Thanks for your response.

The question I am having from my client is that why Enterprise license is called Enterprise when it's not securing providing the Enterprise Level of Protection.

The point is that if someone visit the bad page it will not be blocked in Enterprise License ?

Correct

Thanks

Hi

May be because Enterprise License offers you complete VPN and SDWAN functionalities. Meraki calls it Enterprise.

if someone visit the bad page it will not be blocked in Enterprise License ?

You are correct. You need Content Filtering Feature for this.

When I first got on board the Meraki bandwagon the term enterprise license to me implied Enterprise=Ultimate license.

However this is not the case, took me a while for that to sink in. At the end of the day the devil is in the detail and the link I provided shows the differentiation. At the end of the day its just a name.

As mentioned before, if you have the advance license you reduce your risk in being exposed to threats. They key takeaway here is the word "reduce". To boot, just because you have the Adv license it does _not_ mean your immune from threats either.

It all comes down to the Org's security posture.

cheers

I suspect the "original" licence was called Enterprise - when there was only one licence.  Then Cisco bought Meraki.  The AMP engine was added to the MX product line.

So what to do about naming?  Well it does offer more advanced security features.  I know, lets call it "Advanced Security",

Thanks @PhilipDAth 

But my question was that if i go for Enterprise License, does it mean the Meraki MX and MS switches and the customer network behind this Meraki Network is not secure at all. anyone can hack it or make it vulnerable.

Thanks

Depends on what you mean with "secure".

I´m sure my understanding of secure is different than yours 😉

Secure means Security. Network is safe behind Meraki using Enterprise License.

With the enterprise license you already get access to the L7 firewall. So you can effectively filter traffic. But you will not be able to mitigate certain attack vectors like malware, or malicious traffic posing as regular traffic (something the IDS would be able to identify).

If you have other security tools in place for those then there's no issue. If not, then you could improve security by going for the advanced security license. Since there's no such thing as 100% secure, it's a trade-off you have to make yourself.

>customer network behind this Meraki Network is not secure at all

No one can simply say they are "secure".  And I certainly would not tell you that "you are not secure at all".  Security is like temperature.  There are a whole range of values.

You need to make a decision about what you feel is sufficient and go for that.  You need to consider what your risks are, and put in sufficient mitigation within what you can afford to stop those threats.

Personally, I have only ever sold Advanced Security licences to customers.  I personally consider the benefits of the content filtering to be able to block known malware sources and other things to be very valuable (proactively stop someone from even being able to download the malware rather than retrospectively trying to deal with it afterwards).  And then their is the great IPS engine built around snort to try and stop attackers from using known compromises to take control of your computers - and lastly AMP - the ability to scan HTTP downloads for malware.

---

@Aaron_Wilson wrote:
Has anyone converted their org from advanced to enterprise?

---

Yes, helpdesk can help you do it.

@Aaron_Wilson Yes, we've done it a number of times. It's really never been a big deal.

For edge devices, my company only sells the advanced security license now, because content filtering/AMP/IPS are pretty good. Our primary customer is an SMB who isn't willing to spend for a lot of separate services to provide defense in depth. The advanced security stuff lets us improve their posture in a way that they'll accept easily.