As many IT professionals already know, the Internet can be a dangerous place. The unfortunate reality is that not everyone out there just wants to show you adorable cat pictures. With the threat landscape continuing to evolve and the number of Internet-connected devices growing faster than ever, it has never been more important to have powerful security tools at your disposal to prevent malicious software from compromising your network.
It is with that in mind that the Meraki development team and the Advanced Malware Protection (AMP) development team have been hard at work to bring the best anti-malware solution in the industry to the MX Security Appliance. This integration will allow network and security administrators to take advantage of AMP’s global threat intelligence database alongside the unparalleled ease of use and powerful feature set of the Meraki MX.
Not only does the AMP database include over 500 million known files, it receives over 1 million new malware samples per day. Between file sandboxing, a variety of industry threat feeds, and the diligent work of our Talos threat intelligence team, we ensure that AMP customers are protected against even the most cutting-edge malware. You can learn more about AMP here.
So what does the AMP on Meraki MX integration add from a functional perspective? Here’s the breakdown of what’s new in the beta:
–AMP file scanning: the “Malware detection” selector on the Security Filtering page in Dashboard now enables AMP. When AMP is enabled, downloaded files will be checked against the global AMP database to ensure that they are not malicious before they are allowed to enter the network.
–New Security Center reporting page: to ensure that you have the latest information about malicious files or attacks on your network, we’ve completely overhauled the Security Reports page into the new Security Center. This page combines information from both the IPS and anti-malware features to give a holistic view of network security. We’ll have a separate blog post specifically about the use and capabilities of the Security Center coming soon, so keep an eye out for that.
–Retrospective alerting: no solution, no matter how powerful, can detect 100% of all malware. However, with retrospective alerting administrators will be notified retroactively of malicious files entering the network even when those files were not known to be malicious at the time. Through the Security Center, administrators can determine which clients downloaded the malicious file and take corrective action.
–Threat Grid sandboxing (coming soon): stay tuned for another update in the coming months about integration with Cisco’s Threat Grid malware sandboxing solution, which allows administrators to send unknown files to either a cloud or on-premises sandbox so that it can be executed safely in a virtual environment and inspected for malicious content. Threat Grid integration is not part of the current beta.
Here’s the best part: if you have an Advanced Security license, you can try out AMP on MX for yourself right now. Simply reach out to our Support team and ask to be added to the AMP beta, and they’ll work with you to schedule a time to perform the upgrade. Over 1000 MXs are currently running AMP, and the feedback we’ve gotten from that initial beta pool has been phenomenal. We want your feedback too, so if you’re interested in having these great new capabilities on your MX, give us a call! Don’t forget that you can always opt in to this and future betas by checking the “Try beta firmware” box on the Network-wide>General page in your Meraki Dashboard.
It is with great pleasure that we announce the publication of a new guide focused on the wired networking world. Our new Campus Access Deployment Guide is designed to help customers who are in the process of designing larger networks. There’s much to consider: security, redundant network architectures, power, Quality of Service, troubleshooting, traffic analysis, the list goes on.
Meraki switching is designed to be easy to configure, deploy and troubleshoot and there are many ways in which these attributes manifest themselves, like our helpful remote packet capture and cable testing tools, and our recently announced switch templates. Even with this simplicity, the design of a highly available, fast performing and well understood network is no trivial task, requiring a degree of skill. Our aspiration for the Campus Access Deployment Guide is to assist in the process and serve as a checklist for the network engineer.
We do hope the document proves useful, and as ever, please send your feedback so we can continue to improve its value.
Last Wednesday was a day with a difference at Meraki HQ as we played host to the Cisco Tactical Operations team, affectionately known as TacOps. This inspiring group within Cisco responds to some of the world’s most challenging disasters, both natural and man-made, bringing communications capabilities to the unconnected.
The Meraki team are very proud of their contribution to this group. With its fast time to deploy, Meraki technology is perfectly suited to a role like this, making it possible to bring up a complete wired and wireless network within minutes.
