Archive for June, 2019

Exploring Snort

Introduction

The internet can be a dangerous place, with malware, ransomware, worms and botnets to name just a few things. How can you keep your organization and its data safe?  The Meraki MX leverages some industry-leading security technologies and puts them in the hands of users, network operators and partners whilst simultaneously making them easy to enable.  

In this blog post, we will explore one of the security technologies that Meraki utilizes to help keep users safe, namely Snort, which is an open-source network intrusion detection system/intrusion prevention systems (IDS/IPS).

What exactly is IDS/IPS?

Before we talk about why we think Snort is great, we first need to talk about what an IDS/IPS is.  

IDS/IPS systems are devices or software that monitors networks or computers to detect malicious or anomalous behavior.  An IDS simply alerts the network or system operators of malicious or anomalous behavior, whereas IPS will also actively prevent this behavior.  

To provide an analogy, think of a firewall as a door securing access in and out of a controlled area.  The IDS is akin to a security camera pointing at the door, whereas an IPS is a security camera with frickin’ lasers!

image credit: thinkgeek.com

Why is Snort #1 in the industry?

For a start, Snort, under the guise of Cisco, has consistently been in the upper right-hand corner of Gartner’s Magic Quadrant for IPS for many years.  Fundamentally, Snort is the #1 IPS in the world because it is the most widely deployed, with over 4 million downloads open-source variant alone. That doesn’t even take into account the variants running on Cisco FirePower Firewalls, Cisco ASA with FirePower services firewalls, and Cisco Meraki MX security appliances.  

The open source nature of Snort’s development provides the following benefits:

  • Rapid responseCisco Talos is constantly (24x7x365) updating the rulesets that Snort uses, meaning organizations that leverage Snort are quickly protected from emerging threats.
  • Greater accuracy – The rulesets running on Snort are reviewed, tested, and improved upon by the community of users, which means organizations using Snort are leveraging the knowledge of security teams worldwide.
  • High adaptability – The open source nature of Snort means that companies and organizations can build the power of Snort directly into their own applications.

Snort isn’t a silver bullet on its own,  but no security technology is.  That is why at Meraki we expose the threat information identified by Snort and other technologies in a single pane of glass, enabling network defenders to  quickly and easily understand whether a threat is targeted (and hence serious) or part of the background of the internet.

That single panel of glass is the Meraki Security Center, and it allows network defenders to see all threat data in a given network for 30 days and, in three or four clicks, lock in on a potential issue whilst cutting through the noise.

Talos?

In its own words, Cisco Talos is the industry-leading threat intelligence group fighting the good fight!  They are a team of exceptionally talented women and men who peer into the dark corners of the internet to protect your organization’s people, infrastructure and data.  Their researchers, data scientists and engineers deliver protection against attacks and malware that underpins the entire Cisco security ecosystem, Meraki included.

If you would like to learn more about Cisco Talos, then we recommend subscribing to the ‘Beers with Talos’ podcast and listen to Mitch, Craig, Joel, Matt & Nigel break down the latest threats and trends.  With the exception of Nigel (who does support the best football team in the world, so he gets a pass), the Beers with Talos team runs Meraki MX Security Appliances in their home networks!

Conclusion

The implementation of Snort on Meraki’s MX security appliances typifies Meraki’s philosophy; we take an industry leading, best-in-class technology and we make it simple to enable and configure.  All while making the data you get from it both easy to understand and to act on.

If you think your organization could benefit from the power and simplicity of Snort in the Meraki MX Security Appliance, contact Meraki sales today.

References 

Action Batches: A Recipe for Success

We’ve been hard at work making it even easier for developers to build and deploy with the Meraki platform! We recently released action batches – a batch framework that allows developers to create custom, sequenced “recipes” (or batches) of API commands to write applications, spin up networks, and/or execute a series of configurations across any number of networks.

With action batches, a configuration task that previously required 100 requests can now be accomplished with only one! Other benefits and capabilities for developers include:

  • Reduced code complexity – deploy multiple changes across networks and devices
  • Improved efficiency – run batches synchronously or asynchronously
  • Avoid rate call limits – significantly reduced limits for high-scale configuration changes
  • Bulk error detection – ensure all updates will succeed before changes are committed

Here’s an example of action batches in action. In this video demo, we’ll use the Meraki dashboard and Postman (a tool for working with APIs) to show different elements of an action batch we have pre-baked. In just a few minutes, we will use action batches to configure multiple global networks, claim devices in these networks, and configure a host of settings on these devices. To learn more about this demo (or run it yourself) check out this guide on our Developer Hub.

https://www.youtube.com/watch?v=–xaAmxeIwE&feature=youtu.be

At launch, here are the resources supported by action batches:

  • Group policy (create/update/delete)
  • Network (create/update/claim)
  • Device (remove/update)
  • VLAN (create/update/delete)
  • Wireless traffic shaping (update)
  • Switch port (update)
  • Radio settings (bind)
  • Management Interface Settings (update)

…but wait, there’s more! Alongside the release of action batches, we’d like to highlight some other exciting new endpoints now available for the Meraki dashboard API:

  • Group policy provisioning (create a new policy or modify settings for an existing one) 
  • Management IP addressing (set DHCP vs. static IP addressing, gateway IP, VLAN, subnet mask and DNS servers)
  • Webhook Logs for an Organization
  • Organization-wide device index 
  • Switch port profile bind (for switch templates)

For additional details on action batches and other new endpoints, please visit the documentation on our Developer Hub. We will also talk more about these on our upcoming API webinar – register here to join us!

A Revolutionary Way to Not Watch Video

When it comes to our favorite shows, riveting movies, or funny cat videos, some of us can’t get enough screen time. But reviewing security camera footage is another matter. When tasked with going through hours of video to understand what happened during a particular incident or situation, most of us want a way to figure it out as quickly as possible.

What if there were a way to see the entirety of an event in a single image? Motion Recap makes this possible.

Motion Recap takes advantage of the Motion Search 2.0 algorithm, which uses background subtraction to isolate motion. Imagine a person walking down an empty street. Things in the background — buildings, signs, trees, or parked cars — remain unchanged. The only thing that changes is the location of that lone individual. Now imagine that activity as a series of still frames. A Meraki MV Smart Camera analyzes those frames to determine what is the same in each — in other words, the background. When the background is removed, what remains frame over frame is the motion (the individual walking).

A lone individual makes their way down the street.

Motion Recap images are composite images, built in-camera, that summarize a motion event. In the example described above, the Motion Recap image is created by superimposing the individual on the background at set intervals as they make their way down the street. This image allows the viewer to understand the entirety of an event with just a glance, instead of watching a 30 second video clip to see that the person did indeed walk down the street.

The path of a delivery person shown in a Motion Recap image

Find What You’re Looking for, Faster

The new Motion Recap feature on MV smart cameras enables users to find answers without having to watch video. Motion Search results are now displayed as Motion Recap images, allowing users to understand what has happened in video, without ever watching it. Say you need to find out who placed this dog toy on the couch in the video feed below. You use Motion Search to select the dog toy, and the Meraki dashboard returns results containing motion in that area.

Who moved the toy? Isolating activity using Motion Search.

Below are the six Motion Search results, returned as Motion Recap images. We can see the toy is on the ground in the top left image, and on the couch in the bottom middle image. In the fourth result, the bottom left, we can see an individual reaching down to pick up the toy and place it on the couch.

Motion Recap images offer answers without watching video.

Motion Recap images are grouped by events, and each image contains up to 30 seconds of motion. Longer events are made up of multiple images. By selecting any Motion Recap image, we can scroll through to view other images, or watch the corresponding video for that event.

Want to see the demo in action? Check out this video to find out how Motion Search and Motion Recap solve the mystery of who stole the MV Gnome in our office.

Motion Recap image from an MV32 fisheye camera

Motion Recap is now available to all customers with second generation MV smart cameras (models ending in -2). Users can toggle between Motion Recap and list view results using the buttons on the right-hand side. Or, if you prefer the list view, disable Motion Recap completely on the “Quality and retention” tab.

Let us know what you think about the new Motion Recap feature in the Meraki Community or request a risk-free evaluation to try out MV for yourself!

Insight into the Google Calendar Outage

By Shashwat Sehgal and Neeraj Periwal

Yesterday, the internet was abuzz with the news that Google Calendar was down for several hours worldwide. With over five million businesses large and small reliant on G Suite, this outage had a major impact on workers’ productivity, since people couldn’t check their meetings on the desktop version of Google Calendar. And, of course, there were tweets. So. Many. Tweets.

Since Meraki uses G Suite internally, once we realized that many of our employees couldn’t access their calendars we immediately got to work to investigate the root cause of the issue. Fortunately, thanks to Meraki Insight, our IT team was able to detect the problem in a matter of seconds and begin troubleshooting before users even noticed there was an issue.

Meraki Insight helped our IT team learn, in real time, that Google Calendar was down due to a Google server issue, not because of a problem with Meraki’s LAN or WAN. Having access to this information helped us save multiple hours of investigative work; without knowing that it was a server issue from the start, our team would have frantically been calling our ISP and trying to detect issues with the LAN.

