Our own Organization has recently installed a full Meraki suite over the course of this year, one of our primary goals as a retailer is protecting the storage and transmission of customer card data and PII. With Meraki products we were able to design a robust, current, and all-encompassing security landscape of MX Routers, MS Switches, MR Access Points to execute this requirement and support our goal of hardened Network/Information security. We accomplished this in three ways. First, we utilize AMP and IDS and Content Filtering in all of our MX Devices, we have had good experience with AMP in the past as we have a centralized Source fire IPS architecture, now we can extend this to the appliance level to stop threats closer to the source. We Respond to an investigate suspicious clients and react to malicious download or block notifications. Because the backend is managed by the experts, and is current, we trust the integrity of the definitions and the probability that emerging threats are contained. Secondly, we extensively use the Meraki Group Policy, Security Center, Tagging, and Firewall Framework to isolate sensitive systems and client access both inbound and outbound. We can tag certain SSIDs to be broadcasted for special events for vendors, we can also Tag networks and clients to inherit specific rules based on the needs of those sections, this makes it very easy to manage and easily add or revoke access. Lastly, we report on Traffic Analytic, Syslog’s and use the API to investigate unusual traffic or application/port anomalies to verify that this is expected or malicious behavior. By keeping these tools in the cloud we save time in maintenance and management of those systems. Having a single repository of information helps to correlate unusual activity and account for our inventory and access design.
... View more