Here are my answers.      Q1. BBC Radio. If the switch description ‘Eddie’ refers to Eddie Nestor then, specifically, BBC Radio London Drivetime Q2. 25th of May (Towel Day) Q3. Phishing (So long, and thanks for all the phishing) Q4. Don’t Panic Q5. What is the Answer to the Ultimate Question of Life, the Universe, and Everything Q6. Marvin the Paranoid Android Q7. Deep Thought. Q8. Neil Young is the artist (Heart of Gold is the song). Q9. arthur.dent@human.from.earth Q10. Douglas Adams was the author (decode keyword BABELFISH 😉 ).   Enjoyed the scavenger hunt, appreciate the effort put in to the questions !!.   Cheers Steve ... View more

Great discussion - SSL inspect is getting more difficult. TLS1.3 introduces some additional challenges and having the client downgrade to TLS1.2 for the MIM/Inspection Device which will then negotiate 1.3 to the target service seems to be the workaround thinking. Major issue is that for any of this to work, you have to have every endpoint under management in order to deploy (and have trust) the MIM/Inspection Device certificate. This, in itself, becomes more challenging when we allow BYOD or IoT devices (I use the term IoT as a catch all that would be non-PC/User Device related........even printers, network enabled displays, etc).   A layered defense model is as valid today as it has ever been. Endpoint, Network & Cloud as macro categories to look at layers of protection seem reasonable and, then, to have orchestration, threat management across the macros would also seem reasonable. This you'll see from Cisco around things like Cisco Threat Response (CTR) top level with services such as Umbrella and AMP for Endpoints feeding in to it (amongst others - such as Cloud Email Security (CES), another entry point for sneaky malware :)).   Umbrella in combination with AMP for Endpoints (AMP4E) is a great Endpoint Protection combination. Umbrella Roaming for those DNS/Intelligent Proxy protections when off-net and AMP4E to protect against everything else (and with CTR to give you a fighting chance to respond to the gnarly stuff it (probably when) it ever happens). For Umbrella Intelligent Proxy, here SSL (if endpoint is managed) can be inspected but is done selectively and based on Umbrella ranking of sites (not configurable as to what is and isn't inspected, I believe).   Encrypted Traffic Analytics is another great area to look in to. Here, the idea is to correlate a number of elements/attributes of network traffic and to provide a high-degree of probability score against malware (encrypted) without having to decrypt it. It might be worth looking in to upcoming ETA support in Stealthwatch Cloud (great add-one for Meraki implementations) and, perhaps, ETA capable Netflow in Meraki devices (I believe there's a form of netflow already in MX units) going forward.   As an extra bonus, if your endpoints happen to use AnyConnect VPN clients, there's a great wee module in there called the Network Visibility Module. So whether an endpoint is on-net or off-net, you can be collecting network telemetry (including processes that kicked off the network traffic, etc) to be consumed by the likes of Stealthwatch (or other systems, such as Splunk) to get some super-valuable insight in to the behaviour of the endpoints.   Lastly, you might also be interested in Umbrella SIG (Secure Internet Gateway) in combination with the MX units. Here, it would be possible to use the Full Proxy service of SIG (relatively new) where, again, managed endpoints would have their SSL Proxy as the Umbrella SIG and, therefore, protected their (Umbrella service also runs AMP, for example, as a service).   Great discussion and kind regards, Steve ... View more