MX Firmware / Zero Day / CVE coverage patching and notification ??

Thygesen
Building a reputation

MX Firmware / Zero Day / CVE coverage patching and notification ??

Hi fellow MX'ers 😀

 

I got a question that left me somewhat puzzled ..

 

Maybe You can enlighten me ?

 

A lot of "other" firewall vendors boast about quick Zero Day patching and CVE mitigation ..

Question: How do I ensure management that Meraki MX devices are as "up to date" as other vendors ?
Some notification of security updates (like for Firepower) ? New version update notification mail ?
Update method/CVE mitigation procedure for Meraki MX ?

When I go through the MX firmware sections of the dashboard, I can't seem to find any good answers for the above ..

 

Please assist 😁 Kudos' will rain upon You ..

 

With Highest Regards

Thyge

 

8 Replies 8
cmr
Kind of a big deal
Kind of a big deal

These are covered off with firmware upgrades.  They are announced here: Firmware Upgrades Feed - The Meraki Community

 

You will not see the same level of detail that you might be expecting regarding security fixes (except occasionally) so if you need it for a particular bug, you are best off raising a support ticket and should get a quick response.

If my answer solves your problem please click Accept as Solution so others can benefit from it.
Thygesen
Building a reputation

Hi Cmr 😀 Got that ..

The concern I got was that the update rate of the MX firmware is not impressive, if the CVE resolution is done this way, if You compare to ie Firepower and other firewalls Hot-Fix services..

 

Seen with management eyes, they see the MX left "un-safe" longer than other firewalls ..

 

Where do we have docu that shows that MX's are updated as quickly as all the other Cisco firewalls ?

 

DarrenOC
Kind of a big deal
Kind of a big deal

these devices are built using the largest threat engines - Talos, Snort etc so if something is zero day then I’m often comforted that if Talos has seen it this intelligence is acted upon.

Darren OConnor | doconnor@resalire.co.uk
https://www.linkedin.com/in/darrenoconnor/

I'm not an employee of Cisco/Meraki. My posts are based on Meraki best practice and what has worked for me in the field.
Thygesen
Building a reputation

Hi Darren ! ..
These are more directed towards other devices than the MX firewall itself ??

DarrenOC
Kind of a big deal
Kind of a big deal

Hi @Thygesen , on the contrary I would say they’re directed at the MX.  They’re the heart of the MX security.

Darren OConnor | doconnor@resalire.co.uk
https://www.linkedin.com/in/darrenoconnor/

I'm not an employee of Cisco/Meraki. My posts are based on Meraki best practice and what has worked for me in the field.
GreenMan
Meraki Employee
Meraki Employee

Check the Network-wide > Event log for your MX and filter for 'intrusion' - you'll see the periodic Snort engine updates.   These updates are, incidentally, matched per-link to the List update interval under SD-WAN & traffic shaping:   https://documentation.meraki.com/MX/Firewall_and_Traffic_Shaping/SD-WAN_and_Traffic_Shaping#

 

Screenshot 2024-01-22 114931.png

Thygesen
Building a reputation

So .. Basically we have nothing to show our compliance board in terms of CVE coverage and MX software/Meraki software ?

Rekun
Here to help

If a critical CVE is found, then firmware is pushed to all devices, as we have seen in the past.

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels