Non Security Guy asking about Meraki Security

Adham
Conversationalist

Non Security Guy asking about Meraki Security

Hi,Non Security Guy asking about Meraki Security 

 

I am trying to understand Advanced Meraki Security deliverables and flow, reading all the documentation, but I am little bit confused.

 

We have AMP, SNORT, TALOS, Threat Grid, Umbrella.

 

Q1: AMP can be offered in two flavors: devices and end user, right?

Q2: AMP for devices will filter the download files and categorise them into three categories, clean, unknown, Malicious?

Q3: If the files is unknot, it will be uploaded and send to Threat Grid for Sanboxing, right?

Q4: What does SNORT do? I read this document Threat Protection but still think both are the same

Q5: What is Cisco Umbrella? How does it Integrate with Meraki?

Q5: What is TALOS? How is it integrated with Meraki\SNORT\AMP\Umbrella...etc?

Q6: Is there any other product\vendor are integrated with Meraki MX that I should know about?

 

Thx

 

 

4 REPLIES 4
PhilipDAth
Kind of a big deal
Kind of a big deal

>Q1: AMP can be offered in two flavors: devices and end user, right?

 

Their is AMP for Endpoints (not a Meraki solution but a Cisco product) which can be installed on computers to protect them.  Think of it is antirus on steroids.

https://www.cisco.com/c/en/us/products/security/amp-for-endpoints/index.html 

 

Then their is the AMP engine which is in the Cisco Meraki MX appliance.  You need an Advanced Security licence.  It causes the MX to scan unencrypted traffic (such as http downloads) for malware.

 

>Q2: AMP for devices will filter the download files and categorise them into three categories, clean, unknown, Malicious?

 

The AMP engine does give files downloaded those three designations.

 

>Q3: If the files is unknot, it will be uploaded and send to Threat Grid for Sanboxing, right?

 

Only if you buy a threatgrid licence.  Most Meraki customers don't buy Threat Grid licences from my experience.

 

>Q4: What does SNORT do? I read this document Threat Protection but still think both are the same

 

Primary snort is an intrusion prevention mechanism.  It prevents attackers users exploits (mostly typically unpatch software) to do nasty things.  So these are people trying to access your systems - as opposed to you trying to download something bad.

 

>Q5: What is Cisco Umbrella? How does it Integrate with Meraki?

 

Cisco Umbrella can work with Cisco Meraki MX (security appliance) and Cisco Meraki MR (access points).  It does DNS filtering.  It is like an outer layer of security.  It prevents you from going to sites that are known to have malware or other bad things.  It can also be used for content filtering.

If you install the Umbrella Agent on your notebooks these same policies will still be applied when those notebooks are outside of your network (such as the users home).

 

Q5: What is TALOS? How is it integrated with Meraki\SNORT\AMP\Umbrella...etc?

 

TALOS is basically Cisco's security intelligence group (aka humans).  They use this security intelligence to create signatures for snort to protect you, updates to AMP to stop you downloading malware and to update Umbrella to prevent you even getting to the sites that host bad things.

 

 >Q6: Is there any other product\vendor are integrated with Meraki MX that I should know about?

 

There are other Cisco products that can also integrated with Meraki such as:

Cisco ISE:  https://www.cisco.com/c/en/us/products/security/identity-services-engine/index.html 

Cisco StealthWatch: https://www.cisco.com/c/en/us/products/security/stealthwatch/index.html

Cisco DNAC:  https://www.cisco.com/c/en/us/solutions/cisco-on-cisco/dnac-network-as-a-platform.html

Cisco CMX: https://www.cisco.com/c/en/us/products/collateral/wireless/mobility-services-engine/datasheet-c78-73...

 

There are probably others as well.  Cisco make a lot of products.

Adham
Conversationalist

🙂 Thanks, cleared much, but could you please clarify the following:

 

Q1: Threat Grid\Umbrella License is purchased separately from Cisco, it has nothing to do with Meraki\Advanced License, right?

Q2: Are the AMP\SNORT the only security solutions included in the Advanced License?

 

PhilipDAth
Kind of a big deal
Kind of a big deal

>Q1: Threat Grid\Umbrella License is purchased separately from Cisco, it has nothing to do with Meraki\Advanced License, right?

 

It is purchased seperately from Cisco.  You will need an "Advanced Security" licence to be able to use Threatgrid.

 

>Q2: Are the AMP\SNORT the only security solutions included in the Advanced License?

 

This table shows the differences between the two licences.  The biggest extra thing you gain that has not been mentioned yet is content filtering.

https://documentation.meraki.com/zGeneral_Administration/Licensing/Meraki_Co-Termination_Licensing_O... 

 

>Q1: AMP will work only on HTTP traffic? Not FTP\HTTPS?

 

Correct, it only works with http traffic.

Adham
Conversationalist

Another Question:

 

Q1: AMP will work only on HTTP traffic? Not FTP\HTTPS?

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels