[CONTEST ENDED] Community Challenge: Security

MeredithW
Meraki Alumni (Retired)

Screen Shot 2019-06-07 at 12.18.56 PM.png

 

 

UPDATE: This contest has ended — thanks to everyone who participated! Our 3 shirt winners are @Spack@fragonzalez, and @Brian_Swanson. Congrats!   

 

In the spirit of our recent security webinar and product guide book, for this month’s Community Challenge we want to know: what’s top of mind for you right now in the realm of security? What areas will you likely be focusing your energy on the most in the coming months? Firewalls? Malware? Device management? Cameras to catch the neighbor lady who keeps stealing your door mat?

 

 

Screen Shot 2019-11-05 at 4.47.11 PM.png

 

 

With this challenge, we’re hoping to learn about what’s most important to you when it comes to security so that we can help you do that more effectively in the year ahead!

 

How to enter

In a comment on this post, describe your priorities in the area of security and be entered to win swag! Feel free to use video, diagrams, holograms, anagrams, etc. to help illustrate your response. Submit your thoughts on security in a comment on this blog post before 11 a.m. PST on Monday, November 18th (11/18/2019). We’ll then draw three at random to win a Meraki "I Cloud Manage" t-shirt (available in men's and women's sizes)! Your entries will be public and visible throughout the contest.

 

mrkimaaa010371_1_3.jpg

 

The fine print:

61 Comments
BlakeRichardson
Kind of a big deal

We are right in the midst of planning a "white hack" of our network using an external provider. While I think we have everything covered I am no specialist when it comes to penetration testing. I know that phishing attacks are like shooting fish in a barrell as there will always be someone who takes the bait however I am looking forward to the results we get and to see where we can adjust our policy and procedures.

 

I am also completing my own security audit that looks at everything from firewalls to the physical security of our equipment i.e. cabinets and server rooms. 

 

At the end of the day I am tasked with keeping my network going 24/7 so I have to look at every angle in terms of security. On another exciting note my plan is to increase the number of MV smart cameras we have in 2020.

kYutobi
Kind of a big deal

Cameras are the what we want to concentrate on for this year. They have worked so well for us and keep improving as the time passes. We have also implemented card access for the server rooms and are still trying out different scenarios for the MV32's. 

CptnCrnch
Kind of a big deal

Integration is (and will still be) the magic word for me from a security perspective: especially Umbrella is perfectly complementing MR and MX.

Kevlar
Conversationalist
I think our biggest concern from a security perspective is not people breaking in from the outside, but from our internal users either maliciously or ignorantly creating an attack vector from inside the company walls.
Ensposito
Here to help

Already using our MX, MR and Umbrella, we want to extend our dashboard usage with the cameras...MV.  Loved the demo and want to take security to the next level.

ham737
Here to help

Our focus right now is dealing with Phishing and Spear Phishing emails. the end user is always the weakest link...

Jarped
Conversationalist

MDM is the way to secure the clients. So we are selling all the Meraki hardware together with System Manager

Andrew_Pierce
Comes here often

User knowledge and awareness, especially from phishing attacks from email and cold calls. We're focusing on training courses for all users to detect signs of possible phishing attempts from either of these use cases and forward to the internal security team without downloading items or clicking on anything in the email. This goes hand in hand with managing our secure email gateway and Umbrella to ensure we stay up to date with the best available features and policies for our company.

Thomas-Bgndcom
New here

we are focusing on dns/umbrella and Mitnick Social Engineering. Too many users blindly respond to email and phone calls and text.  Along with add new cameras to the mix

 

tpg

tdj7397
Here to help

Focusing on getting cameras into our line of products offered to have a robust plug and play physical security solution to advertise to our customers. As well as focusing on security as a whole from an organization standpoint - taking a step back and trying to figure out how we can best make sure our service offerings are as secure as possible in a data driven world where vulnerabilities in the technology housing this data can lead to huge losses (monetary, reputation, customer base etc.)

Craig
Conversationalist
Installed a range of MV in our AKL office with good results, catching among other things minor carpark dings, theft of mag wheels from across the road, and someone taking a dump up our driveway. Demo of the new fisheye lens looked good.
MikeinYYC
Comes here often

We'll be focusing on cameras in the new year, looking forward implenting the MV32 to monitor our immediate surroundings

Ly
Just browsing

In regard to security, does Meraki offer Network Access Control services? 

Spack
Getting noticed
I'm with Kevlar. Security is a journey, not a destination. We hire new people all the time. Even though most people have heard me drone on and on about how important it is not to click every link in every email, I still have a new person who has not heard it enough and clicks on that one link that alerts a hacker that immediately logs in and spams every one of his saved contacts. So I want a security appliance, separate from a firewall, to monitor what is going on in my network and look for things like SQL injection, like the guys from Marketing plugging in their xbone 5 and downloading some indi game that has malware on it. Or HR downloading lord knows what from the play store that comes with free malware at no extra cost! There are so many attack vectors now. Every switch needs to watch for and notify of attacks, the WAP's, cameras and firewalls need to be able to fire off an email if they feel like they are under attack, Cloud computing has so many benefits to offer, as long as it's available from wherever the IOT device is.
echin
Conversationalist

My main focus in the coming months in regards to security is mainly network access control. In terms of NAC, our team would like to utilize a form of 802.1x that incorporates SAML. Most of our users authenticate via SAML as opposed to any centralized server like AD. Ideally, we would find some way to do this. 

 

drgnslyr
Getting noticed

Continued work towards better network segmentation and better internal firewall rules.

Alain-Compugen
Conversationalist

Our company recently launched a company-wide cybersecurity awareness training so being aware of what's out there is a very good starting point. Cybercriminals have discovered that people are often the weakest link in the security chain and so they are increasingly turning to social engineering techniques to trick people into unintentionally sharing confidential or private information. 

msmith77
New here

With a growing number of people's identity being stolen I want to focus on creating a safer security environment to protect my information. Whether that be online, or with physical documents. 

GustavoRomero
Conversationalist

For my company, as we are experiencing the security topic trendings today, what is more important is the integration of the diversity of security solutions that impact the security ecosystem.

I think that AMP, IPS, content filtering and MDM are essential, and now with the incorporation of Umbrella the ecosystem in Meraki full stack is growing bolder.

The next step is to continue improving these features, so that more advancer characteristics keep coming and reinforcing the stack.

Lizzie
New here

Camera's is where I will be focusing my efforts this next year. I love the new features and the integration with my existing merakis!

Erich_V
Here to help

For me the question of the implementation of different IoT devices, no matter of cameras or microprocessors and sensors, is in my focus. More and more IoT devices and small solutions are coming our way and all this different solutions needs to be integrated in a complex security concept. Basic conditions has to be defined concerning data handling and transferring. 

 

DustinGray
Just browsing

We are primarily focusing on implementing layers of security from endpoints to across the network using Umbrella, Cisco AMP, Cisco FTDs, ISE, Stealthwatch, and email security with IronPort. I must say we are in a better posture than where we were a few years ago. We are always looking for ways to improve by adding more layers to make us less vulnerable. We perform routine phishing attempts, and educate our users the risks of clicking and opening any and every email they see hit their inbox. 

Ilene
Here to help

Our biggest challenge is to be able to secure our public pcs. Security camera footage and retention policies that are reasonable.

hockeydude
Getting noticed
Integration of network detection and response (NDR) focusing on traffic behavior versus typical IDS/IPS solutions. Data exfiltration is another concern. But the biggest concern by far remains insider threats; aka Sys Admins Gone Wild - Server Room Edition.
Drew_T
Conversationalist

My principle focus is on the solid development of an IRP which we can use for testing/training as often as possible (goal is monthly, acceptable will be quarterly).  I am looking to work with the team to come up with viable scenarios, run through a table top test while rotating the test lead for each iteration.  The goal is to test the plan, but really more importantly to get as many people confident and comfortable with incident response as possible.  We all know its coming at some point or another and the faster the response the better.  Just do it!  (Graphic from Microsoft)

 

Capture.PNG

fragonzalez
Comes here often

Securing the Enterprise

 

A zero-trust approach to securing all access across your applications & environment, from any user, device & location.

 

How risk is different today:Captura de Pantalla 2019-11-12 a la(s) 19.09.41.png

 

TMRoberts
Getting noticed

Our security is more focused on end users. Mostly on what they do and think they do ... So end user training is going to be big. Other than that preventing attacks from outside the company too. Mostly it's what am glad AMP does. ... If they click on a link that goes to a malicious file or server, they get blocked and you get the notification!

Tristan
Conversationalist

We are also focused on end user training (like TMRoberts above) good luck to everyone!!!

CraigP
Comes here often

Loved the demonstration of the new features of the MV Cameras. It was incredible to see what they can do, as standard. They will drive forward physical security to a new level, whilst remaining affordable.

