cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Community Challenge: Ready, Get set....

Community Manager

 

 

UPDATE 20 Feb 2018: WHOOPS! My first email today linked to the wrong place! Please check out the February Community Challenge instead. Thanks, ya'll! <FACEPALM! />

 

 

 

--------

Go!… the Meraki Community team is launching our first Community Challenge!

 

MerakiCommunity-CommunityChallenge.png

 

The Community Challenge will give you chance to share your Meraki-related experiences and best practices while competing for a grab bag of fun swag. We know you love our Meraki swag!

 

Winners

We will be selecting 2 Community Challenge winners.

  1. The Community Favorite — chosen by you, our fantastic Community members. Vote by kudoing your favorite post(s). The post with the most kudos will win!
  2. The Meraki Favorite — chosen by an internal Meraki panel of judges based on creativity, completeness, and accuracy. 

Challenge entries and kudos can be submitted now through Monday, November 20th at 5:00pm PT - just answer the challenge question by commenting on this blog post. Winners will be announced before Thanksgiving (November 23). Whether or not you enter the challenge, be sure to help us decide the winner by voting on your favorite entry!

 

The Challenge Question

 

Globally malicious web activity has morphed into a multi-billion dollar industry, threatening organizations large and small. How have you seen organizations leverage Meraki’s advanced security tools to combat emerging threats?

 

Good Luck!


 

Rules:

  1. Limit one entry per person per challenge contest.
  2. Contest will run from 8:00am PT November 15th to 5:00pm PT November 20th.
  3. Prize will be a grab bag of Meraki swag 
  4. Complete rules and eligibility can be found here.
33 Comments
Conversationalist

Delay on Meraki to do the basic line of defense: 

1. Deploy Meraki MXs to all locations, and keep them running at the latest firmware

2. Enroll with the advance security licensing to make sure all the antivirus, anti-malware, intrusion prevention, and other features are up to date

3. Make sure the AMP, Intrusion Prevention functions are turned on; and create all necessary firewall and traffic shaping rules.

 

Add another layer of monitoring on top

4. Utilize Splunk to monitor and analyse the system logs from Meraki into understand the network activities and be alerted when suspicious activity is spotted.

Just browsing

Cisco Meraki Security appliances help our customers stay more secure than other firewall based security solutions and are a key part in our solution stack to protect our customers from malicious activity.

Other firewalls require a management server to store logging activity, definition files and other tools that enable their security offerings. This led to many situations for our SMB customers in the past where they would purchase a security appliance from us but they would be unwilling to spend the money on professional services or internal hardware/software resources to setup/configure/maintain/emable the security appliance. With Meraki, turning on security services is a 5 minute operation and showing customers how they can refine their own content control rulesets is empowering to them.

Comes here often

We've deployed Meraki as our edge device in our country offices (Iraq, Congo, Rwanda, Nigeria, and Afghanistan by EOY), implemented filtering and traffic shaping and ensured devices stay updated.  This has been an awesome display of cloud management for all our IT staff and it has gone great.

Getting noticed

 

We will need to Delpy the following:-

1. Apply some rules in the MX to block some ports / try to allow only Ports that is needed to work.

2. Apply some ACL/ NAT /PAT  mode in the MX  and try to use DMZ  to isolated some servers from the Local Server.

2. Deploy Meraki MXs to any locations, and keep them running at the latest firmware.

3. Enroll with the advance security licensing to make sure all the antivirus, anti-malware, intrusion prevention, and other features are up to date

4. Make sure the AMP, Intrusion Prevention functions are turned on; and create all necessary firewall and traffic shaping rules.

Thank you 

Here to help

How have I seen organizations leverage Meraki’s advanced security tools to combat emerging threats?

 

There are numerous ways that Meraki security tools have helped our customer's combat threats.

