Feedback Needed [cross-posted] - Upcoming Threat Protection eLearning Module

chrisandrews
Meraki Employee
Meraki Employee

Feedback Needed [cross-posted] - Upcoming Threat Protection eLearning Module

Hey Meraki Community,

 

The Meraki Learning Team is working on a new module titled "Enabling Threat Protection on a Security Appliance" for our Security & SD-WAN Fundamental Implementation course, and we’d LOVE your feedback.


Review the draft video outline below and provide your input.
Here's what we're looking for in your feedback on this video outline:

  • Are the essential features for a beginner clearly covered?
  • What are common issues with AMP and IDP/IPS that we should address?
  • Should we add any topics not currently in the video?
  • Any other suggestions for improvement?

 

Please post your comments here. Your insights are valuable and will shape our educational content.

 

Video Outline:

Scene 1

Intro

  • Introduce AMP and how it can protect your network from malicious file downloads
    • Include examples of what file types AMP can protect against (PDF, zip, ELF linux executable)
  • Introduce IDS/IPS and how it uses Cisco SNORT to monitor traffic for malicious activity against cyber attacks.
    • Mention that traffic inspection only occurs for flows between LAN and WAN, and traffic between VLANs. Does not occur on traffic between clients in same subnet
  • Where to navigate to for Threat Protection options (Security & SD-WAN > Threat Protection)

Scene 2

Threat Protection (AMP)

  • Show how to enable to AMP
    • Only malicious are blocked
    • Clean and unknown downloaded
    • Inform that with AMP cloud unknown files can be retroactively categorized as malicious
  • Show how to configure aspects of AMP
    • Allowed URLs List
      • Explain how to allow subdomains with asterisk
    • Allowed SHA256 File Hashes
      • Mention there are tools online to find this hash value, and that with the CLI on your operating system you can find the value too.

Scene 3

Threat Protection (IDS/IPS)

  • Show how to Enable IDS/IPS
    • Explain difference between Detection and Prevention
    • Explain the different rulesets (Security, Balanced, Connectivity)
  • Configure IDS Allow Rule
    • Explain why you may need to do this and and how to configure 

Scene 4

Security Center

  • Navigate to Security Center 
    • Show how to filter for AMP events
    • Show how to filter for IDS events


Chris Andrews
Senior UX Researcher
Cisco Meraki  | Product Enablement

2 Replies 2
PhilipDAth
Kind of a big deal
Kind of a big deal

Scene 1: Perhaps mention that AMP can not inspect encrypted traffic flows (you could mention Umbrella for that requirement).  For IPS you should mention that AutoVPN traffic is not protected.

 

Scene 4: Perhaps add in how to schedule a monthly security report to be emailed to the user.

chrisandrews
Meraki Employee
Meraki Employee

Thanks Philip!

Get notified when there are additional replies to this discussion.