routing and the speed of the internet but also it allows you to optimize the security. Users can have better, more advanced security features. 

They are focusing on integrating their security features right now. They are growing quickly in this direction. That means they're giving a lot of attention to the security within the product. It's making it a more complete product without forcing you to just use Versa.

Overall, it's nice and very user friendly. That's what makes it so successful. They give you complicated features but with a very simple user interface, and that's been a big success for them.

What needs improvement?

The support needs to be improved. 

The interface does still need enhancements to make it even easier to operate in the future. They have complicated policies that need to be applied.

For how long have I used the solution?

We've been using the solution for about one and a half years now.

What do I think about the stability of the solution?

If the setup is done properly, the solution is quite stable. There's no need to worry about bugs and glitches. It doesn't crash.

What do I think about the scalability of the solution?

It is easy to scale. The solution has considered various roadmaps and focused on future growth for organizations. Some features may not be active just yet, however, they are in the roadmap.  They are looking at, for example, delivering Ethernet over two or three layers, over the internet, which is very interesting and is, in my opinion, revolutionary.

The solution benefits huge companies, more so than smaller ones. Currently, various product features are capable of fulfilling any big enterprise requirements. They are trying to get the certifications from international security communities like Gardner. Their focus is more so on the larger scale organizations and they are trying to compete with companies like Cisco, Palo Alto, etc. Since it is meant for bigger companies, it can get pretty big itself.

How are customer service and technical support?

Their support is okay, but they need to grow it out faster. They need a better mechanism for getting quick responses to clients and to hire more people on the support level. The gold standard is Cisco, and they should try to be more like that. 

They have a very focused product and because of that, they need a very focused support staff. They should have different people who are specialized on different aspects. They don't have to spend a lot of money to do this, they just need to ensure they have the right people in place to answer questions.

It seems a bit unfair to judge them in totality, however, as I just had one instance with them so far. 

How was the initial setup?

The solution's initial setup is complex in that it's not plug-and-play. You won't face zero-touch provisioning with this solution. Instead, there will be a staging process. It requires certain commands and you need to run it on Linux or Unix.

The solution has some issues with staging, and, if you compare it to other products, you'll see other vendors are much more straightforward. Zillow Clouds and Meraki are two good examples of a straightforward setup.

For myself, I have a technical background. These things are interesting for me, and I'm happy to do it, but on the commercial side of things, the customers don't really want to deal with difficult setups. Usually, however, it's the partner that provisions for the client, so the client never has to really deal with these issues. If you are a partner or a supplier, you'll end up doing this part yourselves. So, for those that know the product, it can be considered straightforward.

After that, users will enjoy a lot of features. 

It only takes about one hour to deploy the solution. I handled the POC myself and I've done some extensive training. I didn't feel comfortable in staging Versa devices. This was a problem. For comparison, if you would like to stage a VeloCloud device, it may take from you 10 minutes, whereas Versa could take about an hour.

If you are facing complications, you need to spend time understanding them before doing the provisioning. It will take some effort to understand the staging process, but it's worth it to take a step back. 

What about the implementation team?

I handled the POC myself and I've done some extensive training, so I was able to handle all the provisioning and staging. We found we struggled a bit with our engineers figuring out how to write everything correctly. Unlike other deployments where it's a very straightforward couple of clicks, if you make a mistake in provisioning there is a receipt required, and you need to call the engineer from your Versa vendor to help troubleshoot problems.

What's my experience with pricing, setup cost, and licensing?

In the end, it's not only about cost. A lot of big enterprises don't care about the cost. They care about having a single point of contact to take care of their security and internet routing optimization. Having one support ultimately reduces costs, as there would only be one maintenance contract and one device.  

What other advice do I have?

We have a lifetime implementation. We're using the latest version of the solution.

It's a good product for high-end and large enterprises, but smaller enterprises might not be a good fit.

I'd just advise that especially surrounding the initial setup, a new company needs to ensure they have the right support in place. Companies need to make sure their SLA's are very clear so they can get the support they need from the outset and into the future. Compare companies and be clear about the requirements and you will have an easier time.

I'd rate the solution eight out of ten. I'd give it full marks, however, I do believe that they can continue to improve on the existing product in various ways. 

