Cloud-Managed Security for Distributed Networks with Cisco Meraki MX

Similar documents
Ciprian Stroe Senior Presales Consultant, CCIE# Cisco and/or its affiliates. All rights reserved.

JURUMANI MERAKI CLOUD MANAGED SECURITY & SD-WAN

Resilient WAN and Security for Distributed Networks with Cisco Meraki MX

Cisco Comstor

Cisco Meraki Cloud Managed IT Solution Derrick Phua. May 12, 2017

Cisco Meraki Cloud-Managed Networking. George Carlan

Cloud Mobility: Meraki Wireless & EMM

We re ready. Are you?

Meraki MX Family Cloud Managed Security Appliances

Meraki MX Family Cloud Managed Security Appliances

Cisco SD-WAN (Viptela) Migration, QoS and Advanced Policies Hands-on Lab

SD-WAN Deployment Guide (CVD)

Cisco Meraki MX products come in 6 models. The chart below outlines MX hardware properties for each model:

Connected Experiences

VeloCloud Cloud-Delivered WAN Fast. Simple. Secure. KUHN CONSULTING GmbH

Meraki MX Cloud Managed Security & SD-WAN

Meraki Z-Series Cloud Managed Teleworker Gateway

Meraki MX Family. Overview

MX Cloud Managed Security Appliance Series

AlgoSec: How to Secure and Automate Your Heterogeneous Cisco Environment

NSG50/100/200 Nebula Cloud Managed Security Gateway

Cloud-Ready WAN For IAAS & SaaS With Cisco s Next- Gen SD-WAN

MX Cloud Managed Security Appliance Series

NSG100 Nebula Cloud Managed Security Gateway

Meraki MX CLOUD MANAGED SECURITY & SD-WAN

Peter Henry Andersen Cisco SE Ib Hansen Cisco SE Tech Update 04 Maj Cisco and/or its affiliates. All rights reserved.

Cisco Cloud Security. How to Protect Business to Support Digital Transformation

MX Sizing Guide. 4Gon Tel: +44 (0) Fax: +44 (0)

Meraki Solution Brochure

Design and Deployment of SourceFire NGIPS and NGFWL

Meraki 2018 Solution Brochure

MX Cloud Managed Security Appliance Series

Cisco Firepower NGFW. Anticipate, block, and respond to threats

MR Cloud Managed Wireless Access Points

Aby se z toho bezpečnostní správci nezbláznili Cisco security integrace. Milan Habrcetl Cisco CyberSecurity Specialist Mikulov, 5. 9.

Cisco Meraki Overview. March 21, 2017

Beyond the network Meraki MC & MV. October 26, 2016

Cisco Next Generation Firewall and IPS. Dragan Novakovic Security Consulting Systems Engineer

Cisco Firepower NGFW. Anticipate, block, and respond to threats

Threat Centric Network Security

SEVONE DATA APPLIANCE FOR EUE

Cisco SD-WAN. Securely connect any user to any application across any platform, all with a consistent user experience.

Serviceability of SD-WAN

Cisco Advanced Malware Protection against WannaCry

Routing Underlay and NFV Automation with DNA Center

Borderless Networks. Tom Schepers, Director Systems Engineering

SteelConnect. The Future of Networking is here. It s Application- Defined for the Cloud Era. SD-WAN Cloud Networks Branch LAN/WLAN

Implementing and Configuring Meraki Technologies (ICMT-CT)

Cisco SD-WAN. Intent-based networking for the branch and WAN. Carlos Infante PSS EN Spain March 2018

Cisco SD-WAN and DNA-C

Cisco Security. Advanced Malware Protection. Guillermo González Security Systems Engineer Octubre 2017

Cisco ASA with FirePOWER services Eric Kostlan, Technical Marketing Engineer Security Technologies Group, Cisco Systems LABSEC-2339

MR Cloud Managed Wireless Access Points

Deploying Intrusion Prevention Systems

Implementing Cisco Edge Network Security Solutions ( )

Ipswitch: The New way of Network Monitoring and how to provide managed services to its customers

MR Cloud Managed Wireless Access Points

Enhanced Threat Detection, Investigation, and Response

Cato Cloud. Software-defined and cloud-based secure enterprise network. Solution Brief

Cisco SD-Access Building the Routed Underlay

Introduction to Cloud Networking. Company and Product Overview

Cisco Meraki solution overview Cisco and/or its affiliates. All rights reserved.

