We help IT Professionals succeed at work.

Is cisco umbrella professional [openDNS] a replacement of anti malware

Is cisco umbrella professional [openDNS] a replacement of anti malware, or is it still needed something like anti malwarebytes
Comment
Watch Question

Yuri SpirinSystems Integration
Commented:
DNS service is not a replacement for antimalware. It just adds some layers of security by filtering DNS requests from your network to known malicious sites such as botnet command & control  centers. But if such requests are made from your net it means that the malware is already on your workstations or servers and tries to connect to CC or whatever. DNS filtering may help you to avoid download of malware from malicious sites but it can not help if malware comes to workstation on a flash drive for example.
Exec Consultant
Distinguished Expert 2019
Commented:
It checks the DNS traffic as mostly malware will make that first call and it can be detected early.
Umbrella is not seeking to replace products that try to detect threats by spotting what they look like. Our approach is to block the DNS queries to Internet infrastructure that are used to deliver malware. We find that attackers often reuse the same domain names, DNS nameservers, and IP address spaces to deliver many malware variants and different attacks.
https://umbrella.cisco.com/use-cases/advanced-malware-protection

But it does not stop direct IP access to attacker mothership.

Ultimately the last line of defence is your machine which need the anti malware as baseline security layer. There is more needed in yhe machine.

 The OpenDNS is another Layer to detect in case there is bypass or missed check at the endpoint.
Today, mobile employees bypass their VPN agents for a variety of reasons. If VPNs are not always on, traffic will not always pass over the network’s perimeter where you have deployed security appliances. The only remaining defense for these employees’ devices is traditional endpoint anti-malware, which does not protect against advanced attacks.
Most appropriate to have layer of defense and extend advanced threat protection beyind just endpoint protection especially if you cannot take the extreme strategy to physically separate Internet and intranet network totally.
Abraham DeutschIT professional
Top Expert 2016

Author

Commented:
Thank you