Meraki

Thygesen · ‎Jan 22 2024

Hi fellow MX'ers 😀

I got a question that left me somewhat puzzled ..

Maybe You can enlighten me ?

A lot of "other" firewall vendors boast about quick Zero Day patching and CVE mitigation ..

Question: How do I ensure management that Meraki MX devices are as "up to date" as other vendors ?
Some notification of security updates (like for Firepower) ? New version update notification mail ?
Update method/CVE mitigation procedure for Meraki MX ?

When I go through the MX firmware sections of the dashboard, I can't seem to find any good answers for the above ..

Please assist 😁 Kudos' will rain upon You ..

With Highest Regards

Thyge

cmr · ‎Jan 22 2024

These are covered off with firmware upgrades. They are announced here: Firmware Upgrades Feed - The Meraki Community

You will not see the same level of detail that you might be expecting regarding security fixes (except occasionally) so if you need it for a particular bug, you are best off raising a support ticket and should get a quick response.

If my answer solves your problem please click Accept as Solution so others can benefit from it.

Thygesen · ‎Jan 22 2024

Hi Cmr 😀 Got that ..

The concern I got was that the update rate of the MX firmware is not impressive, if the CVE resolution is done this way, if You compare to ie Firepower and other firewalls Hot-Fix services..

Seen with management eyes, they see the MX left "un-safe" longer than other firewalls ..

Where do we have docu that shows that MX's are updated as quickly as all the other Cisco firewalls ?

DarrenOC · ‎Jan 22 2024

these devices are built using the largest threat engines - Talos, Snort etc so if something is zero day then I’m often comforted that if Talos has seen it this intelligence is acted upon.

Darren OConnor | doconnor@resalire.co.uk
https://www.linkedin.com/in/darrenoconnor/

I'm not an employee of Cisco/Meraki. My posts are based on Meraki best practice and what has worked for me in the field.

Thygesen · ‎Jan 22 2024

Hi Darren ! ..
These are more directed towards other devices than the MX firewall itself ??

DarrenOC · ‎Jan 22 2024

Hi @Thygesen , on the contrary I would say they’re directed at the MX. They’re the heart of the MX security.

Darren OConnor | doconnor@resalire.co.uk
https://www.linkedin.com/in/darrenoconnor/

I'm not an employee of Cisco/Meraki. My posts are based on Meraki best practice and what has worked for me in the field.

GreenMan · ‎Jan 22 2024

Check the Network-wide > Event log for your MX and filter for 'intrusion' - you'll see the periodic Snort engine updates. These updates are, incidentally, matched per-link to the List update interval under SD-WAN & traffic shaping: https://documentation.meraki.com/MX/Firewall_and_Traffic_Shaping/SD-WAN_and_Traffic_Shaping#

Thygesen · ‎Jan 25 2024

So .. Basically we have nothing to show our compliance board in terms of CVE coverage and MX software/Meraki software ?

Rekun · ‎Jan 25 2024

If a critical CVE is found, then firmware is pushed to all devices, as we have seen in the past.

Meraki

Community

MX Firmware / Zero Day / CVE coverage patching and notification ??

MX Firmware / Zero Day / CVE coverage patching and notification ??