UPDATE: This contest has ended — thanks to everyone who participated! Our 3 shirt winners are @Spack, @fragonzalez, and @Brian_Swanson. Congrats!
In the spirit of our recent security webinar and product guide book, for this month’s Community Challenge we want to know: what’s top of mind for you right now in the realm of security? What areas will you likely be focusing your energy on the most in the coming months? Firewalls? Malware? Device management? Cameras to catch the neighbor lady who keeps stealing your door mat?
With this challenge, we’re hoping to learn about what’s most important to you when it comes to security so that we can help you do that more effectively in the year ahead!
In a comment on this post, describe your priorities in the area of security and be entered to win swag! Feel free to use video, diagrams, holograms, anagrams, etc. to help illustrate your response. Submit your thoughts on security in a comment on this blog post before 11 a.m. PST on Monday, November 18th (11/18/2019). We’ll then draw three at random to win a Meraki "I Cloud Manage" t-shirt (available in men's and women's sizes)! Your entries will be public and visible throughout the contest.
The fine print:
We are right in the midst of planning a "white hack" of our network using an external provider. While I think we have everything covered I am no specialist when it comes to penetration testing. I know that phishing attacks are like shooting fish in a barrell as there will always be someone who takes the bait however I am looking forward to the results we get and to see where we can adjust our policy and procedures.
I am also completing my own security audit that looks at everything from firewalls to the physical security of our equipment i.e. cabinets and server rooms.
At the end of the day I am tasked with keeping my network going 24/7 so I have to look at every angle in terms of security. On another exciting note my plan is to increase the number of MV smart cameras we have in 2020.
Cameras are the what we want to concentrate on for this year. They have worked so well for us and keep improving as the time passes. We have also implemented card access for the server rooms and are still trying out different scenarios for the MV32's.
Integration is (and will still be) the magic word for me from a security perspective: especially Umbrella is perfectly complementing MR and MX.
Already using our MX, MR and Umbrella, we want to extend our dashboard usage with the cameras...MV. Loved the demo and want to take security to the next level.
Our focus right now is dealing with Phishing and Spear Phishing emails. the end user is always the weakest link...
MDM is the way to secure the clients. So we are selling all the Meraki hardware together with System Manager
User knowledge and awareness, especially from phishing attacks from email and cold calls. We're focusing on training courses for all users to detect signs of possible phishing attempts from either of these use cases and forward to the internal security team without downloading items or clicking on anything in the email. This goes hand in hand with managing our secure email gateway and Umbrella to ensure we stay up to date with the best available features and policies for our company.
we are focusing on dns/umbrella and Mitnick Social Engineering. Too many users blindly respond to email and phone calls and text. Along with add new cameras to the mix
Focusing on getting cameras into our line of products offered to have a robust plug and play physical security solution to advertise to our customers. As well as focusing on security as a whole from an organization standpoint - taking a step back and trying to figure out how we can best make sure our service offerings are as secure as possible in a data driven world where vulnerabilities in the technology housing this data can lead to huge losses (monetary, reputation, customer base etc.)
We'll be focusing on cameras in the new year, looking forward implenting the MV32 to monitor our immediate surroundings
In regard to security, does Meraki offer Network Access Control services?
My main focus in the coming months in regards to security is mainly network access control. In terms of NAC, our team would like to utilize a form of 802.1x that incorporates SAML. Most of our users authenticate via SAML as opposed to any centralized server like AD. Ideally, we would find some way to do this.
Continued work towards better network segmentation and better internal firewall rules.
Our company recently launched a company-wide cybersecurity awareness training so being aware of what's out there is a very good starting point. Cybercriminals have discovered that people are often the weakest link in the security chain and so they are increasingly turning to social engineering techniques to trick people into unintentionally sharing confidential or private information.
With a growing number of people's identity being stolen I want to focus on creating a safer security environment to protect my information. Whether that be online, or with physical documents.
For my company, as we are experiencing the security topic trendings today, what is more important is the integration of the diversity of security solutions that impact the security ecosystem.
I think that AMP, IPS, content filtering and MDM are essential, and now with the incorporation of Umbrella the ecosystem in Meraki full stack is growing bolder.
The next step is to continue improving these features, so that more advancer characteristics keep coming and reinforcing the stack.
Camera's is where I will be focusing my efforts this next year. I love the new features and the integration with my existing merakis!