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
RA
ISM Network Architect at a transportation company with 10,001+ employees
Real User
Top 20
Great QOE, good stability and pretty straightforward to set up

Pros and Cons

  • "They have a lot of built-ins. There are so many applications defined inside the solution. It makes it so that we don't have to create some policies. Each and every application is already defined in it."
  • "The solution doesn't offer failover between their own devices. If I want to, I should be able to put the two devices at the side, so there can be a failover."

What is our primary use case?

I work for a supply chain and we have a site where we want to offload the internet traffic and get to the application, etc. Some of the cloud applications go out directly and automatically through the SD-WAN device to the internet, so it is local and does not go to the MPLS. We can load balance those applications.

What is most valuable?

Their QOE, or Quality Of Experience, is the most valuable feature. Basically, VeloCloud measures the latency and the chatter and everything on a voice application, and it just routes the traffic or duplicates the packets according to that chatter. 

They have a lot of built-ins. There are so many applications defined inside the solution. It makes it so that we don't have to create some policies. Each and every application is already defined in it.

What needs improvement?

The solution doesn't offer failover between their own devices. If I want to, I should be able to put the two devices together, so there can be a failover. 

They need to come out with a new device, such as a 510 LTE which would have LTE capabilities.

On the 610 devices, they're saying they're going to have LTE in it. They don't have it. They don't even have a POE feature inside the VeloCloud devices. Therefore, if I want to set up a POE, just the one device with everything in it, I actually don't have a POE support on it.

For how long have I used the solution?

I've been using the solution for about six months now.

What do I think about the stability of the solution?

Stability-wise the solution is quite good. It's reliable. It doesn't crash or freeze. It's not buggy at all.

What do I think about the scalability of the solution?

The scalability is giving us problems at the moment. We want to put this as, for example, a primary MPLS, with internet secondary, and cellular tertiary. The LTE device doesn't even failover between them, however. Therefore, there is no scalability there.

How are customer service and technical support?

We don't deal with technical support, due to the fact that we have AT&T. Since we deal with AT&T, we don't deal with them directly. Therefore, I can't speak to their level of knowledge or responsiveness.

Which solution did I use previously and why did I switch?

Our company is actually many companies. At another subsidiary, they are doing a POC with Cisco. Cisco is providing them with better pricing. On top of that, they have good availability and failover capabilities on LTE. The Cisco router can do the secondary subnet on the same VLAN, which VeloCloud cannot do.

They have a lot of features we technically need to have but don't on VeloCloud.

How was the initial setup?

The initial setup isn't too complex. It's pretty straightforward.

In terms of the deployment, we designed everything properly, and due to the fact that we took the time to design it correctly, it didn't take a long time. Strategy-wise, we have AT&T as our provider. That said, we have set up a reference architecture in such a way that it just copies every site, according to our site size and the requirements.

What's my experience with pricing, setup cost, and licensing?

If you compare VeloCloud to, for example, Cisco, the pricing is almost the same. However, Cisco offers more features that are integral to the way we need the solution to operate. In that sense, it's better value for money. For example, now we need to have an extra LTE modem outside of VeloCloud, and it's going to add to the cost, which ultimately makes it more expensive.

What other advice do I have?

We're just customers. We don't have a business relationship with the company.

We are not using the newest version of the solution. They already have a newer version, however, we have everything outsourced to AT&T, and they have not upgraded the new version on it yet. The version we have on the VeloCloud is 3.4.3, and the newest version, which, from my understanding, is four, and is already out there.

The greatest advice I have for potential new users is this: when you do deploy the VeloCloud, it's pretty straightforward. However, the only thing you have to remember is to make sure that you have the site requirements in terms of the primary and secondary circuits. For us, the last mile circuit is always a requirement, so we have a tertiary as a cellular. That way, even if the primary and secondary go down, you are okay. Also, you need to make sure to size your VeloCloud equipment or VeloCloud model according to the size of your needs.

Overall, on a scale from one to ten, I'd rate the solution at a nine.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Dipmalya Dasgupta
Solution Architect- Network Infrastructure at a tech services company with 201-500 employees
Real User
Top 5
We always hear from our customers that this is one of the products that they are very satisfied with

Pros and Cons

  • "Cisco is the best in giving technical support. There is no doubt about that."
  • "The one thing I don't like about Cisco is that they are very much fragmented in terms of providing the complete solution. They keep on breaking their different feature sets into different boxes."

