Cisco Systems, Inc. (CSCO) Earnings Call Transcript & Summary

Hello, everyone. Welcome to today's webinar. I am [ Lisa Plant, ] your host. [Operator Instructions] At the end of today's session, you will be redirected to our confidential survey. Your feedback is very important to us to let us know how we did. With that, let's get started. [Technical Difficulty] Please forgive me while we're having a slight technical difficulties here.

All right. Hello, everyone, and thanks a lot for being here today for this webinar about Cisco umbrella. My name is Tom Baumgartner, and I'm on the Cisco security product marketing team. Joining me today is Chris Bilodeau from our Security Technical Marketing engineering team. Chris will be doing a demo today following some slides that I will share to get us started. The focus today will be on how umbrella can help you simplify and streamline cloud-delivered security to support your SSE or SASE architecture journey. A quick look here at today's agenda. We'll start by looking at some market trends taking place today and in the past few years that might have affected much of what many of you do on a daily basis. We'll talk about the challenges of dealing with them that you might have and then we'll go over how SSE and SASE architectures are designed to help address many of these changes. We'll go through an overview of umbrella and how it fits into an SSE or SASE strategy. Chris will follow that with our product demo to show you how it all works, and then we'll wrap things up and you can get in on a special offer that we have available for today's attendees. We've all seen the evolution in the past few years of network traffic flows going from mostly internal traffic to mostly Internet traffic. In fact, we see companies where as much as 80% or more of their traffic is indeed going to the Internet. They've got branch office and roaming and mobile users, especially who need to get to the Internet for SaaS applications and other things that are available as some kind of cloud service. The centralized infrastructure model of yesterday with security set up at our headquarters or at a data center and using MPLS lines and VPN creates several problems. Problems such as not being able to meet increasing connectivity needs because the data center has become a bottleneck that causes performance issues. There's a lot of integration and maintenance and upgrades that are needed on a regular basis, not to mention the number of tools and vendors that have been built up on that stack over the years, which have made it very complex. It's basically a model that just doesn't work for today's or tomorrow's traffic flow needs. And so most organizations that want to catch up or stay ahead of the curve are going through a modernization transformation by adopting a cloud-centric model instead. Many organizations that we talk to have common outcomes in mind when it comes to moving to that cloud-centric security model. Among these common goals, are keeping their organization safe from both known and emerging cyber threats, ensuring that their organization's data and their cloud application usage policies, are not just compliant with any laws or company rules, but also that they're enforceable, making sure that their organization's sensitive data is safe in the cloud or before it even gets there. Having operational efficiency, thanks to the integration of security functionalities and the automation between them. Giving their IT and security administrators a single interface for easily managing multiple security functions and knowing that all of their employees, whether they are on the network or off and whether they're using managed or unmanaged devices have a positive experience, thanks to high-performance infrastructure that enables high productivity in a secure way. But it's not just the companies we're talking to, who are saying that these are the outcomes that they're striving for. It's also coming from analysts like Gartner and among the many terms that Gartner has coined over the years and that it uses on a regular basis, is this term Security Service Edge, or SSE for short. Gartner and many other analysts are very clear and confident about this, that the market for the convergence of networking and security in the cloud is evolving rapidly, as shown here by this 80% metric and they're looking to industry leaders like Cisco to deliver the solutions that meet these needs. You may have noticed the SASE acronym for Secure Access Service Edge next to SSE at the bottom of the previous slide. It's an even broader architectural model than SSE is for all the convergence that we're talking about. A SASE architecture requires little to no hardware and it employs cloud technology to combine SD-WAN, which you see here on the bottom left, with the SSE functions over here on the bottom right. Secure Web Gateway, Cloud Access Security Broker, Firewall As a Service and Zero Trust Network Access which brings us to Cisco umbrella. It's one of the core components of Cisco's SSE and SASE architecture models with threat intelligence from Cisco Talos, which I'll cover more in just a minute. Umbrella integrates multiple components that were once stand-alone security services and appliances in a single cloud-native solution. If you look back a few years ago, Cisco umbrella delivered only DNS layer security, which you can see here in the upper left, but we have rapidly added a robust set of layered security capabilities, including the Secure Web