For me the question of the implementation of different IoT devices, no matter of cameras or microprocessors and sensors, is in my focus. More and more IoT devices and small solutions are coming our way and all this different solutions needs to be integrated in a complex security concept. Basic conditions has to be defined concerning data handling and transferring.
We are primarily focusing on implementing layers of security from endpoints to across the network using Umbrella, Cisco AMP, Cisco FTDs, ISE, Stealthwatch, and email security with IronPort. I must say we are in a better posture than where we were a few years ago. We are always looking for ways to improve by adding more layers to make us less vulnerable. We perform routine phishing attempts, and educate our users the risks of clicking and opening any and every email they see hit their inbox.
Our biggest challenge is to be able to secure our public pcs. Security camera footage and retention policies that are reasonable.
My principle focus is on the solid development of an IRP which we can use for testing/training as often as possible (goal is monthly, acceptable will be quarterly). I am looking to work with the team to come up with viable scenarios, run through a table top test while rotating the test lead for each iteration. The goal is to test the plan, but really more importantly to get as many people confident and comfortable with incident response as possible. We all know its coming at some point or another and the faster the response the better. Just do it! (Graphic from Microsoft)
Securing the Enterprise
A zero-trust approach to securing all access across your applications & environment, from any user, device & location.
How risk is different today:
Our security is more focused on end users. Mostly on what they do and think they do ... So end user training is going to be big. Other than that preventing attacks from outside the company too. Mostly it's what am glad AMP does. ... If they click on a link that goes to a malicious file or server, they get blocked and you get the notification!
We are also focused on end user training (like TMRoberts above) good luck to everyone!!!
Loved the demonstration of the new features of the MV Cameras. It was incredible to see what they can do, as standard. They will drive forward physical security to a new level, whilst remaining affordable.
Right now my main project is implementing Wired 802.1x. The meraki console makes it super easy to enable 802.1x polices on the switch ports as well as define new policies. The console includes the ability to talk to back to your on prem RADIUS server. All in all Meraki has made the project much easier to get the project completed on time!
For me, it is coverage from firewalls through to end user training. I sell a security suite that includes Meraki hardware, email scanning, endpoint protection, computer policy management, Meraki Systems Manager and end user security training.
One big advantage of the Meraki Dashboard is that since one signs in with their own credentials, you can see who made what changes. Also, implementing PCI requirements to change passwords is simple with the Dashboard. No more changing passwords manually on hardware scattered through the company. Another big advantage of the Dashboard is that it is easy to push firmware updates out to devices. And if you ever need to know what firmware a device is running, it is easy to find. It is in these simple ways, Meraki Dashboard helps with basic security.
Integrating the Meraki MX devices with our Trustwave SIEM to offer an enhanced and differentiated managed service in the Oz market. Also, understanding and explaining the difference between Meraki MX Advanced Security license and Umbrella capabilities.
Would love to wear that tshirt to work. Fingers Crossed.
My focus will be segmentation through MX L3 Firewall rules. Very excited for the firewall group functionality announced in the webinar. Nothing special with my implementation - I'll be rolling out outbound FW rules for each of our vlans with a deny all at the bottom followed by specific rules for what they need to access.
would love the shirt!
Am currently doing some wireless pen testing using the hak5 pineapple. A lot of other brands AP's seem susceptible to death attacks.
Love the way Meraki is constantly updated over the air.
I want to challenge more products,
of course including camera and umbrella!
especially malware solutions.
our concern now a days are to improve security for our network, we are facing ranson attacks. so we are in initial phase and lot of work to do. i have my CCNA security exam next week. we plan to implement full range of cisco security firewall, switches according to our company need.
Device management security and compliance is and will always be a key factor in any healthy IT infrastructure, but most of all, we need to focus on educating and training our staff and users.
I'm have focus on keeping the security "tight" and keeping the balance so end-users can do they job without complicating the workflow.
Thanks to Meraki and his Maleware Protection. I put Meraki into a youth project. With the Security Report, I was able to recognize which vulnerable sites my protégés were surfing and could initiate countermeasures.
My main security focus is education. As a small company, I am finding the cost of security very high - so we have to balance the requirement for good security systems against the cost. Its easy to say that there should be no limitations in budget to protect the company, but that simply isn't a viable option for an SME. I think it is very important to keep educating users - as attack vectors change and phishing type attacks become more sophisticated. Balance education (on attack types and of company policy) with good security systems that are within the company budget.
