Cisco Umbrella is a security product for safe internet access. It is a cloud-delivered solution with lots of security features including DNS-Layer security, Web security, Cloud access security broker (CASB), Cloud Delivered Firewall etc. For more details please check this link.

Umbrella has different packages. A package is a set of Umbrella features bundled based on market, for easy pricing and selling purpose. There are different packages for each segment of market, such as, Packages for Service Providers(SP) — Easy Protect, and Mobile Protect. Packages for Enterprise — DNS Essential, DNS Advantage and SIG Essential. Packages for Managed Service Providers (MSP), Packages for Managed Security Service Providers (MSSP), OpenDNS Home and Small business packages — OpenDNS Family Shield (Free) & OpenDNS Home (Free), OpenDNS VIP Home, OpenDNS Umbrella Prosumer etc.

For more details on package and comparison, please check below links

Cisco Umbrella Package Comparison

Cisco package comparison for Service providers & Distributors

Cisco OpenDNS Family and Small Business packages

Before we talk about different Umbrella consoles, we need to understand how a user account is mapped to an Umbrella packages. Figure: 1 illustrates a logical flow of a user account accessing a package.

Note: This is not an official Cisco diagram. Diagram is only for discussion purpose and may not reflect the actually infrastructure.

A username can assign access privileges to one or more than one Umbrella organization (Org). An Org is an instance of Umbrella and has its own dashboard. Orgs are identified by their name and their organization ID (Org ID). The Org ID is a unique seven-digit number.

Dashboard is a GUI (Graphical User Interface) to interact with the Org instances. Other than dashboard for each Org, Cisco provides Console, a GUI tool to manage multiple organisations through a single instance of the console. There are few variants of consoles. Though they have very similar GUI but the features will be slightly different on each console.

MSSP (Managed Security Service Provider) Console

MSSP console typically for large service providers focused on managed security services for enterprises with security expertise. Usually they have customers with more than 250 employees or more to protect. MSSP Console main features includes centralised Customer Management & Reporting, able to manage Customer & license (MSLA &Term-based), Provide Trials, monitor, convert customers from trial to subscription and centralised configuration settings.

To get started with the MSSP console, first the service provider/partner has to determine Umbrella licensing and then add customer accounts. Service providers/partners have to two license type available on behalf of a customer.

• Term/GPL (Global Price List) — Term licenses are procured through CCW and owned by the customer. Licenses are sold to you ahead of time.
• MSLA — Managed Service License Agreement. A volume-based monthly, post-paid billing model for Managed Service Providers of any kind: MSP, MSSP, or ISPs. Licenses are issued when a customer account is added by the MSSP and at the end of each month Cisco bills you based on the number of licenses — customers added — during that thirty day period. There is no minimum or maximum number of licenses.
• Both — Allows you the option of selecting either Term or MSLA when adding a new customer account.

Please check the link for more details on MSSP requirements for a partner to access MSSP console.

MSP (Manged Service Provider) Console

MSP console are designed for service providers who manages IT services on behalf of a customer. They have fewer than 250 employees to protect per customer. Their security requirements may not complex like MSSP customers. MSP customers may have simple security need to defend them from threats like malware, phishing, ransomware etc. MSP console’s main feature includes centralised Customer Management, Setting & Reporting. Also the console is designed to integrate with the Connectwise and AutoTask PSAs. Also provides you with the information you need to deploy through a Remote Monitoring and Management (RMM) tool.

Unlike MSSP, MSPs can purchase a bucket of seats to allocate and reallocate those seats to customers as best fits their business needs. Because the license is typically blended into a managed service provided by the MSP, it’s owned by the MSP and not the customer.

Umbrella Partner Console (UPC)

UPC is more of a trail management tool. The console is designed for service providers/partners to set up and manage customer free trials and in the end of the trail, provide them with reports showing the threats and vulnerabilities that Umbrella was able to detect and mitigate during their free trial. UP Console feature includes Centralised Reports & Setting and Trail Management.

Please check the link for more details on UPC eligibility.

Mult-Org Console

Multi-org console is not designed for service providers but for an large enterprise. This console is suitable for organisations that are highly distributed but share a common IT group or network security team. As per Umbrella documentation — The Multi-org console is a good fit for these types of organisations: ones divided in structure but with a centralized security team that ensures compliance across all areas. The Console feature includes Centralised Reports & Settings and Org Management. A customer has to purchase separate license for Multi-Org console.

Conclusion

MSSP Console is for large Service Providers/Partners focused on Security managed services.

MSP Console is for small IT managed service providers who manages IT infrastructure behalf of their customer.