Michael_Venema
Here to help

Right now my main project is implementing Wired 802.1x. The meraki console makes it super easy to enable 802.1x polices on the switch ports as well as define new policies.  The console includes the ability to talk to back to your on prem RADIUS server. All in all Meraki has made the project much easier to get the project completed on time!

DHAnderson
Head in the Cloud

For me, it is coverage from firewalls through to end user training.  I sell a security suite that includes Meraki hardware, email scanning, endpoint protection, computer policy management, Meraki Systems Manager and end user security training.

 

One big advantage of the Meraki Dashboard is that since one signs in with their own credentials, you can see who made what changes.  Also, implementing PCI requirements to change passwords is simple with the Dashboard.  No more changing passwords manually on hardware scattered through the company.  Another big advantage of the Dashboard is that it is easy to push firmware updates out to devices.  And if you ever need to know what firmware a device is running, it is easy to find. It is in these simple ways, Meraki Dashboard helps with basic security.

IanHocking
Comes here often

Integrating the Meraki MX devices with our Trustwave SIEM to offer an enhanced and differentiated managed service in the Oz market. Also, understanding and explaining the difference between Meraki MX Advanced Security license and Umbrella capabilities.

PaintTheNight
Here to help

Would love to wear that tshirt to work. Fingers Crossed.

 

My focus will be segmentation through MX L3 Firewall rules. Very excited for the firewall group functionality announced in the webinar. Nothing special with my implementation - I'll be rolling out outbound FW rules for each of our vlans with a deny all at the bottom followed by specific rules for what they need to access.

RussR
Here to help

would love the shirt!

 

Am currently doing some wireless pen testing using the hak5 pineapple. A lot of other brands AP's seem susceptible to death attacks. 

 

Love the way Meraki is constantly updated over the air.

 

 

Yuya
Here to help

I want to challenge more products,
of course including camera and umbrella!

especially malware solutions.

sheztech
Just browsing

Hi Everyone,

 

our concern now a days are to improve security for our network, we are facing ranson attacks. so we are in initial phase and lot of work to do. i have my CCNA security exam next week. we plan to implement full range of cisco security firewall, switches according to our company need.

 

 

nbentsendk
Conversationalist

Hi

 

Device management security and compliance is and will always be a key factor in any healthy IT infrastructure, but most of all, we need to focus on educating and training our staff and users. 

 

I'm have focus on keeping the security "tight" and keeping the balance so end-users can do they job without complicating the workflow. 

 

 

Franzman
Comes here often

Thanks to Meraki and his Maleware Protection. I put Meraki into a youth project. With the Security Report, I was able to recognize which vulnerable sites my protégés were surfing and could initiate countermeasures.

RussellMoir
Conversationalist

My main security focus is education.  As a small company, I am finding the cost of security very high - so we have to balance the requirement for good security systems against the cost.  Its easy to say that there should be no limitations in budget to protect the company, but that simply isn't a viable option for an SME.  I think it is very important to keep educating users - as attack vectors change and phishing type attacks become more sophisticated.  Balance education (on attack types and of company policy) with good security systems that are within the company budget.  

Swiss
Comes here often

As a consultant its always important for me to step in to be the bigger person when it comes to security. Always when we are implementing things we think if this is secure, but its also important to think how secure does it need to be? if it effect the end-user ? 

 

we are always trying to improve, we try to fix problems without opening backroos.  its important to always think like a hacker, and think how the hacker will try to get into our systems. 

 

Most important thing for me and my company is

2 authentication

Systems always up-to-date

no backdoors, and if it dosent need to connect to the internett shut it off the internett. 

 

 

DarrenOC
Kind of a big deal

I need that T-Shirt as it’ll match the sticker I have on my laptop 😁

 

We’re currently working on a proposal to replace a clients firewall estate.  It will of course include numerous MX’s from the MX68 upto the MX250’s. The deployment will be tied in with Umbrella and AMP.  Customer already has Meraki MR’s and MS’s so looking to complete the full-stack.

 

 

MMoss
Building a reputation

My biggest challenge is trying to catch the next big thing without triggering false positives and making my life and other's more difficult by over managing the network

Andrewbluepiano
Getting noticed

Maintaining insight across the entire network, including into end devices, and managing it all on one platform. Too often you have to aggregate information from multiple platforms to some different management dashboard system. With Meraki HW and SM, it would seem like the perfect solution to be able to monitor security from the dashboard. 