To give those of us working at HQ a chance to see this work up close, and talk to those directly involved on the ground, the TacOps team brought one of their Network Emergency Response Vehicles (NERV) to the office for tours and discussion. A beautifully sunny March day encouraged members of the team to head outside to tour the NERV, which was operating just as it would in the field, providing data and voice communications via a dedicated satellite link.
For Merakians interested in learning more from the team, a presentation went through some of the emergencies the team has previously responded to, including the earthquake in Haiti and the Syrian refugee crisis on the borders of Europe. In every case, re-establishing communications is vital – even life-saving – to those affected or displaced by these terrible tragedies. There’s always more that can be done, so the TacOps team shared some ways in which Cisco employees can contribute today.
It’s hard to overstate the importance of this work. TacOps updates can be found on Twitter and Facebook.
There has been a lot of excitement around the strategic partnership between Cisco and Apple. While there is still more to come from both companies down the road, Cisco Meraki is pleased to share enhancements on the mobile device and Enterprise Mobility Management fronts.
This week we introduced same day support for iOS 9.3, enabling IT administrators to take advantage of new functionality with no disruption to their workflow. Meraki Systems Manager makes it easy to upgrade devices to iOS 9.3 and future releases, with support for over the air OS updates for supervised devices. With just a couple of clicks in the dashboard, IT administrators can rest assured that their organization’s devices are running the most secure, up-to-date version of iOS, without the headache of manually updating each device individually, or relying upon users to do it themselves.
Apple has added several new features to iOS 9.3 which will benefit those using an EMM solution, including the ability to hide all system level apps (excluding settings). This ensures that end users can only access approved applications on a managed device, and can help prevent the device from being used inappropriately. This functionality can be especially useful in environments like retail, or kiosks, where device use needs to be restricted to a very narrow purpose. For supervised devices, iOS 9.3 also gives administrators the option of customizing a Lock Screen Message that can be displayed in the login window, and lock screen.
In addition to new MDM functionality, iOS 9.3 adds several other benefits, like the ability to password protect notes, and a Night Shift mode which can help employees, students, and teachers sleep better at night so they’re fresh for challenges of the next day. Check out Apple’s update for more information.
General availability for full iOS 9.3 functionality is coming in April. Stay tuned for even more information on features like support for Classroom Manager, which Apple will have generally available very soon.
A few months ago, we asked our blog subscribers to submit stories of their experiences with Meraki cloud managed access points, switches, security appliances, and MDM. We wanted to hear how Meraki has helped advance the unique missions of our customers, and we received many fantastic submissions. We’d like to extend an enormous thank you to everyone who took the time to write in!
One customer that we’ve worked with since then to craft a case study is E la Carte. Revolutionizing the future of Smart Dining™, E la Carte provides a comprehensive guest ordering and pay-at-table solution for restaurants across the nation, with customers such as Applebee’s, Johnny Rockets, and Outback Steakhouse.
“Think of us as a network within a network,” says Dan Smith, the Director of Operations and Information Security for E la Carte. Dan and his team deploy and manage nearly 100,000 wireless tablets to provide an advanced dining solution that securely connects to the point of sale system in each unique dining environment. This is where Meraki cloud managed access points and security appliances come into play.
With seamless wireless connectivity for the tablets, the security capabilities of a Meraki UTM device at each location, and a full stack of Meraki gear at headquarters, the E la Carte team has found efficiency gains in the ease now associated with onboarding new members, remote troubleshooting, and device configuration.
This post is meant to be merely a teaser – get the full scoop in the case study here.
Thank you again to everyone who submitted, and keep an eye out for more winners (and contests) in the future!
A year ago we published a blog post covering configuration replication for multisite networks. We covered Security Appliance and Wireless templates, and the closest equivalent we had at the time for switches: cloning.
