Upcoming Threat Protection eLearning Module - Feedback Needed

chrisandrews
Meraki Employee
Meraki Employee

Upcoming Threat Protection eLearning Module - Feedback Needed

Hey Meraki Community,

 

The Meraki Learning Team is working on a new module titled "Enabling Threat Protection on a Security Appliance" for our Security & SD-WAN Fundamental Implementation course, and we’d LOVE your feedback.

Please review the draft outline of one key video within this module below and share your thoughts. Your insights will help us ensure the content covers the key features, especially for those new to implementing threat protection on security devices.

 

Here's what we're looking for in your feedback on this video outline:

  • Are the essential features for a beginner clearly covered?
  • Have you encountered any common challenges or frustrations with threat protection and the specific features of AMP and IDP/IPS that we should address?
  • Are there additional topics/features in this video we haven't included but should consider?
  • Do you have any other suggestions for improvement?

 

Please leave your comments in this thread. Your feedback is greatly appreciated and will directly influence the effectiveness of our educational materials.

 

Video Outline:

Scene 1

Intro

  • Introduce AMP and how it can protect your network from malicious file downloads
    • Include examples of what file types AMP can protect against (PDF, zip, ELF linux executable)
  • Introduce IDS/IPS and how it uses Cisco SNORT to monitor traffic for malicious activity against cyber attacks.
    • Mention that traffic inspection only occurs for flows between LAN and WAN, and traffic between VLANs. Does not occur on traffic between clients in same subnet
  • Where to navigate to for Threat Protection options (Security & SD-WAN > Threat Protection)

Scene 2

Threat Protection (AMP)

  • Show how to enable to AMP
    • Only malicious are blocked
    • Clean and unknown downloaded
    • Inform that with AMP cloud unknown files can be retroactively categorized as malicious
  • Show how to configure aspects of AMP
    • Allowed URLs List
      • Explain how to allow subdomains with asterisk
    • Allowed SHA256 File Hashes
      • Mention there are tools online to find this hash value, and that with the CLI on your operating system you can find the value too.

Scene 3

Threat Protection (IDS/IPS)

  • Show how to Enable IDS/IPS
    • Explain difference between Detection and Prevention
    • Explain the different rulesets (Security, Balanced, Connectivity)
  • Configure IDS Allow Rule
    • Explain why you may need to do this and and how to configure 

Scene 4

Security Center

  • Navigate to Security Center 
    • Show how to filter for AMP events
    • Show how to filter for IDS events


Chris Andrews
Senior UX Researcher
Cisco Meraki  | Product Enablement

2 Replies 2
PhilipDAth
Kind of a big deal
Kind of a big deal

I would also expect to see something about using content filtering to limit threats.

 

PhilipDAth_0-1716923482208.png

 

I think you should also cover off licencing that is required.

 

You could also mention the org wide security centre, as well as the network wide version.  On the org wide one, I would also show how to schedule a monthly security report to be sent (very popular).

 

When talking about AMP you could consider mentioning but not showing the optional ThreatGrid functionality (maybe just show a screen shot of the threat grid dashboard while you mention it).  I would not demonstrate how to set it up though in a fundamentals course.

chrisandrews
Meraki Employee
Meraki Employee

Thank you so much for this feedback @PhilipDAth ! You read our minds on the content filtering as we are going to include that in our next module. You also gave us some great ideas for features we need to mention (i.e. ThreatGrid). Really appreciate your expertise.

Get notified when there are additional replies to this discussion.