It all started with an email alert, around the time of the actual outage.

By digging deeper, Meraki Insight helped us learn that several servers on Google’s end were partially affected, while two to three were severely affected.

To top it all off, we needed to know how many users on the corporate network were affected by this outage. The short answer: a LOT!


Though SaaS applications are mostly reliable, yesterday’s incident goes to show that they’re never perfect. With more organizations worldwide reliant on cloud-based apps like G Suite, Office 365, and others, the ability to quickly isolate why issues are occurring when they do materialize is crucial. Meraki Insight helps companies know whether a problem is something uncontrollable, like a server outage, or something that can be addressed locally. This kind of visibility can help organizations save an enormous amount of time and sanity — just ask our IT team.

Learn more about Meraki Insight and sign up for a webinar to get a deep dive.

Improving Student Experiences with Cloud-Managed Wi-Fi at UNC Pembroke

Over the last 25 years, the cost of a college education has increased nearly eight times faster than the average U.S. wage. Therefore, it’s no surprise that student loans make up the largest amount of U.S. non-housing debt. This higher education cost shift has left many students with the tough task of finding a quality education without breaking the bank.

While this may be daunting to any hopeful college student, not all hope is lost. Some schools across the U.S. are determined to give students a high-quality, affordable education, regardless of their background. One such example is the University of North Carolina at Pembroke (UNCP), which aims to change lives through education by offering students exceptional and affordable college experiences. As an NC Promise campus, UNCP offers students in-state tuition of $500 per semester and out-of-state tuition at $2,500 a semester, ensuring that all students have access to great education that they can afford. While cost is a very important factor, UNCP knows it is only one piece of the puzzle when striving to provide the best college experiences for students. The next step is to provide the best technology solutions to support learning everywhere on campus.

To better meet student expectations, Kevin Pait, Interim CIO and Associate Vice Chancellor (AVC) for IT, and his 5 person IT team deployed 700+ Cisco Meraki MR access points across the UNCP campus. This provides three main benefits for the school:

  1.     Improve Student Connections

“Since deploying Meraki in the residence halls and academic buildings, I never hear complaints. Right out of the gate, the student experience was excellent and our support tickets really dropped.” – Kevin Pait

With access points deployed in academic buildings, dorm rooms, common spaces, and outside, students have reliable, seamless coverage everywhere they go on campus. This has dramatically reduced the number of help desk tickets and complaints from students, and illustrates how much the Wi-Fi has improved since switching to Meraki. This enables students to focus on learning and collaborating, rather than using their time to troubleshoot access issues.

  1.     Save Time and Resources

“Meraki is simple. You’ve got the analytics, troubleshooting, errors, all of those things in the dashboard that have really helped to simplify system administration.” – Kevin Pait

With a cloud-managed wireless solution, the UNCP IT team was able to greatly simplify the wireless deployment and dramatically reduce the amount of time they spend on day-to-day network management and troubleshooting. This has saved the IT team countless hours, freeing up their time to focus on more impactful projects such as using data and analytics to inform decisions in other business units and make adjustments across the academic and residential departments.

  1.     Identify New Opportunities

“At the beginning we were really focused on what Meraki could do in terms of the infrastructure and the ease of management, maintenance and operations. But it’s just really opened up another world of opportunity.” – Kevin Pait

Now that the school has a reliable wireless solution in place, Kevin and the IT team can spend more time building new solutions and experiences for students. With increased network visibility, access to analytics, and a customizable platform, there are endless possibilities for the school to continue enhancing the technology experience for their students and employees on campus.

Today, UNCP uses Cisco networking, security, VoIP, collaboration, and wireless to provide an outstanding education for all students. To learn more about UNCP, watch the video and read their story.

Switch to better performance

In these days of ubiquitous wireless devices, it’s easy to forget the humble network switch, even though every network depends on switches to provide power, performance and stability. These vital networking components are often deployed in large numbers, so ensuring the best balance of price and performance helps ensure optimal use of the precious IT budget.

We want to give IT teams a healthy range of options, so this month we’re introducing another tier to our access switch line. The new MS125 range is perfect for deployments where physical stacking is not a requirement, but performance most certainly is. These new switches are faster than MS120 switches (up to 129%), and raise uplink capacity across the board with 10Gb/s SFP+ uplink ports.

MS125 is available in fanless (silent) variants, making them perfect for open office deployments. There are also three PoE+ models to help power APs, cameras and other network-powered devices.

While we’re at it, we’re also adding a couple of long range single mode optical modules to our collection, extending the potential interconnect range between switches (or our SD-WAN/Security appliances) up to 80km!

Details of the new switches and fiber modules are up on our website, and to learn more about the many advantages of the Meraki approach to switching, our webinar program has you covered.

Posted in Company Blog | Comments Off on Switch to better performance

Putting the Meraki Touch on Cisco Live US 2019

In just a few days, tens of thousands of IT professionals will descend on sunny San Diego, CA for Cisco Live US, an annual extravaganza for customers and partners eager to rub shoulders with other like-minded folks and up their networking game. No matter which technical sessions you choose to attend or which speakers you hear from, Cisco Live is bound to be a fun and rewarding time.

That all said, there is one way to ensure your time at Cisco Live is a step above most others’: hanging out with Meraki! We’ve got a whole host of exciting things planned that we think will not only educate, inspire, and excite you, but also leave your friends green with envy.

Here are a few Meraki-specific sessions, events, and experiences to look forward to while you’re in San Diego.

1. Get Hands-On with Meraki at DevNet Express

Cisco Live US may not officially start until Monday, June 10, but Meraki is ready to pre-game. On Saturday, June 8 and Sunday, June 9, we’ll be hosting our first-ever Meraki-focused DevNet Express in San Diego.

Never been to a DevNet Express? You’re in for a treat: you’ll learn how to use Meraki APIs to automate routine networking tasks, understand the ins and outs of using the Meraki dashboard, and learn from other networking pros about best practices. Most importantly, you’ll learn by doing — DevNet Express is all about putting what you’ve learned into practice. This means you’ll walk out of DevNet Express for Meraki with the confidence to take your Meraki networks to the next level.

Oh yeah, and DevNet Express for Meraki is completely free to attend. Learn more on the Cisco Developer blog.

2. A Bevy of Breakouts

Whether you’re looking to hear from Meraki product leaders or to dive into a technical lab, we’ve got something for you at Cisco Live. Our goal is to help you optimize and derive the most value from your Meraki deployments. SD-WAN? We’ve got it. Intent-based networking? Check. Brand security deployments? Of course.

Check out our recent blog post for details on all the Meraki sessions your heart could possibly desire. Be sure to register on the Cisco Live US website today!

3. Developers, Developers, Developers

Meraki knows how much the developer community cares about APIs, which is why we’ve come out with tons of new endpoints in the last couple of years to make Meraki deployments more extensible. Cisco Live is the perfect place to learn more about the power of these APIs. We’re dominating the DevNet Zone with no less than 11 sessions and workshops focused on building new capabilities based on the Meraki platform. Here are just a few sample sessions to get you excited:

  • Network Provisioning, Management, and Monitoring with Meraki Dashboard API
  • Leveraging Real time Infrastructure Data Streams with Meraki and Cisco Wireless LAN Controller
  • Hardening your Network with Code (and APIs)

Plus, Meraki will be taking over the DevNet Zone with all things green on Tuesday, June 11th from 4-5 PM. Be sure to stop by to get exclusive swag and learn all about Meraki APIs!

Visit the Session Catalog and log in to your Cisco Live account to sign up for our DevNet Zone events.

4. #MerakiMission + the Brand New Meraki Lounge

For the second year in a row, we’re bringing back the #MerakiMission. What’s that, you ask? It’s a fun way to win free Meraki swag by completing demos and sharing your love for Meraki on social media. #MerakiMission will take place at our first-ever Meraki Lounge, located in the World of Solutions (map below). Be sure to stop by to not only pick up your #MerakiMission swag, but also grab a cup of coffee, charge up your device, and participate in our new Meraki MV virtual reality experience!

Check out how you can participate in the #MerakiMission challenge as well as find more information about the Lounge on our CLUS website. We’ve got some exclusive, limited edition swag on hand, so don’t miss out.

Finally, members of the Meraki Community can stop by the Lounge to meet the famous MeredithW. She’ll be handing out special badge ribbons. Come on by and say hello!

5. Innovation Talk: Simple, Secure Digital Workplace with Cisco Meraki

Always a popular draw, Todd Nightingale, SVP and GM of Meraki, will once again take the stage this year. He’ll explain why Meraki is about way more than just networking: we’re building a foundation for a simple-to-manage and incredibly secure digital workplace — the workplace of tomorrow. Learn what this means for you and why we’re so passionate about freeing IT pros to focus on what matters to them. Todd will speak on Tuesday, June 11 at 2:00 PM in Room 20CD (upper level).


We’re ready to pack our bags, and we hope you are too. Visit our CLUS website for all the details you need about Meraki at Cisco Live. See you in San Diego!