Meraki

sloveland · ‎Feb 22 2019

I'm a Paranoid Security Guy™

I looked at https://documentation.meraki.com/MX/Content_Filtering_and_Threat_Protection/Threat_Protection and am concerned that an IDS ruleset that "contains rules that are from the current year and the previous three years, are for vulnerabilities with a CVSS score of 8 or greater" plus 5 categories of rules won't be sufficient to protect us.

What happens when an attacker tries to exploit a vulnerability that is 2 years old and has a CVSS score of 7? Or a vulnerability that is 5 years old and rates as 10?

Looking for any advice you may have. Thanks in advance.

sloveland · ‎Feb 26 2019

We're considering another vendor.

View solution in original post

jdsilva · ‎Feb 22 2019

I would argue holding the title of "Paranoid Security Guy" and having software that hasn't been updated in over 3 years are mutually exclusive. Please, if you haven't patched in the last three years then now is the time to do so!

🙂

http://blog.brokennetwork.ca |

@jdsilva

sloveland · ‎Feb 22 2019

I agree with you.

However, it's not just about missing the +3 year-old patch - it's the 2 year-old that scores a 7.

PhilipDAth · ‎Feb 22 2019

As @jdsilva says, seriously, if you haven't patched the systems within 2 years you have another problem.

sloveland · ‎Feb 23 2019

Well, this hasn't been helpful.

I was hoping for some insight so I could counter the argument that is coming from other suppliers that Meraki rule sets are too small to combat threats that a modern enterprise would face.

PhilipDAth · ‎Feb 23 2019

Perhaps you should consider Cisco Firepower (like a 2110 appliance or an ASA 5516) if you want a lot of control. They let you turn every knob you can think of.

sloveland · ‎Feb 26 2019

We're considering another vendor.

Meraki

Community

AMP rulesets - 3 years and categories are sufficient?

AMP rulesets - 3 years and categories are sufficient?