UP Console is for Partners to help with Umbrella trail management.

Multi-Org Console is for large enterprise to managed their internal distributed sub-orgs.

SASE is becoming the new buzzword in the IT industry. Secure Access Service Edge (SASE) architecture is a converge of network & network security delivered as-a-Service model. As per Gartner, by 2023, 63% of global MSPs will gain their revenue through digital business infrastructure operations (DBIO) [1]. SASE brings various opportunities and helps Infrastructure MSPs to monetise the new architecture.

Note: In this blog word “MSP” and word “Infrastructure MSP” mean the same.

To support the customer’s digital transformation, Infrastructure MSPs have to step into new arenas. Today, Enterprise IT are built on hybrid-cloud network with workloads in multiple private and public cloud. New applications demand decentralisation of data processing (computing power), which brings the processing closer as much as possible to the customer for low latency and high performance. This change forces MSPs to consider its focus on not only “what” to manage but also to deem “where” to manage.

Cisco can greatly help infrastructure MSPs to start their Journey to capture the changing market and build new DBIO for SASE Managed Services. For security services, Cisco is backed with their industry-leading security portfolio with 100% cloud-based service deployment. For connectivity, everyone knows Cisco is a pioneer in this field. To highlight, one of the recommendations from Gartner, SASE is to have all the services (both network and network security) ideally from one vendor. All this unsurprisingly make Cisco an ideal choice for SASE managed services.

SASE consists of different components, Figure: 1 shows a high-level view of a SASE managed service. Tiers, vaguely to show the different focus areas in the SASE managed service layers. Layers roughly represents each component required to build a SASE managed service. Components provide the flexibility to deploy each layer one-by-one on top with the choice of customer phase. This may make the MSPs to choose their existing managed SD-WAN customers as their primary choice to start the SASE offer.

Layers can also use as a reference to create different SASE packages. Example, Base package may include Services and Connectivity components, whereas Advanced package may include Base package plus Telemetry & Analytics component.

In short, For a SASE managed service.

· Infrastructure MSPs may have to own the underline physical hardware

· Connectivity solutions can co-create with Cisco and managed by MSPs

· Security services are hosted in Cisco cloud and consumed as SaaS

· Optional services (cloud based) can layer on top to differentiate the SASE offer

· Purpose built administrative consoles for MSPs for management

· Integration with MSP’s existing platform to reduce operational complexity

Managed Tier

Traditional managed services or Infrastructure out-sourcing focus is to reduce the IT cost. The infrastructure MSP manage the physical boxes on behalf of their customer’s IT department which includes maintaining the physical availability of the boxes, stacking and racking, managing the life cycle of hardware and software, applying the configuration and policies etc. Though the physical boxes may own and reside in the premises of the customer, this model provides an abstract of a Network-as-a-Service or an Infrastructure-as-a-Service outcome for the customer.

Value-add Tier

The focus on value-add tier is the need of the hour for the infrastructure MSPs. With the proliferation of public cloud, customer’s on-prem workloads are shifting to public cloud. Limiting to manage the end-customers infrastructure and workload may not help to grow the business. As per Gartner, “Infrastructure MSPs that only offer operational management for internal IT environments will fail to grow” [2].

A high percentage of infrastructure MSPs are adapting to the new public cloud environment by helping to manage on-prime legacy infrastructure and cloud applications, operate, migrate legacy applications to cloud. But only few MSPs are brainstorming to leverage the capabilities of cloud technologies & services to create new business opportunities [3]. It is important for the MSPs to move their primary focus from managing a box to providing an outcome-based service, this is the key differentiator. More than keeping customer’s IT infrastructure operational, MSPs should evolve as true business enablers.

Helping customers in their digital business transformation by co-creating new solutions and leading with differentiated offers in the MSPs service catalogue.

Cisco security products have great features, by enabling one and then combining with other advance features may help to create a new offer itself. To provide you an example, A large enterprise on average use 1200+ cloud services and 98% of those are shadow IT apps [4], and 27% of discovered shadow IT apps are classified as high risk [5]. Cisco Umbrella is one of the main products in SASE, has shadow IT feature (depends on the package), MSP can use this feature to create a monthly based report (Eg. Application visibility & Risk audit report) for an extra fee to show the level of cloud service activities and risk associated with each application in a customer organization. Report may help the customer to manage cloud adoption in a secure and organized fashion. In short, it is like turning the humble egg (approx. $1) into a gourmet omelette (approx. $12).

Cisco SD-WAN edge devices are packed with security features. MSPs can use and enable them to differentiate from others. Example, Enable AMP for Network feature, which is the only network-based malware defence in the industry. Having this feature enabled on all SD-WAN edge routers helps to extend the malware threat defence capability from endpoints to the network edge.