Gateway, cloud-delivered firewall and Cloud Access Security Broker like I just mentioned, plus remote browser isolation and a lot more. All of which helps us deliver the best security efficacy in the industry. On that security efficacy topic, I'll be sharing some recent third-party validation data in just a little bit after our demo. But first, let's take a closer look at the intelligence and the components that make umbrella work. As I mentioned a minute ago, behind umbrella is the aggregated industry-leading threat intelligence that we have from Cisco Talos. It's one of the largest commercial threat intelligence teams in the world. and it's made up of over 400 world-class researchers, analysts and engineers. With their industry-leading visibility, their actionable intelligence and their vulnerability research, they drive rapid detection and protection for Cisco customers against not just known threats, but also against emerging threats. And this makes umbrella all the more powerful for our customers. Now the fastest way to getting started with umbrella is by deploying DNS layer security. This remains a major differentiator for umbrella. You can deploy DNS layer security in minutes, enterprise-wide, and then you can add other security controls over time, and I'll cover those in the next few minutes. DNS is the first step in nearly all Internet connections, and it's used by all devices. So it's something that workers and all companies are already touching, but umbrella is making things more secure. Any time you click on a link or type of URL for an external site, the request goes to a recursive DNS service like umbrella to look up the IP address. That's the point where umbrella delivers its first layer of defense by blocking access to domains that are associated with malware, with phishing with command and control callbacks or any other unacceptable requests. Once it's deployed for any user who requests access to a safe site, umbrella will return the IP address and those users will connect as they normally would. But for any malicious or unwanted sites, for example, if you want to block gambling, pornography or other inappropriate destinations, umbrella will return the IP address for the block page and the connection won't happen. For requests to risky domains, umbrella will send that traffic to our cloud-based proxy for deeper inspection of URLs and files. More on that shortly. For some organizations, even deeper inspection and more granular controls are required. So as mentioned a few moments ago, umbrella also offers a secure web gateway for full web proxy functionality. This provides visibility, control and protection across all web traffic, including HTTPS. It also does full URL logging and cloud application discovery for additional visibility. It does SSL Decryption and file inspection to further protect against malware. It does content filtering by category plus URL blocking and allowing to enforce acceptable use policies. It utilizes Cisco secure endpoint for file inspection plus Cisco Secure Malware Analytics for sandboxing plus retrospective alerts on files, where initially malware was not detected but where threat intelligence at some point afterward identifies a file to be malicious. It also provides detailed reporting with full URL addresses, network identity and allow or block actions. Even more good news, is that we are heavily invested in R&D here. So new functionality will continue to come out on a regular basis to further reduce risk while simplifying cloud security for umbrella customers. Umbrella also includes Cloud Access Security Broker functionality to help with a few different use cases. The first is monitoring usage of apps in the cloud and tagging them with risk levels, ranging from low risk to very high risk, automating alerts for when the riskiest apps are being accessed and enabling admins to control not only which apps employees are allowed to access, but also in what ways they can use them. There's also the data loss prevention capability that protects an organization sensitive data from being exposed in the cloud to potentially bad actors, whether it's malicious exposure or accidental. And then there's the ability to detect and remove malware from cloud file storage apps. All of this helps toward ensuring compliance when it comes to policies for cloud application usage and for the data that resides in outbound web traffic, whether it's data in motion or data out of band. This makes the job of security administrators much simpler, and it gives compliance and risk management executives peace of mind. We'll take a look now at how umbrella CASB does this, starting with application visibility and control. There's a saying that IT and security admins cannot enable, manage, secure or block what they can't see. The challenge for them is that organizations, departments and individual users have embraced the cloud, either from the main office, the branch office, on the go from their managed and unmanaged devices, from home or from elsewhere and leveraging new cloud apps on their own. And all of this can create big security problems. Security teams need full visibility into cloud activity and the ability to block unwanted apps to enable cloud adoption in a secure and organized fashion. Umbrella CASB gives them this visibility and control, allowing them to detect and monitor cloud apps that are being used across their organization. The umbrella dashboard provides all sorts of different views of cloud application discovery