Meraki Community
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Upcoming Threat Protection eLearning Module - Feedback Needed

chrisandrews
Meraki Employee
Meraki Employee
‎May 28 2024 7:26 AM
‎May 28 2024 7:26 AM

Upcoming Threat Protection eLearning Module - Feedback Needed

Hey Meraki Community,

 

The Meraki Learning Team is working on a new module titled "Enabling Threat Protection on a Security Appliance" for our Security & SD-WAN Fundamental Implementation course, and we’d LOVE your feedback.

Please review the draft outline of one key video within this module below and share your thoughts. Your insights will help us ensure the content covers the key features, especially for those new to implementing threat protection on security devices.

 

Here's what we're looking for in your feedback on this video outline:

  • Are the essential features for a beginner clearly covered?
  • Have you encountered any common challenges or frustrations with threat protection and the specific features of AMP and IDP/IPS that we should address?
  • Are there additional topics/features in this video we haven't included but should consider?
  • Do you have any other suggestions for improvement?

 

Please leave your comments in this thread. Your feedback is greatly appreciated and will directly influence the effectiveness of our educational materials.

 

Video Outline:

Scene 1

Intro

  • Introduce AMP and how it can protect your network from malicious file downloads
    • Include examples of what file types AMP can protect against (PDF, zip, ELF linux executable)
  • Introduce IDS/IPS and how it uses Cisco SNORT to monitor traffic for malicious activity against cyber attacks.
    • Mention that traffic inspection only occurs for flows between LAN and WAN, and traffic between VLANs. Does not occur on traffic between clients in same subnet
  • Where to navigate to for Threat Protection options (Security & SD-WAN > Threat Protection)

Scene 2

Threat Protection (AMP)

  • Show how to enable to AMP
    • Only malicious are blocked
    • Clean and unknown downloaded
    • Inform that with AMP cloud unknown files can be retroactively categorized as malicious
  • Show how to configure aspects of AMP
    • Allowed URLs List
      • Explain how to allow subdomains with asterisk
    • Allowed SHA256 File Hashes
      • Mention there are tools online to find this hash value, and that with the CLI on your operating system you can find the value too.

Scene 3

Threat Protection (IDS/IPS)

  • Show how to Enable IDS/IPS
    • Explain difference between Detection and Prevention
    • Explain the different rulesets (Security, Balanced, Connectivity)
  • Configure IDS Allow Rule
    • Explain why you may need to do this and and how to configure 

Scene 4

Security Center

  • Navigate to Security Center 
    • Show how to filter for AMP events
    • Show how to filter for IDS events


Chris Andrews
Senior UX Researcher
Cisco Meraki  | Product Enablement

Labels:
Subscribe
2 Replies 2
PhilipDAth
Kind of a big deal
Kind of a big deal
‎May 28 2024 12:16 PM
‎May 28 2024 12:16 PM

I would also expect to see something about using content filtering to limit threats.

 

PhilipDAth_0-1716923482208.png

 

I think you should also cover off licencing that is required.

 

You could also mention the org wide security centre, as well as the network wide version.  On the org wide one, I would also show how to schedule a monthly security report to be sent (very popular).

 

When talking about AMP you could consider mentioning but not showing the optional ThreatGrid functionality (maybe just show a screen shot of the threat grid dashboard while you mention it).  I would not demonstrate how to set it up though in a fundamentals course.

Subscribe
In response to PhilipDAth
chrisandrews
Meraki Employee
Meraki Employee
4 weeks ago
4 weeks ago

Thank you so much for this feedback @PhilipDAth ! You read our minds on the content filtering as we are going to include that in our next module. You also gave us some great ideas for features we need to mention (i.e. ThreatGrid). Really appreciate your expertise.

Subscribe
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.