Cisco Umbrella is a cloud-native platform that provides the first line of defense against internet threats. It uses the domain name system (DNS) to block malicious requests before a connection is even established.

Major groupings include:

| Metric | Cisco Content Filtering Performance (Talos 2024 data) | |--------|--------------------------------------------------------| | | 94-97% (including 0-day) | | False positive rate (legitimate site blocked) | <0.1% | | Average block page latency | <15ms global | | New domain categorization speed | 85% within 2 minutes |

A significant portion of web traffic is encrypted (HTTPS). Malicious actors often hide payloads inside encrypted tunnels. Cisco Secure Web Appliance and Firepower have the capability to decrypt SSL/TLS traffic, inspect the content for threats, and re-encrypt it before sending it to its destination. This prevents users from inadvertently downloading malware via "secure" connections.