and activity. While it might be a bit hard to see here in this screen, there's a full list of reports available over on the left-hand side. For example, here's a report of apps by category and risk ranking. Above the bar chart are the risk rankings, ranging from very high to very low. The chart then shows the top 10 categories of cloud apps that umbrella has discovered and the number of apps in each category that are tagged with each risk ranking. All of this helps administrators control application access to ensure that they are managing risk as well as possible. If you'd like to see more views and reports such as top threats, top destinations, or maybe top identities, I recommend signing up for a demo, and you can do that by way of the URL in the bottom right corner of the screen. The second CASB use case is multi-mode cloud data loss prevention, real-time DLP scans outbound web traffic in line through our Secure Web Gateway proxy for all cloud destinations, whereas the SaaS API DLP scans outbound web traffic while it's at rest in the cloud via restful API. Instead of it going through the secure web gateway proxy but with near real-time enforcement. An important thing to mention here is that while there are other vendors in the market who already provide both modes of DLP, a key differentiator in Cisco umbrella is the unified policies and reporting between them, giving administrators a single management interface experience. Whereas the other vendors have a separate policy and reporting experience for each of the 2 modes. So there's a lot of cumbersome back and forth with them that umbrella customers simply don't have to deal with. And then there's Cloud Malware Protection. Umbrella leverages all of the insights from Cisco Talos threat intelligence to detect cloud malware presence. It performs API-based out-of-band file scanning for sanctioned cloud applications such as Microsoft 365, Webex and Box, and it alerts system administrators to any potentially malicious files that are in them. Retroactive scanning looks at preexisting and legacy files within the cloud applications while continuous scanning identifies preexisting files that have been changed or shared along with new files that are uploaded. To help remediate cloud malware infections, once a cloud malware alert has been generated in umbrella, the administrator can either quarantine and delete the file or dismiss it as a nonthreat. This prevents any lateral movement or detonation of the malware within the network. And meanwhile, umbrella continues to gather billions of new malware samples to analyze every day. Using umbrella's robust reporting functionality, administrators continually gather new threat data to better understand cloud application usage, identify potentially compromised accounts and get a clear understanding of the volume of threats that exist within the network. There is also umbrella's cloud-delivered firewall, which in itself provides multiple layers and types of protection for outbound web traffic. Layer 3 and 4 firewall to centrally manage IP, port and protocol rules. Layer 7 application visibility and control recognizes non-web applications and take appropriate action to block or allow them according to policy. Umbrella's Intrusion Prevention System is a robust added layer of security protection. Using the over 40,000 threat signatures from Cisco Talos, a number which is growing all of the time. Supporting cloud-delivered firewall is umbrella's innovative patent-pending IPSec tunnel approach that simplifies deployment and improves reliability. It enables umbrella infrastructure to execute planned updates, additions and removals, even take down an entire data center with minimal impact to users. And in the rare instance of an unplanned interruption, it performs automatic data center failover with no loss of redundancy protection. As new tunnels are created, umbrella automatically applies security policies for easy setup and consistent enforcement. Customers forward traffic to the umbrella cloud-delivered firewall by configuring an IPSec tunnel from a network device. A key point here is that Cisco did not just lift and shift this technology from on-premises to the cloud. Instead, we built it from the start to be cloud native for the highest efficiency, flexibility and effectiveness. And then there's Remote Browser Isolation or RBI for short, which is an add-on to umbrella that provides yet another layer of protection for umbrella customers to protect them against browser-based threats. Since it's already part of the existing umbrella dashboard, it can be deployed rapidly without any configuration changes by the end user. And it makes it possible to access risky destinations or protect high-risk users while still enabling them to be productive and to access the destinations they need to get to, to do their jobs. Basically, RBI frees them from needing to know what is a threat and what's not a threat. It lets users get to where they need to go without the risk of encountering malware that hasn't been detected yet. With RBI, IT and security teams can spend less time dealing with resolving access issues. And since it's cloud delivered, RBI is easy to scale on demand, and it works with all devices, browsers and operating systems. And now perhaps the moment that many of you have been waiting for. And as I mentioned at the beginning, Chris will give us a product demonstration to show you how most of what I've just covered actually works. So Chris, take it away.

