How have you been able to justify the added cost of umbrella for your organization?
What can you recommend to others for this justification?
If you only have MR and want to offer greater protection or more fine grained content filtering then Umbrella seems reasonable. I can see use cases around guest WiFi as well.
If you have an MX with Advanced Security then I don't see the benefit. The MX already has content filtering.
Have you done a free trial? I would start there. The most basic Umbrella package, Professional has the roaming client which adds security and works off net. Insights adds historical data for incident investigation.
So, to answer your question directly, I would say the roaming client, the additional visibility to security threats and maybe some scare tactics around recent news of ransomware, etc. should help you get buy in from the boss.
A large portion of our workforce is at least partially remote. Heck, I'm remote right now while I wait for something to run.
We use the Umbrella roaming client to ensure people aren't browsing Bad Places on their work devices, without forcing them to use a full tunnel VPN.
Also to think about, it stops issues where power users might be switching their own DNS settings. All in all it is added protection, I would say the best use case is remote workers and or unmanaged devices where you are trying to push your security. Helps enforce company browsing polices on wifi where BYOD are.
Agree to some others pointing out use case is an added level of security on off premises workers. Umbrella is complementing excisting AV and other security solutions. Umbrella Insights package via MSLA is the way to go. You can scale up and down based on usage with a monthly cost which gives additional flexibility what comes to the justification on cost.
@SoCalRacer For what it's worth, when using the roaming client at an MSP, I absolutely recommend allowing your on-site techs to temporarily disable the Umbrella RC. If I'm on a client site, I may need to use specific DNS on their network, and the RC doesn't always pick that up.
We're only allowed to do this so long as we very carefully re-enable it the second we're done.
Everyone else? Install the invisible version and be done with it. We've 100% had people who "didn't want to be spied on" who've left the service turned off. (Who expects privacy on a work PC in the United States?)
I have tested this before as well the Umbrella/Meraki API integration. For what it's worth it actually is easy to use and you can add filtering based on Group Policies within Meraki. It was fun to test and as @SoCalRacer explained:
"Also to think about, it stops issues where power users might be switching their own DNS settings."
I am doing some tests with Umbrella ( API ) using free trial and I can verify when are created inside " Group Policy " the police in Umbrella dashboard never goes to " Active ".
However, if I created integration inside " SSID " I can see policy going " Active ". Did you face something near of it?
I made it and working fine. Fine, that I can see inside of police, but never goes to " Active ".
@mattia here is a sales slick I found: https://www.cisco.com/c/dam/en/us/products/se/2018/11/Collateral/umbrella-aag.pdf
BTW, if anyone wants a free trial, just DM me. I have a partner console and can enable trials on the fly.