 

  1. Cisco AMP is time-consuming to deploy on traditional ASA devices. With Meraki, I can setup AMP with 3 dropdown boxes in less than 10 seconds. This extreme time saving is appealing to every customer.
  2. Built in VPN functionality means even non-administrators can setup their own VPN client - no install required
  3. VPN means we can close public openings. We see RDP open on the Internet too many time. Customers will only use a solution if security is balanced with convenience.
  4. Dashboard reports enable even the non-technical user to have a view of the security.
  5. The client list - this is my favorite thing to show a client. It's priceless to hear them exclaim "I didn't realize there were so many devices on my network. Who is that? What device is THAT?!"
  6. Mobile app - I believe in empowering users. When you install the Meraki app & show a client they have 100% visibility to their network 24x7x365, they are always amazed.
  7. SOHO/Branch Office users no longer need a large security appliance or home-brew solution to add security. Meraki Z1 can be purchased & setup for little more than a high-end consumer device and they don't include client or site to site VPN.
  8. Firmware updates used to be an arduous task. Meraki not only automates updates but empowers administrators to control the upgrade window, version, and features. How many ransomware attach vectors use already patched flaws? Auto updates ensure you don't get hit by something that was fixed months ago.
  9. Many clients (including those running Cisco AMP & ISE) were infected with ransomware.
  10. 0% of our Meraki clients experienced ransomware attacks.

Coincidence? I think not. 

 

I ❤️ Meraki

Comes here often

Implement the appropriate Meraki MX device with the Advanced Security License! Enable the Advanced feature set! Have fun education session to familiarize users with Phishing attacks so they don't "Open any doors to attack!" Let the MX do it's job!

Conversationalist

To start, its easy:

  • Plug-in, turn on, click, click, click, save and done! Like everything else Meraki.
  • As long as you have IPS and AMP enabled you're mostly done, Meraki takes care of the rest.
  • Check back on the Security Center Dashboard daily initially, mitigate threats detected and tweak the firewall rule-sets.
  • As you reduce the number of detected attacks you can reduce your Security Center visits to weekly level with some alerting for abnormal spikes.

In order to extend the security to devices operating outside of the perimitere of the MX, add Umbrella and AMP for Endpoints,

Conversationalist

Hello,

We are seeing a trend where internet bound threats are mostly originated from a handful of countries. The customers really like the "Geography based firewall rule" which is part of the Meraki advance security license suite. it's super simple for organizations to prevent data leak to undesired countries around the world with just a few clicks. AMP/ Anti malware is another great features organizations love. With Cisco's continued focus in AMP development clubbed with the expertise provided by TALOS, organizations are leveraging these tools heavily to combat the emerging security threats. 

 

tx

Kapil

Comes here often

"How have you seen organizations leverage Meraki’s advanced security tools to combat emerging threats?"

 

-I have not seen most organizations use Meraki gear, thats why we still have a b multi-billion dollar industry, threatening organizations large and small.

Meraki need an influencer in each continent to actually show how several attacks are stopped while a normal router gets owned in mere seconds.

 

Its all about marketing. Its all about money. Its all about security.

Or you are broke.

Comes here often

Integration of critical Cisco security technologies like Snort and Advanced Malware Protection into Cisco Meraki MX platform ensures that customers who choose Meraki enjoy world-class protection for their valuable network assets