How has it helped my organization?

We have implemented Cisco Web Security Appliance in quite a few places and the results are quite satisfactory. We haven't faced any kind of challenge from it. Neither has the customer reported anything.

I am a solution architect. So I'm able to discuss in terms of configuration management. All I can say is that from a solution perspective, whatever the customer is basically looking for from our web security appliance, Cisco Web Security Appliance has met it all. And more importantly, wherever we have deployed this kind of Web Security Appliance, Cisco hasn't faced any kind of escalation from our customers. And whenever we go for review with them for their satisfaction level, we have always heard that this is one of the products that they are very satisfied with.

What needs improvement?

Obviously there is always room for improvement for almost all the appliances available in the market. But there are scopes for improvement. I'm pretty sure that Cisco will keep on integrating different feature sets as the market demands and I have seen Cisco as an organization that puts in proactive efforts providing different features before they come into the market. So I'm pretty sure that Cisco will give due diligence in terms of providing all the features in their WSA. 

But one thing I don't like with Cisco is that they're very fragmented in terms of feature sets. What I mean is that the one thing I don't like about Cisco is that they are very much fragmented in terms of providing the complete solution. They keep on breaking their different feature sets into different boxes. The days are coming when almost all the customers are looking for a consolidated box or a box wherein you can have multiple feature sets based on infrastructure, which will decrease the carbon footprint in the data center. Then, obviously, the number of devices they will have in the data center will go down. So cooling requirements and power requirements will also go down. So that's what the customer is looking at. But Cisco is too segmented. They gave ESA, they gave WSA, they give their next-generation Firewall Firepower. Then they gave a management center. And for network AMP they made a separate box set. So there are too many devices.

Though I understand technically that, yes, fragmented technology is best because we should let the dedicated device do dedicated jobs. But again, in terms of customer acceptability and the customer's point of view, consolidated devices make much more sense for them.

I would obviously prefer the WSA to be integrated with ESA because there is no point putting so many hardware devices and infrastructures in. So if WSA had the functionality of ESA, at least the basic functionality of ESA, it could be merged into a single box, and that would be good.

What do I think about the stability of the solution?

Cisco Web Security Appliance is stable. Very recently we deployed corporate-wide security practices with all the Cisco devices like Cisco Firepower, Cisco AMP, Cisco Cloud Email Security, Umbrella, and so on and so forth. That infrastructure is running quite okay for the last two to two and a half years. So I must say that all the security products are quite stable in nature.

How are customer service and technical support?

Cisco is the best in giving technical support. There is no doubt about that. I am working with Cisco on a range of products since 2004.

I have dealt with all their technical related support. I used to be in deployment. Then I used a lot of their super technical support. But once I migrated from the implementation team to the solution designing team, I did not require that kind of technical support from them in terms of their technical assistance. But yes, I still have discussions with my implementation team and they keep telling me that one of the best features is the technical support we get from Cisco. So as far as technical support is concerned, I don't think that there is a match for Cisco.

What's my experience with pricing, setup cost, and licensing?

Regarding Cisco price-wise, it is always a bit on the higher side. Apart from a few products, if you look at the majority of Cisco products, they are a bit on the higher side as far as the market is concerned. Obviously it would be good if Cisco could cut down on their prices, but they would have to do a lot of negotiation or compromise in terms of their product quality and support quality and a lot of customers may not like that. Price is something very dynamic. In India, actually, we don't find that much of a challenge with prices in enterprises and in government.

What other advice do I have?

On a scale of 1 to 10, I would give Cisco Web Security Appliance an 8.