SEVONE END USER EXPERIENCE

Meraki 2014 Solution Brochure

Agile Security Solutions

SteelConnect. The Future of Networking is here. It s Application-Defined for the Cloud Era. SD-WAN Cloud Networks Branch LAN/WLAN

Compare Security Analytics Solutions

Simplifying WAN Architecture

NSG50/100/200 Nebula Cloud Managed Security Gateway

VeloCloud SD-WAN Subscription

Cato Cloud. Solution Brief. Software-defined and Cloud-based Secure Enterprise Network NETWORK + SECURITY IS SIMPLE AGAIN

Prepare Your Network for BYOD. Meraki Webinar Series

Cisco Firepower NGIPS Tuning and Best Practices

Business Resiliency Through Superior Threat Defense

Meraki MS Series Switches

Cisco SD-Access Hands-on Lab

Cisco Security Exposed Through the Cyber Kill Chain

Cisco - ASA Lab Camp v9.0

Intelligent WAN: Leveraging the Internet Secure WAN Transport and Internet Access

Introduction to Cisco SD- WAN (Viptela)

Simplifying the Branch Network

Passit4Sure (50Q) Cisco Advanced Security Architecture for System Engineers

SMALL BUSINESS. Model 20/30/50 30 LTE One 210/ BPL-210 BPL-310

Cisco Security Enterprise License Agreement

WHITE PAPER ARUBA SD-BRANCH OVERVIEW

Delivering the Wireless Software-Defined Branch

Meraki MS Series Switches

INNOVATIVE SD-WAN TECHNOLOGY

Introduction. Trusted by Thousands of Customers Worldwide. Recognized for Innovation

DCCS Business Breakfast. Walter Greiner Systems Engineer Sales März 2018

CCNP Switch Questions/Answers Cisco Enterprise Campus Architecture

BYOD the HP Way: Secure, Device-Agnostic Network Access Management Jochen Fischer Solution Architect (MASE) September 2013

Cisco Advanced Malware Protection for Networks

Tetration Hands-on Lab from Deployment to Operations Support

Security, Internet Access, and Communication Ports

Features. HDX WAN optimization. QoS

ExtremeWireless WiNG NX 9500

ISG-600 Cloud Gateway

Security, Internet Access, and Communication Ports

Security, Internet Access, and Communication Ports

Transcription:

Cloud-Managed Security for Distributed Networks with Cisco Meraki MX Joe Aronow, Product Architect

Cisco Spark How Questions? Use Cisco Spark to communicate with the speaker after the session 1. Find this session in the Cisco Live Mobile App 2. Click Join the Discussion 3. Install Spark or go directly to the space 4. Enter messages/questions in the space cs.co/ciscolivebot#

About the Cisco Meraki MX

Simplifying IT with cloud management A complete cloud managed IT solution Wireless, switching, security, SD-WAN, communications, EMM, and security cameras Integrated hardware, software, and cloud services Leader in cloud managed IT Among Cisco s fastest growing portfolios Over 140,000 unique customers Over 2 million Meraki network devices online 5

The Meraki full stack MR Wireless MX Security and WAN MS Switching Systems Manager EMM MC IP Telephony MV Security Cameras A complete cloud managed IT portfolio Single pane of glass management 6

A complete connectivity and threat management solution Security Next generation firewall AES encrypted VPN Intrusion prevention (IPS) Malware protection Geo-IP firewalling Networking 3G / 4G failover Branch routing WAN balancing and failover High Availability Intelligent path control Application Control Bandwidth shaping URL content filtering Quality of Service control 7

Why customers choose the Cisco Meraki MX Powerful security that s easy to implement Robust suite of Cisco Security technologies Intuitive GUI-based configuration Seamless updates from the cloud Exceptional scalability Zero-touch provisioning with cloud brokered VPN Easy centralized management with built-in remote troubleshooting tools Multi-location configuration templates Industry-leading visibility Fingerprints users, applications, devices, and threats Monitor one location or an entire deployment Unified monitoring and reporting with other Cisco Meraki technologies 8

Ironclad security Next Generation Firewall Intrusion Prevention (IPS) URL Content Filtering Geo-based security Application aware firewalling Based on Cisco Snort With over 80 categories and over 4 billion categorized URLs Allow or block traffic by country Malware Protection Automatic updates PCI compliance Cisco AMP and Threat Grid Software and security updates delivered from the cloud PCI 3.2 certified cloud management backend 9

Backed by Cisco Talos threat intelligence Internet-wide scanning 1.5 million malware samples / day 600 billion email messages / day 16 billion web requests / day Over 250 full time threat researchers Millions of telemetry agents 4 global data centers Telemetry Honeypots Over 100 threat intelligence partners Internal vulnerability discovery Open source communities Over 1100 threat traps 10