Awesome Tom. Thank you so much for that amazing overview, and thanks to everyone for spending some of your day with us. I'm really excited to spend the next 15, 20 minutes going through and showing you how some of this is actually deployed and configured. And as we can see on the screen here, I've set up a bit of a lab for us to work with. We've got 3 different devices that are going to represent 3 different deployments that you might encounter while using umbrella. The first one here, we have AD1. So this is an active directory server that is also functioning as our internal DNS server. So we're going to look at just how quick and easy it is to deploy umbrella DNS protection then we're going to come over to Workstation 1. This is going to represent a roaming computer. So someone working from home or working from Starbucks or anywhere that is outside of a network that we control. And then finally, we have the CSR and Workstation 2, and these devices will represent a branch site, so a site where we have full control of the network and we have an edge network device that we want to set up an IPSec tunnel on so that we can route all traffic through umbrella and get access to all of the security features that umbrella offers. And so with that, let's jump in and see how we configure DNS. Okay. So here we are in the umbrella dashboard. So this is the overview page, which is what you will first see when you log into umbrella. As we can see here, it gives us some great information about the health of our deployments, what devices are connected or maybe not connected. How many requests are coming through, the types of blocks that we're seeing and then more data across the various services that umbrella offers. But we'll jump into that a little bit later. For now, we want to configure our DNS protection. So I'm just going to come up to deployments and then into networks. Now network represents the source address that our DNS requests are going to be coming from. So this could be a single IP or it could be a range of IP addresses depending on how our network is configured. In this case, all of our traffic is coming from that 1 AD server and that it has a single address that it is being added to. So we're just going to, call it, AD1, put in the public address that our traffic is being sourced from and then quick Save. And so now umbrella knows that whenever DNS traffic is seen from this IP address that we want to associate it with this umbrella account in this identity. To configure our policy for that, we just come into policies and go into DNS policies. And here, we can see that we already have a variety of policies configured. If we wanted to create a new one, we can just select add up here on the top right, and that will walk us through the wizard to create a new policy. For now, I'm just going to come down to our application policy, which is already set up to do some blocking on various content and various applications. And then I'm just going to come in to our identity configuration, go down to our networks and select that AD1 network that we just created. And then we just go and save that. And now any traffic that umbrella sees coming from that identity will apply the configuration that is within this policy. And so again, really nice and easy to create and configure and then we're going to jump over now actually into the AD1 server and see what that looks like from there. So here we are on our AD1 server. And again, the idea is that this is our internal DNS server. So all of our internal clients are pointing to this server for their DNS, probably through DHCP. And then this client -- the server handles all of the internal domain requests and then for anything external, it forwards it off to an external DNS server. And so if we go into our browser and we go to welcome.umbrella.com, we can see that we're not currently using umbrella DNS. So as it says, let's go ahead and fix that. So we're just using the built-in DNS for Windows Server. So we're in our DNS manager. We're [indiscernible] come into our forwarders and edit those. We're going to replace what we had there, adding the primary address, and then we will add in the secondary umbrella address. Click okay and apply, go ahead and give our DNS cache equipped flush. And so now this server is pointing to umbrella. And as we configure in the umbrella dashboard, it's going to recognize this traffic and apply the policy that we configured. And so if we come back to our browser, and we go to the umbrella test again, we can see that we get the green banner and that we are using umbrella. And so just like that, all of our internal computers are protected via umbrella DNS and it didn't take us any longer than about 5 minutes to be able to configure. So now we're going to jump in and do the kind of more complex configurations, but with the extra configuration come some extra security benefits, and we're going to start with our roaming computer. Back in the umbrella dashboard before we do the roaming computer deployment. I actually want to take a second and configure the policy for it that we're going to use. So I'm going to come down to our web policy. And we can see that we have