What Cisco Umbrella Can't See: TLS, AI Prompts, and File Uploads at the Endpoint

The short answer

Cisco Umbrella is a DNS resolver with a security layer bolted on. It can decide whether a domain is allowed before the lookup completes, and that is useful. It cannot inspect what happens after the lookup: the URL path, the TLS-encrypted payload, the file someone drops into a SaaS app, the prompt someone pastes into ChatGPT. An endpoint Secure Web Gateway sees all of that because the inspection happens on the device, after the browser asks for content but before any sensitive data leaves. dope.security is the agent-based endpoint SWG that replaces Cisco Umbrella with full URL, TLS, and DLP control, plus AI governance, in a single console.

Where DNS filtering runs out of road

DNS-layer filtering answers one question: should this device be allowed to resolve this hostname. That works when the only threat is a known-bad domain. It stops working the second the threat lives inside a domain that has to be allowed.

OneDrive is allowed. So is Google Drive. So is github.com and chat.openai.com and salesforce.com. Once the hostname is approved, DNS steps off the field. Everything that happens inside that allowed domain, every URL path, every API call, every file uploaded, every prompt typed, is invisible to the resolver. The session is encrypted from end to end and the resolver was never on the path to begin with.

This is the gap that buyers used to tolerate because the alternative was a cloud proxy that backhauled all traffic through a distant data center. That tradeoff is no longer the only option. An agent on the device can do break and inspect locally, see the full request, apply policy, and let the traffic continue direct to the destination.

The four things Cisco Umbrella can't see

1. URL paths inside allowed domains

DNS filtering treats a whole domain as a unit. A user can resolve docs.google.com whether they are reading a public help page or exfiltrating a confidential design doc out of a personal account. The resolver has no opinion on the path. An endpoint SWG sees the full URL after TLS is decrypted on the device and can match the path against policy. That is the difference between "Google is allowed" and "Google is allowed for the corporate tenant and read-only for everything else."

2. TLS-encrypted content

Over 95% of web traffic is HTTPS. DNS sees none of the content. Cisco's intelligent proxy can step into a small slice of risky domains, but it requires backhauling that traffic to Cisco's cloud and the SSL inspection happens there, not on the device. dope.security's Fly Direct architecture does the break and inspect on the endpoint itself. Data does not leave the device for inspection, latency stays low, and policy applies to every HTTPS session the same way.

3. In-app actions and file uploads

The risky action is rarely "user visited Dropbox." It is "user uploaded a 40 MB CSV called customers_full_export.csv to a personal Dropbox." DNS cannot see that. An endpoint SWG paired with an endpoint DLP engine can. Dopamine DLP, our endpoint DLP, intercepts file uploads and inspects them at the moment of egress. It classifies content through zero-retention OpenAI APIs, returns a human-readable Dopamine Summary, and applies one of three modes: Block, Monitor, or Off. The patent on this approach is US 12,464,023. None of this is reachable through a DNS resolver.

4. AI prompts

This is where the gap stops being theoretical. An employee opens ChatGPT and pastes 800 lines of an unreleased earnings memo into a prompt. The session is HTTPS, the domain is allowed, the file did not move because it was a copy and paste. DNS sees a resolution to chat.openai.com and nothing else. Dopamine DLP inspects the prompt itself, classifies it, and can block, monitor, or warn. Cloud Application Control sits on top of that and restricts access to your enterprise ChatGPT and Claude tenants only, so employees cannot log into personal accounts and route around the policy. Together they form the three layers of AI governance: Shadow IT discovery, SWG policy, and CAC tenant control. None of those layers are reachable from a DNS resolver.

"But Umbrella has a SIG component"

It does. Secure Internet Gateway adds a cloud proxy in front of the DNS layer. That gets you TLS inspection and URL filtering at the cost of backhauling traffic through Cisco's data centers. Now you are paying for the DNS license, the SIG license, and the latency of routing a remote user's traffic through Cisco before it reaches the destination. Greylock Partners ran into exactly this on a distributed VC team. The Umbrella SWG component still backhauled, latency was visible to users on the road, and DNS-only enforcement could not see HTTPS content. They moved to dope.security and went from first proposal to signed contract in 27 days. We have written that story up here.

The architectural punchline: if the answer to "DNS isn't enough" is "add a cloud proxy," you are back to the legacy SWG model the industry spent the last five years trying to escape.

What endpoint SWG sees that DNS cannot

dope.SWG runs an agent under 100 MB of RAM on macOS and Windows. The agent does the SSL break and inspect on the device, applies URL filtering against the full path, runs Dopamine DLP against uploads and prompts, and pushes traffic direct to the destination. There is no data center in the middle of the user's session. Policy updates from dope.console push in seconds. A Fortune 100 deployed it on 18,000+ devices in record time. Outreach Health hit 99% of devices in a week and cut web-access-related IT tickets 70% in 90 days. Another Cisco Umbrella migration finished 2,000 machines in two days. None of that requires a new data center, a tunnel, or a six-page deployment manual.

What the endpoint sees that the resolver cannot:

The full URL after decryption, not just the hostname. The body of an HTTPS POST, including form data and JSON payloads. The contents of a file at the moment it is uploaded, with classification by zero-retention LLM API. The text of a prompt sent to ChatGPT, Claude, Gemini, or any LLM the agent recognizes. The tenant the user is logging into, so personal Microsoft 365 accounts can be blocked while the corporate tenant is allowed. The category and risk score of every SaaS app touched by the device, surfaced as Shadow IT.

"What if I just need DNS?"

For a small team with a tight budget and no AI exposure, DNS-layer filtering is fine. It blocks the obvious stuff and keeps a checkbox happy. The moment any of the following is true, DNS is no longer enough:

Employees use generative AI at work. Sensitive data lives in SaaS apps that everyone has to access. The workforce is hybrid or remote. The compliance regime asks for content-level DLP, not just URL blocklists. Personal accounts on consumer apps need to be separated from corporate accounts. Any one of those crosses the line, and the answer stops being "more DNS." It becomes "an endpoint SWG with DLP and AI governance."

The migration is shorter than the renewal

If you are facing a Cisco Umbrella renewal in the next 90 days, the cleanest move is to deploy dope.security in parallel with Umbrella still live, push the agent through your existing MDM, and run both side by side for a week. You will see what Umbrella was missing in your own data, not in a vendor's deck. Greylock did it in 27 days from first conversation to signature. A separate Cisco Umbrella customer migrated 2,000 endpoints in two days once they decided. We wrote up the broader DNS-is-not-enough thesis here and the side-by-side product comparison here.

If you would rather skip the deck and just see the agent on a device, book a 20-minute demo. We will show you a URL path, a TLS session, a file upload, and an AI prompt being inspected on the endpoint while traffic still flies direct.

The bottom line

DNS-layer filtering is a perimeter for hostnames. It cannot inspect URL paths, TLS-encrypted content, file uploads, or AI prompts. Those are the controls modern security teams are being asked to deliver. An agent-based endpoint SWG sees all of them and applies policy on the device, before sensitive data leaves. dope.security is that endpoint SWG, with Dopamine DLP, Cloud Application Control, and CASB Neural in the same console. If you are still running Cisco Umbrella as the front line, you are protecting a surface that is no longer where the risk lives.