Switch cloning has served our customers well for a long time with one important caveat. Unlike a template, cloning is a one-time action – perfect for an initial rollout, but not so great for the inevitable moves, adds and changes which follow.
It’s time to align switches with the other products, so today we’re delighted to announce the rollout of switch templates to all Meraki customers.
With a template, the benefits endure. Once a network containing switches is bound to a template, any changes made to that template will be reflected on the bound networks. Suddenly a single config change can immediately impact thousands of switches simultaneously. As they say in the Unix world, ‘With great power comes great responsibility’.
Here’s how things get set up. First, from the ‘Organization > Configuration templates’ screen, select ‘Create a new template’. The option list for template types now includes switches as well as wireless and security appliances. It’s also possible to inherit settings from an existing network to use as the template blueprint.
Once the template is created and named, the next decision is which existing networks will be become targets for the template, becoming effectively ‘child’ networks (another name for a network which is bound to a ‘parent’ template).
Once this is complete the template will then be available in the networks list. Simply select the template to begin configuring for all child networks.
When configuring a template, menu options are similar to those for configuring a single switch. Firstly, a template will contain common settings which apply across all switch variants, and then model specific settings grouped into ‘switch profiles’. In this context, a profile represents a group of switches with the same port mix. For example, both MS220-8 switch models, which have 8 x 1GbE ports and 2 x SFP interfaces, would have the same profile associated with them. Typically a template would be built for, say, a site, or perhaps a wiring closet, which would then contain multiple switch profiles. Individual switches can be bound or unbound from the profile.
This simple diagram illustrates the relationship between switch templates and profiles:
One great example demonstrating the power of templates is the configuration of switch profile ports. In the screen capture below we’ve selected ports 1-5 because we’ve determined they’re to be used for a common purpose: let’s say VoIP phones. We’ll tag the ports as ‘voip’, make these access ports, and place them in VLAN 10. This configuration will now apply to ports 1-5 on every MS220-8 bound to the selected profile.
There are two caveats to keep in mind when going down the templates path. Firstly, physical stacking and profiles do not mix. It’s not possible to stack profiles or child switches of profiles. Secondly, we’re employing a feature we’re calling ‘Local override stickiness’. Config changes made to an individual switch take precedence over what’s in the profile, even if the profile settings subsequently impact the same areas of configuration.
We have one more powerful feature to cover, and that’s the ability to set up automatic binding of switch models to a template. With this option, whenever a switch network is bound to a template, its switches can be synced automatically with pre-existing switches of the same model. This provides a powerful way to reduce the number of switches requiring direct configuration. In a stroke we’ve made life significantly easier for large organizations managing thousands of switches.
Switch templates are available starting today and we know this is going to be a big hit with our customers. We just made life easier for each and every one of them! In fact, we’re picturing their IT teams doing a happy dance right now!
Adding new features is a journey, not a destination, and at Meraki we believe that we do a better job when we listen to our customers, so please let us know what you think of this powerful new feature. There’s no better way than through the ‘make a wish’ box on every dashboard screen, and of course you can reach out to us on Twitter or in our community. We look forward to hearing your feedback and suggestions.
We’ve all read the horror stories. Passwords, private photos, corporate data, government secrets. What hasn’t been compromised at some point? Connectivity is so important to us that sometimes we forget we may not be the only ones joined to that café hotspot. Thankfully today many of the services we access are reached over an SSL connection, but a Virtual Private Network (VPN) remains the best way to protect all traffic.
Using a VPN in itself is not so hard. An iPhone with VPN configured will simply present a toggle for the user to slide.
So the issue isn’t connecting to VPN, but configuring it in the first place. Even people who consider themselves ‘technical’ can struggle here, because VPN configuration requires the user to configure several settings. Here’s what the iPhone owner is confronted with when attempting to add a new VPN configuration:
Meraki to the rescue! Customers who deploy one of our powerful MX Security Appliances together with Systems Manager have everything they need to build a turnkey VPN solution in their hands. Among the Security Appliance’s many features are comprehensive site-to-site and client VPN. Pairing an MX with Systems Manager adds a number of powerful security features we call Sentry.