several policies already created. Instead of creating a new one, we're just going to go ahead and use our high restrict group here. And if we come in, we see that we have several rules already created, some that are set to allow, some that are set to warn. Down here, we have a category block. So this is actually blocking gambling sites. So we'll test that in a few minutes. And then I want to add another rule. So I can just come up and select add rule, we're just going to call this demo isolate. And as Tom was talking about our browser isolation, one of the big benefits of it is that it's integrated directly into our existing policy. So under my rule actions here, we can see that I have my standard allow, warn and block, and then we also have isolate. And so the great thing about this is, there's no separate dashboard. There's no separate configuration. All I do is come in, create a rule set the action to isolate, select the identities that I wanted to apply to and then select the destinations that I want to isolate. In this case, I've created a destination list for us that has a few domains that we can use to test. So we'll just go ahead and select that. And then we will just save our new rule. And after we enable the rule, that's all there is to configure. So now any traffic coming from the identities that are set up on this rule set will have traffic to those destinations isolated. Nothing else that needs to be done. And so with that, we'll now come over to deployments and then into our roaming computers. And we can see that we have a few computers already deployed here. We come up in the top right to our roaming client download. We'll say that we have 2 different options. We have the umbrella roaming client, which is a stand-alone client, specifically for umbrella and then we also have a security module that integrates with Cisco's Secure client. So this is the client that was formerly known as AnyConnect, is now known as Cisco's Secure client. And so if you're already using that for VPN or other services that the Secure Client offers, we can integrate with it directly. We have our module profile here that we can just click to download to get the configuration. So I've already gone ahead and installed the secured client and downloaded the profile to Workstation One for us so that we don't have to wait for that process to work. So if we go over to Workstation One, we can see that we have the Cisco Secure Client installed with the umbrella module, but umbrella is inactive because of a missing profile. And so for this, we need the profile from the umbrella dashboard, which is this OrgInfo.json file. And we're just going to copy that into our configuration directory. And this file includes all of the information that the client needs to be able to connect to umbrella and make sure that it associates and registers with the correct account. So we can see that, that's gone ahead and done that. So it is umbrella is active now. And the great thing about this is the OrgInfo file is not unique to the client that it's being deployed on. It's the same configuration file across all clients. So if you're already using some type of deployment application to deploy software onto your computers, and it's really simple. You just take the OrgInfo profile, add it into the deployment process and all of your computers are ready to go. So now that umbrella is active, we can come into our browser and start with our umbrella test. So the Welcome.umbrella. We can see that we are using umbrella and everything is green. Since we in that policy had configured gambling to be blocked if we try to go to a gambling website. We can see that, that is blocked and we can see that it was blocked because of gambling. The other thing that we configured, of course, was our isolation. So if we browse to one of the websites that we had configured in the isolation, after a second, we will see that the website comes up and it looks normal. In this case, it's a little slow because of the connection in the lab. So this isn't due to the umbrella platform, just the way the labs Internet routing is occurring. But we can see that we actually get the GitHub website. Everything looks as it should. We can browse it. So we can see all of our drop-downs are working correctly. And if we come into one of our other websites here, we can click through the links and we can browse and use the website as normal. The only thing that you might have noticed is that in the bottom right down here. We have a Cisco logo. And if we hover over, we see that this page is isolated. And so this is really fantastic because as we said, it's super easy to deploy and what's actually happening here is none of the code from this website is actually being executed on the client. The umbrella platform is actually making the connection to github.com . It is getting the display and what the website should look like and then sending a render of that to the client. And so if GitHub were to be compromised or whatever page we're isolating were to be compromised, none of that compromised code ever actually makes it to the client. And so this is really great for high-risk scenarios where you can't afford