Add Threat Intelligence, integrate with customer security stack to provide report on in-depth analytics on threats for a premium rate. Example Using Umbrella Investigate (depends on package), gives the most complete view of the relationships and evolution of internet domains, IPs, and files — helping to pinpoint attackers’ infrastructures and predict future threats [6]

Operational efficiency Tier

Operational efficiency is one of the key tiers in the SASE managed services. Improving operational efficiency helps to increase margins. Most MSPs has the concern about scaling the business mainly due to talent shortage [7] and with pressurize on budget. Keep adding the headcounts is not the only way to manage the scalability problem.

Especially, when the MSP has to deal with multi-vendor platforms and cutting-edge technologies. Hiring experts on every vendor platform or technology may not go well with the profit margins. On top of this, end-customers may demand with unique requirements on different report types, request access privileges and other services may result in having some headcounts dedicated for each account. With all these the MSPs has to keep their pricing very competitive to win new business as well.

Network Operations Centre (NOC) or Security Operations Centre (SOC) employees may need to perform some repeatable tasks. As we all know, automation helps to increase productivity. Automating repeatable tasks helps to save money. Without automation, for a security alert, an engineer may have to login into multiple portals to verify the events to corelate and take a decision to act or to ignore. An engineer may get more such alerts in his/her eight-hour shift, almost half of the may be shift consumed by the manual process. For example, an average $35 per hour for a NOC engineer, 4 hours spend on manual task in a day ($35×4 Hours=$140), in a year ($140×365 days=$51100) per Engineer. Around $50K can be saved by integrating and automating manual tasks.

NOTE: The dollar values showed in the example is an assumption and not accurate.

Traditionally with most Infrastructure MSPs, WAN connectivity such as MPLS, VPN, Internet etc are managed and monitored in NOC and Security related services are manged and monitored in SOC. SASE is a combination of Network and Security Service, which may demand both NOC and SOC to come together with a centralised monitoring centre or tightly integrate both the teams to break the silos.

Leverage the capability of APIs and Open standard STIX/TAXII data formats to automate the exchange of the security events between different tools from both teams. Cisco has rich set of RESTful APIs and support STIX/TAXII to integrate with network and security tools, allow MSPs to automate processes, decreasing response time and gain better visibility of the network. This helps to create a new control-plane for variety of network and security functions of SASE in SOC environment.

Conclusion

SASE brings new revenue opportunities for infrastructure MSPs. Cisco has almost all the components required for an MSP to start SASE managed services Journey.

• Innovate, customize, and deliver business outcomes in ways that an MSP hasn’t been able to in the past.
• Accelerate managed service business value with new revenue streams like SASE and differentiated service offers in your service catalogue.
• Embrace an integrated architectural approach for scalability, stability and performance to deliver high quality customer service
• Gain operational excellence by improving the current operations with more integration between tools and with automation.

References

[1] Gartner, “Managed Services Are Dead, Long Live Managed Services!,” 29 Mar 2019. [Online]. Available: https://blogs.gartner.com/rene-buest/2019/03/29/managed-services-dead-long-live-managed-services/.

[2] Gartner, “Infrastructure MSPs That Only Offer Operational Management of Internal Enterprise IT Environments Will Fail to Grow,” 08 Oct 2019. [Online]. Available: https://blogs.gartner.com/rene-buest/2019/10/08/infrastructure-msps-offer-operational-management-internal-enterprise-environments-will-fail-grow/.

[3] Gartner, “Who Drives Digital Business From the Cloud Through the Edge to the Digital Touchpoint?,” 08 Sep 2018. [Online]. Available: https://blogs.gartner.com/rene-buest/2018/09/08/who-drives-digital-business-from-the-cloud-through-the-edge-to-the-digital-touchpoint/.

[4] Cisco Blogs, “Gartner Report Says Shadow IT Will Result in 1/3 of Security Breaches,” [Online]. Available: https://blogs.cisco.com/cloud/gartner-report-says-shadow-it-will-result-in-13-of-security-breaches.

[5] Help Net Security, “27% of cloud apps are high risk,” [Online]. Available: https://www.helpnetsecurity.com/2016/06/14/risky-cloud-apps/.

[6] Cisco , “Cisco Umbrella Investigate,” [Online]. Available: https://umbrella.cisco.com/products/umbrella-investigate.

[7] Gartner, “Confront the Cybersecurity Talent Shortage,” 23 June 2017. [Online]. Available: https://www.gartner.com/smarterwithgartner/solve-the-cybersecurity-talent-shortage/.