A model citizen
  1. Meraki and the MX line handles the bulk of the workload in mitigating this threat. Ensuring our MX devices are on the latest firmware is a crucial first step as it ensures that these threats cannot exploit old vulnerabilities in the gear.
  2. Meraki's Advanced Security Licensing. This gives access to tools such as AMP and IPS/IDS. By properly configuring these services, you add another layer of security to the equation.
  3. Utilization of Layer 3 and Layer 7 Firewall rules. Using Layer 3 rules you can block traffic to certain locations and Layer 7 rules can deny traffic from countries. 
  4. Content filtering rules. Understanding that Meraki uses BrightCloud as the basis for Content Filtering categories, we need to make sure that we blocking/allowing access to sites that BrightCloud sees as safe/unsafe appropriately. We must also check in periodically to ensure this information is updated in a timely fashion.
  5. URL FIows. Meraki has the ability to see where your traffic is flowing to/from (i.e. you can see when you are hitting the Microsoft site in CA or the UK). Know where your traffic is flowing from and what is "normal traffic" to develop your baseline is essential to fighting these threats.
  6. Packet captures/Syslogs. Make sure that traffic is somewhere for long term collection. Utilizing products such as PRTG to monitor Netflow and Syslog can add in this. Meraki also has built in packet capture capability. Using these tools has help in making sure our data is going in and out as intended and allows us to see when things are looking suspicious.
  7. Creation of routes. Make sure that we are only allowing routes that need to be shared in VPN connections and keeping all others out of site to site participation. Additionally, when creating routes use the smallest subnet when possible (I.e. using 10.0.0.0/22 instead of 10.0.0.0/8).
  8. Client VPN. Use a LONG password (minimum of 16 characters). Meraki VPN uses Aggressive Mode VPN. The longer the password, the better.

There's sooo much more, but that's what I can think of a before running into my meeting.

 

GOOD LUCK EVERYONE!

Here to help

Advanced Malware Prevention (AMP) inspects all HTTP file downloads through a Security Appliance and blocks/allows file to be downloaded based on threat intelligence salvaged from the AMP cloud.

 

Intrusion Detection and Prevention

Intrusion detection strengthen all packets flowing between the LAN and Internet interfaces as well in-between VLANs and records the produced alerts to the Security Report. 

Intrusion prevention blocks all the traffic that is identified as malicious, rather than just generating alerts.

 

Whitelisting signatures

You can create list of specific signatures by clicking Whitelist an IDS signature. Any signatures for which matching traffic has been seen by the appliance will appear in the Select an Option drop-down so that you can select which signature or signatures you wish to whitelist.

 

Security Report

The report delivers you a graphical depiction of Intrusion Detection events in your network.

Comes here often

We use AMP and IDP, IDP in detect mode only right now. We plan on implementing an MDR solution next year and would end the logs from our devices to the solution provider for analysis. Right now I review the security dashboard daily.

Getting noticed

The Challenge Question: 

 

Globally malicious web activity has morphed into a multi-billion dollar industry, threatening organizations large and small. How have you seen organizations leverage Meraki’s advanced security tools to combat emerging threats?

 

The Challenge Response: 

 

Advanced Malware Protection (read more) and IPS/IDS (read more) are the features that immediately come to mind when thinking about combating malicious web activity.  Furthermore, Meraki in June of 2017 released support for Threat Grid (read more), this add-on strengthens the advanced security tools portfolio.  Lastly, Meraki has other features such as content filtering, identity based firewall, layer 3 rules, layer 7 rules, ACLs, and others  that help organizations in this capacity that may not be "advanced security tools" but are still helpful in the fight.  What I love about these three advanced offerings (AMP, IDS/IPS, and Threat Grid) is that Meraki allows organizations to deliver ubiquitous protection to combat emerging threats, and best of all, sticking to the mission statement, we now have cloud managed security tools that simply work!  This simplification of powerful security tools has allowed organizations to deploy protections where the users may have previously been left in the dark due to various barriers such as, technical know-how, budget constraints, and systems management overhead.  Organizations now have the freedom to focus their passions rather than spending time worrying about these threats and tools, Merakified* security! 

 

*(v. past part. merakified) to add soul, creativity or love to something, improving its performance through innovation, simplicity and flair!

 

Merakify-Email-Banner_v2-01-768x358.jpg

 

 

 

 

A model citizen

(I didn't mean to write a book, it just kinda happened... Feel free to skip to the last paragraph if you want to know how it turned out for me)

 

I would say the company I work for is a small to mid sized business. We have about 275 employees in a small town in North-Central Texas. When I first started working for Air Tractor (shameless plug), we had a single aDSL connection coming into an office on the opposite side of our single campus from our "Server Room" where our core switch was located. This pitiful setup and connection was supporting around 90 workstations internally and a guest wireless network. I'll never forget those first few weeks... I was hardly surprised to hear complaints about internet speeds or synchronization issues with email. It was easy to understand why we were having intermittent internet "outages" when the CPU on our undersized firewall would max out due to poorly setup content filtering while trying to handle throughput and client vpn routing. Seeing the rats nest of cables surrounding the switch rack in that tiny, hot, server room...no wonder everyone was afraid to touch anything. None of this surprised me. 

