Blog | Security - April 2, 2026


What is changing and why is now the right time?


Imagine this: you've relied on one guard at the entrance to your company for years. He does his job well. He recognizes suspicious visitors and keeps them out. But the infrastructure has changed fundamentally. Employees work from home, on the road and via the cloud. There are a hundred access points instead of one. And that one guard at the front door simply no longer has the oversight your organization needs.


This is the reality facing many IT managers and C-level leaders today. The security foundation is solid, but the architecture is no longer built for the hybrid workplace that is now the standard.

Cisco Secure Access is the answer to this changing reality. Avit helps your organization make this transition, manage it and strategically evolve it. Here's what you need to know.


In this article you will read:


    

  • Why Umbrella is no longer enough
    • 

  • What Cisco Secure Access adds
    • 

  • What this means for your organization
    • 





The context: why Umbrella is no longer enough


Cisco Umbrella has been a reliable foundation for DNS-based network security for many years. The operation is proven and the protection is real. But Cisco has made a strategic choice: the future of cloud-based security lies on a new, integrated platform called Cisco Secure Access.

This is not a replacement without reason. Secure Access builds on Umbrella's strengths and adds a full SASE architecture designed specifically for environments where users, applications and data are everywhere. For IT managers, it means a platform that matches the complexity of modern infrastructure. For the C-suite, it means less risk, better compliance and a security environment that scales with the organization.

Avit guides this transition not as a conduit of technology, but as a strategic partner. We translate the Cisco platform into a security environment that fits your organizational structure, your risk appetite and your compliance requirements.




Continuity: the security foundation you know stays intact


For existing Umbrella users, the transition is intentionally designed to preserve the core. DNS Defense remains fully available: malicious domains are blocked at the DNS level before a connection is established. Phishing, malware callbacks, command-and-control traffic and cryptomining are intercepted at the earliest possible point in the attack chain.

Secure Internet Access also remains available as the security layer for all traffic toward the Internet and SaaS applications. Web gateway, proxy, cloud-delivered firewall and CASB functionality continue to work without interruption.

Avit actively manages this platform from our Managed Service. Policy changes, patch cycles and new threat information are processed by our specialists, not your internal IT team. This keeps the environment current, correctly configured and tuned to what is actually going on in your organization.




Improved detection: from reactive to proactive and contextual


Where Umbrella was strong in blocking known threats at the DNS level, Secure Access goes structurally further. The deeper inspection of Web traffic, advanced malware analysis via sandboxing and extensive CASB and DLP functionality give IT teams a level of detail previously unavailable. Especially for organizations working with sensitive data in Microsoft 365, Salesforce or other SaaS environments, this is an immediate security enhancement.

Integration with Cisco XDR also ensures that signals from multiple security layers are correlated into one cohesive incident picture. Instead of separate alerts, you get context: what happened, how it spread and what action is needed.

This is exactly where Avit Managed Service makes a difference.


Our Security Operations Center monitors your environment 24/7.


Not only to detect incidents, but also to interpret them and initiate the appropriate response. Monthly reports and quarterly reviews ensure that your security strategy moves with a threat landscape that does not stand still.


Secure Private Access: the end of traditional VPN


This is the most sweeping addition for organizations currently running exclusively on Umbrella.

Umbrella focused primarily on securing outbound traffic toward the Internet and SaaS. But access to internal applications, systems running on-premises or residing in a private cloud, was traditionally the domain of VPN. And VPN is an operational bottleneck for most organizations: slow, complex to manage and inherently vulnerable because of the broad network access it provides.

Secure Private Access introduces Zero Trust Network Access (ZTNA) as a structural replacement. Access to internal applications is granted based on identity, device status and context, not network access. Each user gets exactly the access they need for their work. No more, no less. The attack surface for malicious parties is thus structurally reduced.

Avit fully configures and manages this access layer. That includes integration with your Identity Provider such as Entra ID, setting up secure tunnels to private applications, configuring ZTNA policies and making changes as your organization changes. New employees, new applications, changed access policies: Avit takes care of it.




Transition in practice: smooth, scalable and compliant


The transition from Umbrella to Secure Access is designed to keep existing configurations, policies and integrations intact. Avit also adopts brownfield environments, existing Secure Access implementations that are already running somewhere but have never been fully optimized. We bring that environment to the desired level step by step, without disrupting business continuity.


The licensing structure consists of two tiers, each tailored to a different maturity level and risk profile:


Essentials


Covers core functionality: DNS security, secure web access, basic level CASB and firewall. An immediate and significant extension over a standalone Umbrella license.


Advantage


Adds deeper functionality for organizations with higher demands: unlimited sandboxing, advanced IPS protection, full DLP controls and Remote Browser Isolation. Ideal for environments with strict compliance requirements or increased risk profile.

The cost increase is directly proportional to the added value offered.

From a compliance perspective, Secure Access aligns with the requirements of NIS2, DORA and ISO 27001. For C-level leaders who need to be able to demonstrate that their organization is in control, a fully managed Secure Access environment provides a solid foundation. Avit supports both set-up and demonstrability.


Why now? And why with Avit as a management partner?


The threat landscape does not wait. The hybrid workplace is not a temporary situation but the structural reality. A security architecture that is not built on it creates blind spots that you don't see until they are exploited.

Moving to Cisco Secure Access is not a disruptive move. It's a strategically logical move: more visibility across the entire attack surface, more control over access and data flows, and a platform that scales with your organization. But technology is only as strong as the management behind it. Avit provides that management: with dedicated contacts who know your environment, a SOC that is continuously active and a managed service that proactively moves with both new threats and changes in your organization.

No anonymous help desk. No generic approach. But a partner that combines technical expertise with strategic insight.