Meraki

AlbertoAlfaro

Me pueden apoyar indicandome donde puedo ver si el Threat Protection de Meraki si detecta y bloquea el malware-Ransomware- llamado BABUK ? en espera de su apoyo y conocimiento, Gracias!

AlexL1

Hi AlbertoAlfaro,

Welcome to Meraki Community.

In addition to alemabrahao comment, Advanced Malware Protection (AMP) is an industry-leading anti-malware technology, integrated into MX Security Appliances.

Check this article here - "Cisco Talos discovered a malicious campaign using Cisco Secure product telemetry on Oct. 12, 2021 targeting vulnerable Microsoft Exchange servers and attempting to exploit the ProxyShell vulnerability to deploy the Babuk ransomware in the victim's environment"

Do you see the Security Event for "Babuk ransomware" under Organization > Security Center?

If yes, what's the result under "Action" column - block / allow?

(1) - AMP is available only with Advanced Security Edition licensing and SD-WAN Licensing

(2) - Traffic Analysis must be enabled under Network-wide > Configure > General > Traffic analysis for AMP to function.

(3) - The MX Security Appliance will block HTTP-based file downloads based on the disposition received from the AMP cloud. If the MX receives a disposition of malicious for the file download, it will be blocked. If the MX receives a disposition of clean or unknown, the file download will be allowed to complete.

The supported file types for inspection are:

MS OLE2 (.doc, .xls, .ppt)
MS Cabinet (Microsoft compression type)
MS EXE (Microsoft executable)
ELF (Linux executable)
Mach-O/Unibin (OSX executable)
DMG (Apple Disk Image)
Java (class/bytecode, jar, serialization)
PDF
ZIP (regular and spanned)*
EICAR (standardized test file)
SWF (shockwave flash 6, 13, and uncompressed)

* This includes the inspection of XML-based Microsoft Office file types (.docx, .xlsx, etc.).

(4) Additional option for integration - Cisco Threat Grid is a unified threat intelligence and malware analysis platform, which is tightly integrated with Cisco's Advanced Malware Protection (AMP) solution.

https://documentation.meraki.com/MX/Content_Filtering_and_Threat_Protection/Threat_Grid_Integration

More detail information:

If you have any questions, please don't hesitate to contact us.

If you found this post helpful, please give it kudos.
If my answer solved your problem, click "accept as solution" so that others can benefit from it.

View solution in original post

alemabrahao

You can check your Advanced Malware Protection (AMP) settings. AMP inspects HTTP file downloads and blocks or allows downloads based on threat intelligence collected from the AMP Cloud.

Under Security & SD-WAN > Monitor > Security Center, you can view filtered traffic logs and actions taken.

Meraki Threat Protection uses the Snort intrusion detection engine, which analyzes network traffic for malicious activity.

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.

AlbertoAlfaro

Gracias alemabrahao

AlbertoAlfaro

Formulo de manera diferente la pregunta, ¿saben si el Threat Protection de Meraki, detecta y bloquea el malware-Ransomware- llamado BABUK ? en espera de su apoyo y conocimiento, Gracias!

AlexL1