I manage a network for my kid's school and we run an MX. With 400 students that bring their own devices as well as parents, teachers, administrators, and guests jumping on the network with all sorts of random mobile devices, every week is a learning experience. 1. Threat Prevent is setup Enable, Protect, Secure options. Detect is for suckers! 2. We segmented the network into vlans and setup access controls to restrict east west access for clients. 3. We go big brother style on content filtering because my kids and the kids for all my friends and neighbors are in the school and I care about all of them like they're my own. My goal is to add at least one domain per week to the Blocked URL patterns. 4. Layer 7 rules block several categories of apps like P2P, Gaming, file sharing, and more. 5. I review security center weekly. 6. We have the MDM on all internal systems. 7. I review Org Hosted Logs and look for domains and categories that are accessed and make updates. 8. For other domains and services, I have multiple rules in Traffic shaping to limit bandwidth for non essentials. So apple.com and icloud.com are limited to 100kbps. 9. Finally, i look at the clients list and sort by bandwidth utilization to see who is doing what. When someone pushes lots of data through they get blocked or we check out what they accessed. In the past 6 months, we haven't had a virus, malware or anything else hit the internal systems.
... View more