to have a breach and you want to make sure that there is zero risk to remote code, making it on to the client. This is a really great way to do that, okay? And so we've done our DNS deployment, and we've done our roaming computer deployment. And so the only thing that we have left to do is our branch site, so our IPSec. So this is our CSR and our Workstation 2. And so for that, let's jump back into the umbrella dashboard and get it configured. So if you configure our network tunnel, we're going to go to the very appropriately named network tunnels page under deployment. And then on top right, we're going to add a new tunnel. We're going to give it a name, and select a device type. These are all of the devices that we officially support. But of course, you'll notice we have other down here, and that is because we are using standards-based IPSec for these. And so any device that can meet the minimum crypto settings that we require is able to connect into umbrella, give it a tunnel ID and I'm going to copy in a password just so that we make sure we meet all of the complexity requirements. And then I just need to click save, and that's all there is on the umbrella side to configuring our tunnel. So a couple of things to call out here. One is to notice that we didn't need to choose what data center we're going to connect to. So under our data center location here, we can see that some of our other tunnels are connected to various data centers. We didn't have to choose that ahead of time. So when we create a tunnel configuration in umbrella, that configuration is replicated to all of the umbrella data centers. And you can choose when you go to connect that tunnel where the best location is to or you can actually even use DNS and let the network decide where the best location is. And so that's really great. because you don't have to go through the planning steps of figuring out where everything is going to connect. You don't have to contact support to ask where you can connect to. All you do is come in and create your configuration and then you can connect to wherever you need to. And in fact, one of the great benefits of this is that it allows us to have API integrations with our SD-WAN solutions. So as we talked about earlier with SASE and the integration between cloud security and software-defined networking or SD-WAN. We can make it so that you don't even have to come in here and do these configurations, whether you're using Cisco SD-WAN or are you using Meraki SD-WAN, all you have to do is go in and say that you want to use umbrella more or less, and it will automatically create all of the configuration using the APIs, find the closest umbrella data center to connect to and automatically bring that up. And so that makes it really nice and quick and easy to get your -- all of your branch sites connected to umbrella. Now I don't want all of you to have to sit and watch me configure a router to connect up to umbrella. So similar to how they might do on a morning talk show where they put a cold turkey into one oven and then pull a dun turkey out of another. I've already configured our CSR to connect into umbrella. And so if we go over to Workstation 2, we can verify that connectivity. And to do that, we're just going to open our browser, and we can run the same test that we've done on our other devices. So we can do our umbrella, welcome.umbrella and verify that our connectivity is there. We can come in and do our gambling website and verify that, that is blocked. And so we can see that the same policies that we configured for the roaming computer are also being applied to this computer, which is at a branch site behind an IPSec tunnel. And so you can see how it makes it really easy for us to apply the same level of protection to our users no matter where they connect from. Or if we want, we could, of course, give them different levels of protection. So we could allow our roaming computers a bit more freedom in the types of content that they browse to. But if you're on site, then we're going to really lock things down. It really just depends on what your security posture is and what you need to configure. And so before I hand you back over to Tom, I want to spend just a little bit more time in the umbrella dashboard and showing you some of the other features that I don't have time to dive into fully, but I still want to make sure that we take a look at them. And the first of those that I'd like to take a look at is umbrella's next-generation APIs. So if we come down to our API key page, you can see all of the API keys that we have created. And if we go into add one, we can see that we can select the various scopes, the different capabilities that we would like a particular API key to have. So again, I mentioned our API keys in conjunction with the fast deployment methods that we have for our SD-WAN solutions. But these APIs are also available to anyone. And so if you're using another tool for configuration or you're doing your own scripting, to do your configurations, makes it really easy to come in here, create various keys, give them the exact capabilities that you want, whether that's read and write or read-only capabilities and you can also choose when those keys expire. So you don't just have keys that are sitting around with full access to everything. You can come in here, select the different scopes, select the settings that you want and then create those keys. The other thing that I wanted to take a look at from a policy standpoint is our DLP. So Tom covered the multi-mode DLP capabilities and umbrella and how they are integrated together so that you don't have to go to different places to configure them. So if we come down to our data classifications, this is where we can see all of the various DLP classifiers that we've created. So we come into our PII classification here. We can see that we have a variety of built-in data identifiers that you can use. We also support custom identifiers. And then under employee data, we can actually see this is an exact data match identifier. So this is where if you have specific data that you want umbrella to check for maybe that is employee social security numbers or specific e-mails or IP addresses, things like that. So specific data, you don't just want it to check for any e-mail address you wanted to check for specific e-mail addresses, umbrella provides a tool where you can take that data, run it through the indexer. It uploads hashes to umbrella. So we don't actually know the data. We just know the hashes of it, and then you can use that in policies to check for that specific data. And then once we've created our classifications, we can come into our DLP policy. And we can see that we have all of the various rules from our policy. And you'll notice that we have our real-time rules as well as our SaaS API rules. And so this is where we talk about that multimode, the real time versus the API are out of band. And right here, we can see that we have all of our rules together in one policy, we're able to use the same data classifications across them, so it doesn't really matter what -- where the traffic is or where the data is that we're trying to protect. We're able to get easy access to all of that. And up here, we're able to select the type of rule that we want to create when we're doing that. So really nice and easy, again, keeping it all together, all in the same dashboard so that you don't have to jump around to configure things in various places. And if we talk about our reports, so we've got all this traffic going through umbrella, how do we see what that traffic is, that's where our reporting section is for. And you'll notice that we have a variety of pre-configured reports in here. So Tom mentioned the application discovery report when he was talking earlier. So we can see that we have that here where it shows us the various apps that are being detected on our network. And then in our top threats report, this one is really great because it shows us all of the various threats that are being detected on the network and what identities are using them, what those domains are and all the information about it. So if we come into our Trojans, we can see that we have if we know what the exact threat is, we have them listed here. So we come into our Lokibot and then we can come in to learn more and actually see all of the information that umbrella knows about it. So we have a description of what it is. And then if you'll notice these different categories, they actually correspond with the various MITRE ATT&CK framework tactics and techniques. And so we list all that information, we list any exploits that we've seen at using. And so a really great way to come in, get the information, see not only what computers are accessing it, but also get the information that you need to be able to respond to it. And along those lines, the last thing that I want to take a look at is investigate. So we talked earlier about Cisco Talos and about how many researchers are just doing phenomenal work, making sure that all of Cisco's customers are protected from all of the threats that are possible out there on the Internet and investigate is a way for our customers to get access to that threat intelligence. So we can come in here and search for a domain name. And it will bring up all the information that we know about that. So in this case, we can see that it's in the umbrella malware list, we can see the threat that it's associated with. We can see why we're classifying it that way. So the various risk scores that are associated with it. And then all of the information about it that we're seeing. So here, right, we can see this really kind of spiky weird mapping for how it's making its request. We can get a timeline of when umbrella first saw it when we added to the block list when we saw queries for it and everything like that. And so this is a fantastic tool when we are doing threat response, and we want to be able to look at different indicators of compromise and figure out whether a site is malicious or why it's malicious or is something targeting just my network. Or is it targeting everyone, Investegate provides a lot of additional detail and information into that type of research. And so with that, thank you all so much for spending a little bit of time with me, and I am going to hand it back over to Tom.

