Using Stealthwatch and Meraki solutions? Meraki would like your participation!
I'm part of the research team at Meraki and am currently working to understand how people use the Meraki and Stealthwatch to manage network security and security threats, and hoping to learn more about your experience.
Would you be able to take about 45 minutes to a 1 hour to tell me more about this? Please schedule a time that works for you here.
There are two Stealthwatch products, on-premise and cloud. I have really only played with the cloud version.
When I compare what you get from the Meraki security dashboard versus Stealthwatch and consider the huge uplift in cost to get Stealthwatch - I don't see Steathwatch as a great investment.
You would really be wanting to monitor additional things beyond Meraki that don't provide the same level of visibility.
Also, you really want to be able to dedicate a full time equivilant person to use Stealthwatch to go through and analyse the data. If you don't have a reasonable amount of free time each day to look at Stealthwatch then you should probably be looking at some kind of managed service instead.
ps. I can't private message you at the moment. You might need to ask @CarolineS for help with that (assuming this wasn't deliberate).
pps. Scratch that, the private message option has now appeared today.
So often I‘m right on track with you Philip. In case of Stealthwatch, I really tend to disagree!
I‘ve done many POVs and customer implementations (Stealthwatch Enterprise in this case) and when you „only“ compare the Dashboard info, you‘re missing a whole lot of things. We found so many security issues that no Dashboard, SIEM or IPS in place ever noticed.
the fundimental problem is that the MX Firewall doesn't support SSL inspection (Beta FW is very slow) this is where Steatlwatch Cloud (SWC) integration with Meraki comes into play... with the new 'Onsite Sensor SWC supports ETA (Encrypted traffic analysis) you could address this issue using ETA vs Full SSL inspection
Now the next issue Meraki Switches don't create Netflow - so you could deploy a VMWare server running Cisco Enhanced Netflow sensor (FNF) Part# L-ST-FS-VE-K9) on a VMWare server or if you had a switch like the new CAT9300-24UX that supports FNF somewhere on your network... the new MS390 Switch has the exact same specs as the CAT9300 including an ASIC 2.0 Chip - does that mean MS390 will do enhanced Netflow with SWC? via a Firmware update?
Well we tried to make this work,... turns out the MX only exports V9 Netflow not FNF - so that won't work - unless the MX Gets an update to support Exporting FNF Netflow.. so I guess you could get the same results by upgrading to Umbrella SIG Essentials (Secure internet Gateway) with Meraki MX Tunneling - so your SSL is inspected in the cloud... short answer Stealthwatch integration with Meraki is an interesting idea. to explore - pricing on the Enterprise product is crazy (an SMB version offering some features or fewer PC's)