 

I spent more time those first few weeks observing. Listening. Not simply to hardware or configurations. No. Listening to the employees. Listening to the workers on our production floor that are used to these issues and seeing that they never brought them up because they've become the norm. Listening to office staff and understanding their simple requests that have only gone unnoticed. Still, nothing was surprising as I learned. I had walked into a previously non-existent position created out of necessity and everything uncovered from my users was absolutely expected. 

 

It wasn't until I had a real chance to sit down with the faces I recognized from my interview that I was pleasantly surprised. I say "pleasantly" because it was refreshing. Refreshing in a sense that they realized the potential threat of the outside world and how it could jeopardize everything they had worked so hard to build and protect over the years. Refreshing that it instilled in me a deeper respect for everyone I had met and listened to the past few weeks. Refreshing that I really had a potential to grow into my position and know that I would be looked upon as more than just a desktop support technician. Refreshing...and absolutely terrifying. (I'm sure glad they saw a confidence I didn't know I had yet)

 

The following months I grew a little more comfortable with my daunting, originally unrealized role as I dove into creating a game plan for how we could both update our network AND focus more easily on security. With little background on hardware and solution procurement...wow. There were probably 10 times as many options as I had ever imagined there would be when it comes to firewalls. WHO KNEW? (well, at the least, I didn't know) But there was one conversation I had with a former colleague that changed the game. How she was getting by with minimal IT resources with a network I imagined was 3 times my size. There was a brand mentioned that I had never heard before. Meraki How could Cisco have another player in the ring that I had never heard of? I don't know how or why it came up, but I'm very grateful for that quick conversation in passing. 

 

So enough about beginnings and the sentiments of green IT guy...now we fast forward a few years. If you have somehow managed to make it through my ramblings thus far, I congratulate you and say "Thanks!" Secondly, if you're not using a Meraki MX device with the Advanced Security license...well, then, I'm sorry. Also, go get one. Right Now. Just click right here and get one. It was the best decision I ever made, maybe it can be the same for you. 

 

As an all-in-one person IT department, I find myself too often needing to be a little...creative with my time-management. On the fly access to Meraki's Security Center is perfect for my intensely varying days in and out of the office. At a glance, I can see which systems at which site are being hit the most, and literally where in the world it's coming from. From a compliance standpoint, I can block an entire country's traffic from reaching my network in just a few clicks. The use of Bright Cloud's updated category listing for content filtering helps keep my users off of malicious sites. I consider our MX 100 as my hardest working employee. Whether I'm busy at work, or I'm sleeping at home, or on vacation with no signal in the mountains...the Master Chief (as I have named him, any Halo fans?) is hard at work. While I'm always on call, he's always on duty. I take pride in the fact that I have the leader of network security (Cisco) backing my departments employee of the month (going on 2 years straight, I doubt I'll ever claim that title at this rate). The Cisco AMP (Advanced Malware Protection) integration alerts me and lets me know if something may have slipped through. The retrospective aspect of this has greatly improved incident response time (and my confidence in our other security layers when I see it's caught by another means). This single appliance has helped mold our companies culture around security and has helped me create a better security posture out of one that simply was not there before.  

Conversationalist

I manage a network for my kid's school and we run an MX.  With 400 students that bring their own devices as well as parents, teachers, administrators, and guests jumping on the network with all sorts of random mobile devices,   every week is a learning experience.  

 

1.  Threat Prevent is setup  Enable, Protect, Secure options.  Detect is for suckers!

2. We segmented the network into vlans and setup access controls to restrict   east west access for clients.

3.  We  go big brother style on content filtering because my kids and the kids for all my friends and neighbors are in the school and I care about all of them like they're my own.  My goal is to add at least one domain per week to  the Blocked URL patterns.

4.  Layer 7 rules block several categories of apps like P2P, Gaming, file sharing, and more.

5. I review security center  weekly.

6.  We have the MDM on all internal systems.

7.   I review Org Hosted Logs and look for domains and categories that are accessed and make updates.

8.   For other domains and services,  I have multiple rules in Traffic shaping  to limit bandwidth  for non essentials.   So apple.com and icloud.com    are limited to 100kbps.

9. Finally, i look at the clients list and sort by bandwidth utilization to see who is doing what.  When someone pushes lots of data through they get blocked or we check out what they accessed.

 

In the past 6 months, we haven't had a virus, malware or anything else hit the internal systems.

 

Conversationalist

Many important points that have been explained in previous comments.

 

From my point of view, one of the great strengths of Meraki is a "Full Stack" approach to security with right consideration at each level.
The continuity of protection is valid from access to applications.

 

With on the MR and MS:
- security from access (802.1X, Privat VLAN, RADIUS authentication, ...).
- Protection of WLAN accesses (WPA2, WIDS / WIPS, NAC, Auto Tunneling VPN Technology, Air Marshal, ..)
- filtering (URL, access list, ...) to avoid connections that involve threats.
- proactively discover DHCP rogue
- application layer visibility.
-...

Directly with MX:
- IDS / IPS
- AMP, Threat Grid, TALOS experience,
- Auto VPN, SD-WAN,
- different security functions already mentioned for the MX in the other comments.

 

With IP video surveillance:
- MV with a secure connection (see https://ics-cert.us-cert.gov/advisories/ICSA-17-124-01)

 

With mobile devices:
- SM / EEM
- Mobile Device Management
- Mobile Application Management
- Mobile Content Management
- Mobile Content Management
-..

Against these threats, the solution is an addition of protection efforts at each level.

Here to help

If you need to deploy security at the edge quickly, MX appliances with Adv. Sec. licensing is the way to go. Deployment is very simple and very fast. AMP does a great job of catching malicious threats. Layer that with the IPS and Content Filtering to protect your network from exploits and other web based threats. We are looking into deploying ThreatGrid for analyzing unknown files and their behavior.

 

Here to help

I think MERAKI permits enterprises to better combat against threat on multiple levels.

Of course Advanced-Sec version of MX is quite powerful thanks to AMP and IPS/IDS with a quick and easy way of configuration, but this is not the only action to take.

 

A key advantage with Meraki is to have natively a complete set of actions to coordinate for a better global security. For instance on the Wi-Fi part you can use NAT mode to isolate each single user behind a NAT like a container, and consequently being protected of other users potentially propagating a virus or a malware attack.

With Firewall & traffic shaping, from the source of the connectivity you can avoid enterprises’ users to go to non-desired/suspicious traffic categories on internet…

And on top if you couple your enterprise’s strategy with the embedded MDM (SM) to register all your corporates’ devices, with Sentry you can automatically deploy your internal policies to any devices and contain or limit the possible security breaches.

 

To conclude, the Meraki cloud solution is a quite complete mix of way to configure new modern networks, efficiently and easily. I would just propose to think about a partnership with a third party AV client to deploy via SM, again on a cloud based like the unified Next-Generation Endpoint Protection Sentinel-One solution.

Comes here often

Meraki give us the power to manage our Network Infrastructure seamlessly and effectively. We are using Meraki’s Advanced Security protection features such as Threat Protection, content Filtering, URL Blocking, Search Filtering etc.  to protect our environment, form any malicious attacks. With Meraki Security Appliance and Layer 7 visibility, I can happily confirm that none of our users were affected by recent Ransomware outbreak, and also KRACK vulnerabilities. Another great think about Meraki infrastructure is their firmware updates which are quite effective , flexible and can be done impeccably. With addition to MDM (SM) is a bonus as now we can manage mobile devices error free in a secure mode.