Reliable, cost effective connectivity with Meraki SD-WAN Dual uplink ports LTE failover Site to site VPN Intelligent path control Branch Routing High Availability Traffic shaping 2 uplink support on all MX models for load balancing and redundancy USB modem support in all models with automatic failover Cloud orchestrated VPN (Meraki Auto VPN) with load balancing and self-healing capabilities Policy based routing and performance based dynamic path selection Automatic route distribution via Auto VPN OSPF route advertisement BGP support coming soon Active/passive hardware redundancy Application bandwidth limiting and prioritization 11

Automated site-to-site VPN (Auto VPN) Simple Automatic Resilient Create VPN tunnels between locations with easy point-and-click interface, or apply configuration templates to enable and configure VPN at many locations at once VPN configuration generated and deployed automatically from the cloud create a mesh or hub-and-spoke topology with only a few clicks Automatically adjusts to changes in order to maintain secure connectivity during an ISP or datacenter outage, hardware failure, or IP address update 12

Application-aware intelligent path control Dual active VPN Load balance your VPN traffic over your hybrid WAN Policy based routing Select the preferred path for traffic based on protocol, port, source and destination IP, or even application Dynamic Path Selection Select the best VPN tunnel for traffic automatically based on performance The only solution to combine cutting edge SD-WAN with industry leading security technology 13

Extend Auto VPN and Meraki SD-WAN into AWS / Azure Datacenter 1 Branch Auto VPN SD-WAN AWS vmx Datacenter 2 14

Network Security use cases Cisco Meraki MX Cisco Firepower & ASA Existing Meraki customer Prizes simplicity first / Lean IT organization Needs high WAN performance with low cost Internet links (SD-WAN) Branch or distributed enterprise deployment Internet edge Enterprise edge deployment Datacenter Needs sophisticated threat investigation Existing Firepower, TrustSec, AMP for Endpoints customer 15

What s new

MX250 and MX450 Security Appliances Expanding the MX portfolio with new, high performance options High Throughput Flexible Interface types Modular redundant power 17

MX250 and MX450 Security Appliances MX250 MX450 Interfaces WAN 2 x 10G SFP+ 2 x 10G SFP+ LAN 8 x 1G RJ45 8 x 1G SFP 8 x 10G SFP+ 8 x 1G RJ45 8 x 1G SFP 8 x 10G SFP+ Firewall Throughput 4 Gbps 6 Gbps Recommended Clients 2,000 10,000 VPN Throughput 1 Gbps 2 Gbps 18

Z3 Teleworker Gateway Meraki Z1 Meraki Z3 New WAN 1 x 1GbE 1 x 1GbE LAN 4 x 1GbE 4 x GbE (1 x PoE) WLAN 802.11n 802.11ac wave 2 Firewall Throughput 50 Mbps 100 Mbps VPN Throughput 10 Mbps 50 Mbps 802.1x port authentication No Yes Vertical desktop mount No Yes Recommended clients 5 5 19

vmx100 for Azure Virtual MX now available for Microsoft Azure 500 Mbps VPN throughput Available in Azure Marketplace Full SD-WAN capabilities Same license 20

New release candidate firmware: MX 13.28 Security Threat Grid FQDN/hostname firewall rules Syslog export of AMP events DNS-based Google safesearch and Youtube restriction (Google s recommended method) Full list URL filtering cloud lookups for HTTPS flows based on cert request Connectivity Layer 7 SD-WAN policies OSPF advertisement on LAN of NAT mode MX 1:Many NAT over AutoVPN BGP for VPN route redistribution Uplink IP configuration from Dashboard MX load monitoring Loss and Latency reporting (Uplink SLA) capabilities now enabled in Passthrough mode 21

Introducing Meraki Insight

Sound familiar? This is IT. How can I help? The network is slow My Wi-Fi is broken My Internet is down 22

External Internal What contributes to poor end user experience? LAN congestion Rogue actors Network design Network capacity limits WAN congestion Deploy Meraki Dashboard Tools (Traffic shaping, QoS, Air Marshal) Address with training, more infrastructure Application errors Application server processing time Authentication / DNS server response time Apply Meraki Insight 23

Meraki Insight Provides end-to-end visibility into how your end-users are experiencing their SaaS applications. Assists with application performance management and troubleshooting. QUESTION: How does this differ from what is built in? This offers data for external factors, including the entire Wide Area Network, ISPs and SaaS applications like Office 365, Salesforce.com, etc Similar to 3 rd party tools such as SolarWinds, Netscout, ThousandEyes 24

Meraki Insight in the dashboard 25

Meraki Insight in the dashboard Insight into both the network and application layers 26

Meraki Insight in the dashboard 27

Our first probe for Meraki Insight Meraki MX 28

Cisco Security Integrations and portfolio positioning

Analytics and Insights Threat Intelligence Cloud and Web Security Posture and Policy Security Architecture Network Infrastructure Malware Firewall Meraki MX Cisco ISE and TrustSec Remote Access Intrusion Prevention Endpoint Management = Limited integration or interoperability = Deeper integration = Active development or beta 31