Disclosure: My company has a business relationship with this vendor other than being a customer: partner
Alexander Arnold
Infrastructure and Network Engineer at Servomex Group Limited
Real User
Top 10
Easy to deploy, use, and manage, but needs more granularity and control over the interfaces and better licensing and support

Pros and Cons

  • "I like its ease of use. It has a single pane of glass for the ZIA and ZPA pieces. It is very manageable. It is also very easy to deploy for secure access, and it gives half-decent coverage for visibility in terms of what the users use and what data is being proxied through the access gateway."
  • "It has massive room for improvement. The Zscaler product itself is okay, but it doesn't give enough granularity for us as an organization to stipulate rules or processes, especially for data-driven services. For instance, we can stick on SSL inspection, but it's just a click box. It doesn't allow us to go any further into the detail of the SSL inspection. We also can't pull it out without having an additional logging server. It just doesn't give us enough granularity. They should give us more control over the interfaces because it is all backend. They weren't very open to discussing their backend architecture with us in terms of their own data centers. They can maybe a little bit more open about what components are there and how the backend infrastructure works alongside Zscaler. Its licensing can be better. Some of the additional licensing costs are quite high, and they should have certain features ready and available as a baseline rather than having to purchase additional licenses for it. Their support should also be improved. I initially had a consultant from Zscaler for its deployment, but the support that I had throughout the deployment of the project wasn't the best."

What is most valuable?

I like its ease of use. It has a single pane of glass for the ZIA and ZPA pieces. It is very manageable. 

It is also very easy to deploy for secure access, and it gives half-decent coverage for visibility in terms of what the users use and what data is being proxied through the access gateway.

What needs improvement?

It has massive room for improvement. The Zscaler product itself is okay, but it doesn't give enough granularity for us as an organization to stipulate rules or processes, especially for data-driven services. For instance, we can stick on SSL inspection, but it's just a click box. It doesn't allow us to go any further into the detail of the SSL inspection. We also can't pull it out without having an additional logging server. It just doesn't give us enough granularity. 

They should give us more control over the interfaces because it is all backend. They weren't very open to discussing their backend architecture with us in terms of their own data centers. They can maybe a little bit more open about what components are there and how the backend infrastructure works alongside Zscaler.

Its licensing can be better. Some of the additional licensing costs are quite high, and they should have certain features ready and available as a baseline rather than having to purchase additional licenses for it. 

Their support should also be improved. I initially had a consultant from Zscaler for its deployment, but the support that I had throughout the deployment of the project wasn't the best.

Which solution did I use previously and why did I switch?

We weren't using any other solution.

How was the initial setup?

It is very easy. There were some constraints trying to deploy the access gateway and the endpoint client to some of our regions due to processes being blocked. They gave a list of processes that need to be allowed through ADM endpoints and our sort of antivirus products so that they're not scanned, and they're allowed through to function. However, I had some issues in following the guide and trying to get them initially deployed and allowed through. The firewall has to be off regardless of whether the port allocations were opened or not, but this could potentially be a regional issue. Other than that, the deployment was very easy.

What about the implementation team?

I went through a subsidiary company of Zscaler. I initially had a consultant from Zscaler themselves, but the support that I had throughout the deployment of the project wasn't the best. They were very much technical sales as opposed to technical consultants. I myself had to work through and resolve a lot of issues that I faced during the deployment and setup.

What's my experience with pricing, setup cost, and licensing?

It has been relatively reasonable for what it does. Some of the additional license costs based on the advanced next-generation firewall functions are quite high, and they should have certain features ready and available as a baseline rather than having to purchase additional licenses for it. Overall, the cost seems reasonable.

What other advice do I have?

What I would say is that try it, test it, and ensure that it sort of meets the company requirements. We were lucky enough to go through an extensive trial period. Zscaler, unfortunately, only allows a two-week trial regardless of where you are with the setup. They only give you coverage for a very basic setup. You have very limited time for trying anything further or trying the product as if it was in the production environment. Therefore, I would advise scoping out what you want and how you want to achieve it as quickly as possible. After that, you can really hammer home when you go through the initial deployment to ensure that it works and meets all the requirements.

We are now looking at Cisco Umbrella. We are a Cisco house predominantly, and Cisco Umbrella just interlinks with our VPN solution and our overall architecture. We're looking to migrate to a Meraki SD-WAN fabric because it allows us to just use that network overlay underneath the secure access edge and just incorporate it into what we already have.

I would rate Zscaler SASE a seven out of ten.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Get our free report covering Zscaler, Microsoft, Infoblox, and other competitors of Cisco Umbrella. Updated: November 2021.
555,139 professionals have used our research since 2012.