As a consultant its always important for me to step in to be the bigger person when it comes to security. Always when we are implementing things we think if this is secure, but its also important to think how secure does it need to be? if it effect the end-user ?
we are always trying to improve, we try to fix problems without opening backroos. its important to always think like a hacker, and think how the hacker will try to get into our systems.
Most important thing for me and my company is
Systems always up-to-date
no backdoors, and if it dosent need to connect to the internett shut it off the internett.
I need that T-Shirt as it’ll match the sticker I have on my laptop 😁
We’re currently working on a proposal to replace a clients firewall estate. It will of course include numerous MX’s from the MX68 upto the MX250’s. The deployment will be tied in with Umbrella and AMP. Customer already has Meraki MR’s and MS’s so looking to complete the full-stack.
My biggest challenge is trying to catch the next big thing without triggering false positives and making my life and other's more difficult by over managing the network
Maintaining insight across the entire network, including into end devices, and managing it all on one platform. Too often you have to aggregate information from multiple platforms to some different management dashboard system. With Meraki HW and SM, it would seem like the perfect solution to be able to monitor security from the dashboard.
I try to keep at least a small part of the company's focus on alternatives to the unfortunately mandated use of a certain large northwestern software company's not very secure operating systems and environments, and also the continued unfortunate tendencies to not even look at alternative products and to automatically purchase each new service, system, and application put out by said company with no competitive reviews (or for that matter, any kind of review). In reality we can only continue to try and wrap those systems and applications with layers of security to offset their own lack of same.
I wish I could say we are using Meraki exclusively but there are too many limitations to the VPN support for some of our customers. At other sites though we've put in partial (Cisco ASA/Meraki) or whole Meraki stacks with excellent results, especially with AMP service licensed, and expect to continue doing so for sites that don't have more involved VPN requirements. In the future we are pressing for all sites to have AMP licensed and working on their perimeter firewall(s) because it really has proven to be a benefit to the sites that have it despite the high cost. It remains a very hard sell for small customers because of the cost.
I would like to try the cameras, but so far no takers. Physical security is not really a topic the company gets into.
My Company is looking to implement a 2 factor authentication preferably with LDAP integration. I am currently reading into the options available that is supported with Meraki.
I would really love to see the Anyconnect VPN for the MX Client VPN, or at least an easy to use VPN client for Meraki VPN. The biggest issue I encounter with using the clinet VPN as is that end users have difficulties figuring it out.
MDM and Cisco Umbrella.
Securing and managing our mobile workforces devices has always been a chore.
The cisco product line is filling in the void and streamlining out processes.
Standardization is my current project. I have dozens of orgs that were built up over 4-5 years, primarily by staff who don't know networking very well.
We've got a whole bunch of things that are configured badly, especially on a switch level. I'd like to begin implementing some basic practices (specific approved DHCP servers, access ports by default, network segmentation... other things) in order to create a more stable set of environments.
I can't really help with individual user education, due to my role, but I sure can do this.
Reducing internal attack surfaces using Rapid 7 vulnerability scanning, deploying AMP for Endpoints to correlate events from our FirePOWER Management Center network detections with client events (Symantec AV on Windows 10 endpoints), and trying to get Windows 10 biometric logins to work for 802.1x Wired access.
FYI - I am the only one working on these goals, not a team, so I think that is more than enough.
I'm have focus on Maleware Protection and Video, hope can increase more function .
I'm focusing on MVs for one of our locations that has had a few breaches of the perimeter chain link fence, and also the new MR + Umbrella license.
Winner, Winner, Chicken Dinner?
Thanks to everyone for your thoughts on security! Our 3 shirt winners are @Spack, @fragonzalez, and @Brian_Swanson. Congrats!
Congrats to the winners, Well done!
Hi Meredith! We are working on hard on getting our users to be the "shield wall" for our company. We want them to know how important they are to the process of keeping out the bad stuff.
I just got an email saying to check out this contest but it's over... oops!
Hi Meredith! We are currently looking forward to ingrate vMX into our network for client to be able to use Azure with ease. The fear is with every new product there are unforeseen challenges.
We are working on hardening our os and also retention periods on our video cameras. We need to set policies and get better pc to be able to utilize the camera feeds