Network Access Controll Supported AV does not include Cisco AMP for Endpoints.

Super-Craig
Conversationalist

Network Access Controll Supported AV does not include Cisco AMP for Endpoints.

We deploy Cisco AMP for endpoints to our clients. Cisco AMP can be detected in other areas of meraki and is used for malicious traffic insights, but we have been told in this case 06099657 that AMP can not be supported and it is not on the road map.

5 REPLIES 5
PhilipDAth
Kind of a big deal
Kind of a big deal

There are no Meraki integrations for AMP for Endpoints for Meraki as far as I am aware.  What would such an integration actually do?

It would work like the other AV's listed in the supported AV list in Network Access Control, where meraki would block access to the network unless AMP was installed on the device.

Gotcha.  That system doesn't work that well ...

 

 

For main network access, you would probably want to be used 802.1x (whether for WiFi or Wired).  If you use Cisco ISE as the backend then you could have it test compliance (such as has AMP for Endpoints installed, is in a "happy" state, etc) and then have it decide which should be done.

 

 

In my perfect world, Systems Manager would be extended to be able to check the Windows Security Centre.  This would then support pretty much every endpoint security product out there, and then create policies off that.  You can kinda do something similar at the moment but it doesn't work very well.

 

At the moment Systems Manager can check for security software running (but you can specify what software - perhaps you could tie that down with group policy):

https://documentation.meraki.com/SM/Tags_and_Policies/Security_Policies_in_Systems_Manager

 

https://documentation.meraki.com/SM/Tags_and_Policies/Security_Policies_in_Systems_Manager/Troublesh... 

PhilipDAth_0-1613601928249.png

And then you can dynamically assign policy based on that dynamic tag.

 

PhilipDAth_1-1613602051000.png

 

The biggest problem I had had is the Systems Manager agent does not check the machine posture very frequently (I think it might only do it on boot - not sure).  So it takes a while to get this to trip, but then once you have finished remediating the machine it can take a LONG time (like a day) for it to report that it is now fixed and remove the restriction.

 

I last tested this a couple of years ago, so perhaps it has improved.

 

 

If Meraki sorted this out and made it work on switches as well I could sell a tonne of Systems Manager licences.


@Super-Craig wrote:

It would work like the other AV's listed in the supported AV list in Network Access Control, where meraki would block access to the network unless AMP was installed on the device.


 

thanks my issue has been fixed.

What was your issue?

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels