Protecting our customers

A look into the WannaCry outbreak and how Meraki MX prevents its spread

Updated on 6/28 to include additional resources

The WannaCry Ransomware outbreak started hitting the headlines around the world on May 12th. This is just the latest in a particularly pernicious type of exploit, which typically involves locking or encrypting data to render a computer unusable, and then demanding a ransom to have that encryption removed. Sadly, many victims have felt compelled to pay up, even when there is no guarantee their system will recover, which only encourages criminals to repeat their behavior.

Wana_Decrypt0r_screenshot

Exploits of this nature are entirely indiscriminate in the way they target their victims, seeking out any unpatched machine or unwary user. Unfortunately this means that even systems crucial to protecting lives can be affected, as was the case with WannaCry. The ransomware hit, among many others, the UK’s National Health Service, causing severe disruption to vital services. This was not the first attack of this kind, and we can be sure it won’t be the last.

This attack serves as a reminder of the importance of keeping our computer systems patched, but human nature being what it is, there will always be systems vulnerable to attack. So what else can we do to protect ourselves? Fortunately, Cisco invests heavily in security technology and boasts the industry’s foremost threat intelligence organization, Talos.

Among the tools maintained by Talos is Snort, the industry leading intrusion detection and prevention technology, which is integrated into every Meraki MX. Snort performs real-time traffic analysis and packet logging in order to identify traffic patterns that match known threats. The good news for Meraki MX customers is that if they have Intrusion Prevention enabled and set to the ‘security’ ruleset on the Threat Protection page, the signatures for WannaCry are already in place, having already been added to the Snort database. For this outbreak we’ve taken the additional measure of adding them to the ‘balanced’ ruleset as well, to protect a broader set of customers against this threat.

We’re proud of our integration of critical Cisco security technologies like Snort and Advanced Malware Protection into our MX platform, ensuring that customers who choose Meraki enjoy world-class protection for their valuable network assets. A much more detailed breakdown of the outbreak and the work of the Talos team on it can be found in their blog post here.

To learn more about the many capabilities of the Meraki MX, please view our detailed video on the threat and how Meraki MX defends against it. You can always sign up for one of our webinars to learn more.