Chris, thank you very much. I am glad for everybody's sake that you did that instead of me. I want to wrap things up now with a few closing slides before we get to that special offer that I mentioned was going to be available to our attendees today. First, some analyst validation. Frost & Sullivan is a business consulting firm that offers market research and analysis, growth strategy consulting, corporate training, and has about 45 offices in the Americas, Africa, Asia and Europe. It recently named umbrella's Secure Web Gateway as an enabling technology leader award winner for 2022 and they cited 3 main reasons for giving this award. Number 1 is our commitment to innovation. Number 2 is our application diversity, and number 3 is the deep customer involvement that we have in our development process. Even more recognition here from PeerSpot. you may be more familiar with PeerSpot's previous name of IT Central Station. It's what's often described as a buying intelligence platform where users provide reviews and access reviews about B2B enterprise technology capabilities to help themselves and others make informed buying decisions. It also provides online forums, direct Q&A support and more. So it's very validating for Cisco to have real users of our products, giving positive reviews and comments on a platform like this and that it led to Cisco umbrella getting these 3 PeerSpot Gold Awards for Secure Web Gateway, CASB and SASE. And then there's TechValidate. If you're not familiar with TechValidate, it's a survey platform that Cisco and many other companies use to get real verified feedback from customers. In some cases, customers choose from multiple choice options. And in other cases, they can provide free form commentary. Here's the sampling of the feedback that we collected in our survey towards the end of 2022. 65% of responders cited fast and easy deployment as an umbrella benefit. 61% felt that umbrella delivers significantly or moderately faster connections than they had before. 48% said that malware infection reduction was up by 50% to 75%, thanks to umbrella. And when asked how quickly they saw value from their umbrella deployment, 39% said within just one day, 37% said within a week, and 24% said more than a week. Now while those are indeed some pretty good metrics, here are some actual customer testimonials. And I'm going to let you read these on your own while I give some extra context behind each of them. Talent Garden, which is also known as TAG is Europe's leading digital co-working space. Dealing with a new hybrid work environment with employees working in various locations that could require different types of security profiles depending on the circumstances, they needed a cloud-first security strategy, and they chose a solution that included umbrella, Duo, Secure Network Analytics and Cisco Secure endpoint. Cosentino is a global leader in the production and distribution of innovative and sustainable surfaces for architecture and design, and they have a presence in more than 50 countries. They needed a security solution to support hybrid work and being able to innovate from anywhere. They needed it to be flexible and fast for setting up and securing new offices, and it had to be able to safeguard valuable property and critical operations. They chose a solution comprised of umbrella, Meraki SD-WAN and Cisco Secure Firewall to help set them on a course for expanding their SASE strategy. Room & Board is a home furnishings retailer with stores and delivery centers across the United States. They wanted to digitally transform their customer experience, both virtually and in-person, and they needed it to be secure and flexible. The combination of Duo and Umbrella was a really great fit. And as you can see in the quote here, their story is a great example of that modernization transformation that we looked at earlier about moving away from the traditional data center security stack model and moving to a cloud-centric model instead. All right. So we've done an overview of umbrella and how it can fit into an SSE or SASE strategy. Chris gave a great product demo, and we've just looked at some third-party validation with some metrics and some quotes. So what should you do next? For starters, please take a screen chat or a photo of the QR code that you see here so that you can get in on our special offer of free Cisco umbrella socks. I'll give you a few seconds to do this before we move on. I should mention though that at this time, we are able to send Socks only to addresses in the United States, and we apologize if this is an inconvenience. But otherwise, another couple of next steps you can take are to request a custom product demo or a free trial or both. Make sure that you note these 2 URLs here so that you can easily do either one of these options. And then one of our specialists will get in touch with you to help things get moving forward. And now in the few minutes that we have remaining, we will transition to answering some of your questions that have come up during the webinar so far or any nuances that we get. So please keep those questions coming in, if you have any down in the Q&A panel. And thanks very much again for joining us today.

Thank you all for attending today's event. We hope you found it informative and valuable. We also ask that you take a moment to complete the confidential survey when you exit today's webinar. Thank you very much. This concludes our session, and we hope everyone has a wonderful day. Goodbye.