RJordan-CCS
Getting noticed

I try to keep at least a small part of the company's focus on alternatives to the unfortunately mandated use of a certain large northwestern software company's not very secure operating systems and environments, and also the continued unfortunate tendencies to not even look at alternative products and to automatically purchase each new service, system, and application put out by said company with no competitive reviews (or for that matter, any kind of review).  In reality we can only continue to try and wrap those systems and applications with layers of security to offset their own lack of same.

 

I wish I could say we are using Meraki exclusively but there are too many limitations to the VPN support for some of our customers.  At other sites though we've put in partial (Cisco ASA/Meraki) or whole Meraki stacks with excellent results, especially with AMP service licensed, and expect to continue doing so for sites that don't have more involved VPN requirements.  In the future we are pressing for all sites to have AMP licensed and working on their perimeter firewall(s) because it really has proven to be a benefit to the sites that have it despite the high cost.  It remains a very hard sell for small customers because of the cost.

 

I would like to try the cameras, but so far no takers.  Physical security is not really a topic the company gets into.

Reza
Conversationalist

My Company is looking to implement a 2 factor authentication preferably with LDAP integration. I am currently reading into the options available that is supported with Meraki.

BAllen
Here to help

I would really love to see the Anyconnect VPN for the MX Client VPN, or at least an easy to use VPN client for Meraki VPN. The biggest issue I encounter with using the clinet VPN as is that end users have difficulties figuring it out.

TheBigO
Comes here often

MDM and Cisco Umbrella.

Securing and managing our mobile workforces devices has always been a chore.

The cisco product line is filling in the void and streamlining out processes. 

 

Nash
Kind of a big deal

Standardization is my current project. I have dozens of orgs that were built up over 4-5 years, primarily by staff who don't know networking very well.

 

We've got a whole bunch of things that are configured badly, especially on a switch level. I'd like to begin implementing some basic practices (specific approved DHCP servers, access ports by default, network segmentation... other things) in order to create a more stable set of environments.

 

I can't really help with individual user education, due to my role, but I sure can do this.

ensign_fodder
Conversationalist

Reducing internal attack surfaces using Rapid 7 vulnerability scanning, deploying AMP for Endpoints to correlate events from our FirePOWER Management Center network detections with client events (Symantec AV on Windows 10 endpoints), and trying to get Windows 10 biometric logins to work for 802.1x Wired access.

 

FYI - I am the only one working on these goals, not a team, so I think that is more than enough.

JSCheng
Comes here often

I'm have focus on Maleware Protection and Video, hope can increase more function .

 

 

BeachBum
Here to help

 

I'm focusing on MVs for one of our locations that has had a few breaches of the perimeter chain link fence, and also the new MR + Umbrella license.

BrechtSchamp
Kind of a big deal
As a presales guy, I'm less involved in day to day management of networks. For me the focus will therefore be to investigate the new technologies. Looking forward to exploring the new MS390's capabilities and the new object-based firewall feature that is coming soon. I've been meaning to look into Cisco's defense orchestrator too. Does anyone know the SKU for some extra time in a day?
Brian_Swanson
Conversationalist
I believe an important and overlooked aspect of security is protecting a person’s personal images. Too often a person’s account is accessed and people are being forced to release these or pay to keep them private. This technology would blur those images and add another layer of protection.
ensign_fodder
Conversationalist

Winner, Winner, Chicken Dinner?

MeredithW
Meraki Alumni (Retired)

Thanks to everyone for your thoughts on security! Our 3 shirt winners are @Spack@fragonzalez, and @Brian_Swanson. Congrats!

BrechtSchamp
Kind of a big deal

Congrats @Brian_Swanson @Spack and @fragonzalez !

BlakeRichardson
Kind of a big deal

Congrats to the winners, Well done!

Ensposito
Here to help

Hi Meredith!  We are working on hard on getting our users to be the "shield wall" for our company.  We want them to know how important they are to the process of keeping out the bad stuff. 

rburch
Here to help

I just got an email saying to check out this contest but it's over... oops!

MariusCalinescu
Comes here often

Hi Meredith! We are currently looking forward to ingrate vMX into our network for client to be able to use Azure with ease. The fear is with every new product there are unforeseen challenges.

Ilene
Here to help

We are working on hardening our os and also retention periods on our video cameras. We need to set policies and get better pc to be able to utilize the camera feeds