Current integrations - Stealthwatch Integration details NetFlow export from MX can be consumed by Stealthwatch or Stealtwatch Cloud Key limitations No Flexible NetFlow No NAT flow stitching 32

Network-wide > General 33

Current integrations - ISE Integration details RADIUS authentication using ISE for wired connections on all MX64/MX65/Z3 models RADIUS authentication using ISE for wireless connections on MX64W/MX65W Key limitations No TrustSec capability on MX 34

ISE / Meraki feature compatibility matrix 35

Current integrations - Umbrella Integration details Use Umbrella resolvers for DNS resolution when serving DHCP from MX Key limitations No edns forwarding capability No visibility into applied Umbrella policies in Meraki Dashboard 36

Security Appliance > DHCP 37

Current integrations - AMP Integration details AMP for Networks with Threat Grid sandboxing on MX Native malware event visibility in Meraki Dashboard via Security Center Retrospective alerting via Dashboard and email alerts Key limitations No correlation/trajectory between AMP on MX and AMP for Endpoints Only files downloaded via HTTP are inspected on MX 38

AMP and Threat Grid integration with MX 1 2 3 Service File Reputation File Analysis File Retrospection Function Blocking of known malicious files Behavior analysis of unknown files Retrospective alerting upon disposition change Powered by AMP Cloud Threat Grid AMP Cloud *Trigger 39

Architecture? File Threat Analysis Grid File Analysis File AMP Reputation Cloud File Reputation Threat Intelligence Threat Intelligence NGFW NGIPS ISR ESA / CES WSA / Umbrella Endpoint Email Web Host ISE Stealthwatch Meraki MX Network Attached Controls 40

Meraki Security Center events Aggregated view of security events: File Analysis and Disposition Changes Quick drill into file analysis results Event filtering capabilities 41

Meraki Security Center events Aggregated view of security events Quick drill into file analysis results Identify clients and networks that are potentially infected 42

Current integrations Snort IPS Integration details Three curated IPS rulesets for detection or prevention Native IDS/IPS event visibility in Meraki Dashboard via Security Center Key limitations No customization of IPS rule sets Single-packet flows will not be blocked due to Snort not being run in-line 43

Organization > Security Center 44

Security Appliance > Threat protection 45

Two way communication with Talos Inbound Talos threat research and intelligence informs Snort signatures and the AMP malware database used on the MX Outbound Snort IPS telemetry data is provided back to Talos to inform threat research activities AMP lookup data from MXes is available to Talos, just like with other platforms 46

Demo

MX Product Portfolio

Simple, use case driven licensing Enterprise License Advanced Security License Next Generation Firewall Site-to-site and client VPN Intelligent path control Link bonding and failover Bandwidth shaping and QoS Branch routing All enterprise features, plus Content filtering (with Google SafeSearch enforcement) Cisco Advanced Malware Protection Snort IDS/IPS Threat Grid integration* Geo-based firewall rules Web caching Active/Passive high availability *additional Threat Grid subscription required 49

MX portfolio Teleworker Small Branch Medium Branch New Z1 Z3 ~5 users 802.11ac Wireless & PoE MX64 MX65 ~50 users 802.11ac wireless & PoE MX84 ~200 users FW throughput: 500 Mbps MX100 ~500 users FW throughput: 750 Mbps FW throughput: 50-100 Mbps FW throughput: 250 Mbps Large Branch, Campus or Concentrator New New Virtual New MX250 MX400 MX450 MX600 vmx100 for AWS & Azure ~2,000 users FW throughput: 4 Gbps ~2,000 users FW throughput: 1 Gbps ~10,000 users FW throughput: 6 Gbps ~10,000 users FW throughput: 1 Gbps FW throughput: 750 Mbps VPN & SD-WAN features All MX devices support 3G/4G 50

Cisco Spark How Questions? Use Cisco Spark to communicate with the speaker after the session 1. Find this session in the Cisco Live Mobile App 2. Click Join the Discussion 3. Install Spark or go directly to the space 4. Enter messages/questions in the space cs.co/ciscolivebot#

Please complete your Online Session Evaluations after each session Complete 4 Session Evaluations & the Overall Conference Evaluation (available from Thursday) to receive your Cisco Live T-shirt All surveys can be completed via the Cisco Live Mobile App or the Communication Stations Complete Your Online Session Evaluation Don t forget: Cisco Live sessions will be available for viewing on-demand after the event at www.ciscolive.com/global/on-demand-library/.

Continue Your Education Demos in the Cisco campus Walk-in Self-Paced Labs Tech Circle Meet the Engineer 1:1 meetings Related sessions 53

Thank you

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback