Cisco Umbrella Outages (2018-2025)

Learn about the most significant Cisco Umbrella outages from 2018 to present.

· 9 min read
Cisco Umbrella Outages (2018-2025)

Cisco Umbrella is a cloud-based security platform that provides protection against a wide range of online threats, including malware, phishing, and other malicious activities. It operates primarily as a secure DNS (Domain Name System) service, which means it helps to block malicious websites before a connection is established, preventing devices from interacting with harmful sites or domains.

Key features of Cisco Umbrella vary depending on the package chosen, but they can include:

  1. DNS Layer Security: Umbrella uses DNS to block connections to malicious domains and IP addresses, helping to prevent users from accessing harmful content or inadvertently downloading malware.
  2. Content Filtering: Organizations can set policies to block or allow access to specific categories of websites (e.g., gambling, adult content) based on the organization’s needs.
  3. Cloud-delivered Firewall: Cisco Umbrella provides a cloud-based firewall to filter traffic, monitor and block threats at the network edge, and enforce security policies across remote offices and devices.
  4. Threat Intelligence: The platform uses Cisco’s global threat intelligence to identify and block emerging threats based on real-time data collected from Cisco’s vast security network.
  5. Mobile and Remote Protection: Because it’s cloud-based, Cisco Umbrella works effectively across various devices and locations, providing protection for users on mobile devices or working remotely, even if they’re outside the corporate network.
  6. Visibility and Reporting: Cisco Umbrella offers detailed reporting, giving organizations visibility into which sites users are accessing and the types of threats being blocked.

Cisco Umbrella is designed to provide proactive security at the DNS level and beyond, making it an important part of an organization's cybersecurity strategy.

Cisco Umbrella Outages & Problems

Although Cisco is a reputable company that provides reliable equipment and services, not everything runs smoothly all the time. Even the most trusted platforms can—and do—fail.

Cisco Umbrella has experienced a string of major outages and vulnerabilities over the years, some of which left organizations unprotected at critical moments. For businesses that rely on it as a first line of defense, these incidents are a reminder that cloud-based security solutions aren’t immune to disruption—and when they go down, the risks can be immediate and costly.

Here are the biggest Cisco Umbrella outages that have occurred since the service’s current incarnation came into being in 2015.

1. API Unauthorized Access Vulnerability Disclosure

September 5, 2018

  • Event: A vulnerability was identified in the Cisco Umbrella API, allowing authenticated, remote attackers to view and modify data across organizations.
  • Length of Outage: The vulnerability was disclosed and patched within hours.
  • People Affected: Organizations using Cisco Umbrella’s API.
  • Monetary Loss: Not publicly disclosed, but potential for data loss and exposure.
  • Details: The vulnerability exposed critical data and configurations of Cisco Umbrella users, raising serious concerns about the integrity and confidentiality of sensitive business information. The potential for attackers to manipulate API data and configurations could have led to unauthorized access to protected networks, resulting in severe reputational damage, compliance violations, and substantial financial losses.  

2. Customers Lost Access To Their Dashboards

January 5, 2021

  • Event: While the Cisco Umbrella service continued to operate, users reported they were unable to access their individual consoles to control and monitor their service. 
  • Length of Outage: The issue lasted for approximately 6.5 hours.
  • People Affected: Cisco Umbrella Help Desk staff received multiple queries about inexplicable loss of access.
  • Monetary Loss: The DNS service continued to operate, and only a few customers were affected.
  • Details: Support technicians worked with users and determined that these access blocks were not caused by credentials entry errors. The team worked for more than six hours to resolve what seems to have been a problem with the Cisco Umbrella interface’s access rights manager. 

3. A Root Certificate Expiration for SSL Knocked Out Cisco Umbrella and Other Services

September 30, 2021

  • Event: An SSL root certificate expired, invalidating the connection security for many large enterprises, including Cisco Umbrella.
  • Length of Outage: The outage lasted approximately 3 hours.
  • People Affected: Cisco Umbrella users; some directly while others were impacted through loss of access to Cisco Umbrella services.
  • Monetary Loss: The outage was resolved by a workaround within a few hours. However, the event would still have had financial consequences for many businesses.
  • Details: The incident occurred because the Let's Encrypt R3 root certificate expired, and some systems, including certain configurations in Cisco Umbrella, had not properly updated to accommodate the new root certificate, which caused the validation failures. Cisco and other affected service providers pushed out updates to refresh and integrate the new ISRG Root X1 certificate chain, which replaced the expired R3 root certificate.

4. Cabling Provider Issue Causes Transport Blockage

October 14, 2021

  • Event: A traffic carrier used by Cisco for its Umbrella system failed. This was a major route for Internet traffic across the Atlantic and affected many other businesses, not just Cisco.
  • Length of Outage: The outage lasted for approximately 7 hours, from around 6:00 AM UTC until roughly 1:00 PM UTC. During this period, the service was either partially or fully unavailable.
  • People Affected: The outage throttled transatlantic traffic. However, because of the interdependent nature of online services, customers in other parts of the world were also affected. 
  • Monetary Loss: The monetary loss from the Cisco Umbrella outage is difficult to estimate precisely, as it would depend on the number of affected businesses and the nature of their operations. However, the downtime caused by the outage resulted in lost productivity for companies relying on the platform for critical security functions. 
  • Details: The outage was caused by a technical issue within Cisco Umbrella's cloud infrastructure, which led to widespread DNS resolution failures. Cisco reported that the issue was tied to a misconfiguration that affected the main transatlantic trunk line for traffic. As a result, affected users were unable to resolve DNS queries, leading to interruptions in internet access. However, Cisco dealt with the problem by rerouting traffic via other paths.

5. Cloud Service Provider Outage Impacting Cisco Umbrella

December 6, 2021

  • Event: A major outage at AWS disrupted the policy enforcement and logging system of Cisco Umbrella. This caused some users to be blocked, while others experienced long delays in service. 
  • Length of Outage: The outage lasted approximately 4.5 hours.
  • People Affected: Cisco Umbrella’s customers globally, but especially users on the US east coast, where the AWS data center was involved in supporting the Cisco Umbrella service.
  • Monetary Loss: Organizations experienced productivity losses, as some were unable to access critical resources, and potential exposure to cyber threats increased due to the temporary gap in protection.
  • Details: This outage emphasized the vulnerabilities inherent in multi-cloud strategies, where reliance on external providers can lead to unexpected risks. Businesses heavily dependent on Umbrella for threat prevention were left exposed during this period, risking cyberattacks such as phishing, malware infections, or ransomware.
🧑‍💻
Concerned about Cisco Umbrella outages? Book a Demo to learn how Control D keeps you protected👇

6. Cloudflare and Cisco Umbrella Interruption

March 18, 2022

  • Event: A temporary disruption occurred for a range of IP addresses, including Cloudflare and Cisco Umbrella, impacting users' access to services and security protections.
  • Length of Outage: Approximately 4 hours.
  • People Affected: Users relying on Cloudflare and Cisco Umbrella faced difficulties accessing sites and services, particularly those in critical sectors.
  • Monetary Loss: While exact figures weren’t disclosed, businesses relying on these services for secure, high-availability operations could have suffered revenue loss.
  • Details: This disruption was caused by a third-party that issued incorrect routes to many destinations, including Cloudflare and Cisco Umbrella/OpenDNS. This error propagated, resulting in many users – even those not in the same global region as the error – failing to get their DNS queries answered.

7. Blocking of Traffic from Russia and Belarus

August 1, 2022

  • Event: Cisco Umbrella blocked all traffic originating from Russia and Belarus in response to geopolitical tensions, especially the invasion of Ukraine.
  • Length of Outage: This was a long-term change, implemented as a response to the situation.
  • People Affected: Users in Russia and Belarus attempting to access services through Cisco Umbrella were impacted.
  • Monetary Loss: Not specified, but businesses and users in the affected regions may have faced challenges accessing services.
  • Details: Cisco Umbrella’s decision to block traffic from Russia and Belarus was a necessary geopolitical response, but it created a significant barrier for many users and organizations in these regions. As businesses and critical services faced outages, users were left without access to essential security tools. This action also raised concerns about censorship and how global cybersecurity policies could lead to unforeseen consequences for innocent users in politically sensitive areas.

8. Singapore Slow or Intermittent DNS Resolution Service

August 24, 2023

  • Event: Cisco Umbrella experienced a DNS resolution outage in Singapore due to a configuration issue within their local data center, affecting services reliant on Umbrella's DNS infrastructure.
  • Length of Outage: The outage took the form of packet loss, creating slow or broken connections and lasted from August 24 to September 11, 2023.
  • People Affected: Users in Singapore and those connected through the affected data center experienced DNS resolution failures and access issues to Umbrella-secured services.
  • Details: For many days, Cisco claimed that the problem was caused by local Internet Service Providers and not the Cisco Umbrella DNS service. The issue was resolved after corrective measures were implemented, restoring DNS functionality and service availability for affected customers.