To get things set up, log on to the dashboard and head over to the Client VPN settings page on the MX to which VPN clients will connect. Enable the Client VPN server and then enter the desired settings and then select ‘Systems Manager Sentry VPN Security’. This will open up a new panel as shown here:
In the Sentry VPN section the admin chooses the Systems Manager network (if there is more than one) and the scope of devices which will receive the VPN settings. The usual Systems Manager tags are available here, both static and dynamic, enabling tight control over which devices will be enabled for VPN. Finally, determine whether this should be a full tunnel VPN (Send All Traffic, a good choice when on unfamiliar networks), and any proxy settings before clicking save. That’s all there is to it! Oh, and we can perform the same trick for Mac OS X too and Samsung Knox enabled Android devices.
This truly is simplicity at its best. No need to worry about user configuration, or shared secrets, or server credentials. Everything is automatically pulled from the selected Security Appliance and then pushed out through a profile update to managed clients. The client device will then see the VPN option in settings, and then need only click the toggle to bring the VPN up.
Not ready to purchase a Security Appliance yet? Systems Manager will also allow the manual configuration and deployment of VPN server credentials for any L2TP, PPTP, Cisco IPSec or AnyConnect server.
Sentry is the name we give to a range of security related features which can be used when deploying Systems Manager into an environment with a Meraki network infrastructure. We’ve covered several of these features already on the blog. In this case, Sentry VPN overcomes the biggest obstacle to secure network communications, making it a cinch to set-up, and a trivial option for the end user. Coffee shop productivity just got a lot more secure.
Try Systems Manager on for size by heading over to our website. As with all Meraki solutions, the software is all driven from and accessed via a robust cloud architecture. There’s no hardware required to get started, making it easy to take for a test drive from the comfort of your chair.
Some of the responses we received from last week’s Meraki and Girls in Tech’s‘ Empower the Change’ event were: “Push the boundaries!!!” “Thrive on everyone’s success.” “Be the change I want to see in the world.”
Girls in Tech is a global nonprofit that emphasizes the importance of empowerment, engagement, and education of women who are passionate about technology.At Meraki, we also emphasize those values and actively work to enable diversity across all of our teams, and to eliminate negative stigmas and mindsets.
We partnered with Girls in Tech to inspire everyoneto be the best version of themselves and to continue to build valuable skills throughout their careers. On this particular occasion, Meraki hosted the San Francisco chapter of Girls in Tech for a night of motivational panels and discussions. With 80 Girls in Tech guests and over 50 Merakians in attendance, we’re pleased to report that the night was a smashing success.
Meraki’s own Kelly Koskelin and Meghan Gaudet enjoying themselves on the panel while answering important questions for the audience.
The five featured panelists were Kelly Koskelin, Backend Infrastructure Team Lead at Meraki; Meghan Gaudet, Product UI Team Lead at Meraki; Moriel Schottlender, Software Engineer on Wikimedia’s Collaboration Team; Nikita Mitchell, Senior Manager in Strategy and Planning at Cisco; and Sarah Harrison, Consultant, UX instructor & Design Strategist, Previously UX Lead at TaskRabbit. These inspiring women covered topics such as pivotal points in their career that influenced their path to tech, skills they recommend working on (and that they themselves are actively building), who to ask for help when changing careers, and steps to obtain the next leadership position.
Sarah Harrison giving advice on how to negotiate your salary when accepting a new job offer.
We were moved by the stories and advice shared by speakers and attendees, and look forward to hosting more events like this in the future. We want everyone to proudly contribute their unique ideas and personalities to the tech space, regardless of ethnicity, race, or gender.
Let’s try this again: Finish the sentence, “I’m empowered to…”