How should I confirm that our MX with advanced security license are prepared to block malicious traffic from this ransomware?
Thanks,
/Christian
Solved! Go to solution.
@rhbirkelund wrote:
I'll go out in a limb here and say; if there's a SNORT rule for that CVE, then it's handled by AMP.
A little bit of nitpicking here: if we're talking Snort it's handled by IDS/IPS, not AMP. 😉
Is your MX running latest stable firmware and do you have the Advanced security license with AMP enabled?
I would maybe reach out to Meraki support for full confirmation?
This exploit targets Pulse Secure VPNs. Are your VPN servers patched to the latest firmware also? This was how Travelex was brought to its knees.
Well, indeed, it's patched using the latest stable firmware, as usual. However, AMP and IPS (snort) features need regular updates to keep the device secure. It's not just a firmware update issue. I cannot confirm that Meraki's AMP handles CVE-2019-11510. Thanks!!
Yes, it has the lastest stable firmware (14,42) and advanced malware protection (AMP) is enabled. Ok, I will ask support. Thanks!!
@rhbirkelund wrote:
I'll go out in a limb here and say; if there's a SNORT rule for that CVE, then it's handled by AMP.
A little bit of nitpicking here: if we're talking Snort it's handled by IDS/IPS, not AMP. 😉