9. Global DDoS Attack Utilizing Umbrella Services

May 20, 2024

  • Event: A massive distributed denial of service (DDoS) attack targeted the Cisco Umbrella/OpenDNS global infrastructure, overwhelming servers with traffic to generate a reflection attack on others
  • Length of Outage: The attack lasted several hours, peaking at a critical point, but Umbrella’s mitigation measures helped limit damage.
  • People Affected: Both users of Cisco DNS services and random external parties who became targets of the attacks that were bounced off the Cisco OpenDNS service. 
  • Monetary Loss: Financial losses were likely significant for businesses unable to access essential security protections, though specific figures were not disclosed.
  • Details: This was a DNS pulsing attack that triggered procedures to deal with a lengthening queue and resulted in amplified traffic being sent to innocent third parties. The attack vulnerability was discovered by Xiang Li of Tsinghua University NISL Lab.

10. Umbrella DNS Endpoint Disruption

June 2, 2024

  • Event: Cisco Umbrella experienced issues with its DNS endpoints, particularly 208.67.220.220 and 208.67.222.222, causing disruptions.
  • Length of Outage: The incident lasted about 45 minutes to several days, with the longest being 6 days.
  • People Affected: Users of Cisco Umbrella experienced intermittent connectivity issues.
  • Monetary Loss: Not specified.
  • Details: The disruption of Cisco Umbrella DNS endpoints raised major concerns about the platform’s reliability, especially given the extended duration of the outage for some users. As businesses rely heavily on Umbrella to block malicious sites and safeguard users from online threats, this disruption left many unprotected for several days.  

11. Disabling of Weak Ciphers

November 21, 2024

  • Event: Cisco disabled weak ciphers on Umbrella servers as part of a security improvement.
  • Length of Outage: The impact lasted several hours during the update process.
  • People Affected: Users on older operating systems (e.g., Windows XP, Windows 7) and those using outdated browsers (e.g., Internet Explorer 11) experienced service issues.
  • Monetary Loss: Not disclosed, but businesses relying on older tech faced connectivity problems.
  • Details: Disabling weak ciphers introduced compatibility issues for organizations still relying on outdated systems and browsers. For users on older operating systems or those who hadn’t updated their configurations, this created an immediate service interruption. The disruption exposed a hidden vulnerability in many enterprise environments where legacy systems are still in use.

12. Major DNS Failover Issue Impacting Umbrella's Global Network

January 19, 2025

  • Event: A failure in the DNS failover mechanism, caused by a misconfiguration in Cisco Umbrella’s DNS infrastructure, led to service disruptions globally.
  • Length of Outage: The outage lasted approximately 4 hours.
  • People Affected: Users worldwide, particularly in sectors relying on secure DNS filtering, experienced difficulty accessing websites, facing slower connection speeds, or intermittent service disruptions.
  • Monetary Loss: Businesses experienced productivity loss due to reduced network functionality, with some facing downtime or inability to access essential cloud-based services.
  • Details: A failure in DNS services is one of the most feared cybersecurity events, as DNS is essential for routing web traffic. The incident caused widespread connectivity issues, leaving many organizations vulnerable to cyberattacks, and raising concerns about the reliability of DNS failover systems under high-traffic conditions. This failure highlighted the importance of maintaining failover mechanisms.

The History of Cisco Umbrella

Cisco Umbrella, originally known as OpenDNS, was founded in 2006 by David Ulevitch to provide cloud-based DNS services for improved internet security. OpenDNS quickly gained popularity for its ability to block malicious websites and improve network performance. 

In 2015, Cisco acquired OpenDNS, rebranding it as Cisco Umbrella. This acquisition allowed Umbrella to integrate with Cisco’s broader security portfolio, enhancing its capabilities and extending protection to networks, users, and devices both on-site and remotely, strengthening its role in modern cybersecurity.

Umbrella has expanded its capabilities beyond DNS security, integrating into Cisco's broader cybersecurity portfolio. It now offers a comprehensive cloud-delivered solution that provides advanced threat intelligence, secure internet access, and protection against malicious activity across networks, devices, and remote users. 

Cisco Umbrella now uses machine learning and analytics to detect and block threats in real time, helping organizations proactively defend against cyberattacks. With continuous innovation, it has become a key component of Cisco’s security offerings, trusted by businesses worldwide for enhanced protection.

Blocks threats, unwanted content, and ads on all devices within minutes

Secure, Filter, and Control Your Network

Control D is a modern and customizable DNS service that blocks threats, unwanted content and ads - on all devices. Onboard in minutes, and forget about it.

Deploy Control D in minutes on your device fleet using any RMM

Block malware, harmful content, trackers and ads in seconds

Go beyond blocking with privacy features