You may be considering making changes to your network or starting a new company or branch office. What should you do to minimize your organization’s cybersecurity risk? Undoubtedly, network security stands as a paramount concern for every business. Yet, allocating excessive time and resources to continuously configure and manage the network isn't feasible for most companies. Hence, when seeking network solutions, the ideal choice will include high security measures with low maintenance.
In this pursuit, Meraki's Security Appliance emerged as an impeccable fit, seamlessly combining heightened security and minimal upkeep demands.
The suite's network tools boast simplicity in their setup, troubleshooting, monitoring, and ongoing maintenance. With an Intrusion Detection System (IDS) and Intrusion Prevention System (IPS) in place, it grants confidence to top-tier network professionals amid the rapid pace and high-stakes environment of the IT world. Here, I'll delve into a comprehensive evaluation of this suite, highlighting its indispensable utility for businesses.
Meraki offers two types of licensing options: Enterprise and Advanced Security License.
The standard Meraki Enterprise License – This license gives you a stateful inspection firewall with VPN capabilities. Custom Splash pages, traffic shaping, and HTML caching are also included. It is a pretty basic set of capabilities.
The Advanced Security License (ASL) – This license enables the higher-level features that were more suitable for our security-focused needs. This license turns on the following capabilities:
- Intrusion Protection and Detection powered by Snort
- Anti-Virus and Anti-Phishing powered by Kaspersky
- Web Search and Content Filtering
- Geography-Based Firewall Rules
ASL also has Advanced Malware Protection that enables malware detection, blocking and continuous analysis, along with retrospective actions and alerting.
ASL represents a significant upgrade from the Enterprise license. Meraki's commitment to "always automatically updated" policies ensures continuous updates to intrusion, virus, and phishing databases. This eliminates the responsibility on admins to manually keep these definitions current. Despite ASL being nearly twice the cost of the Enterprise license, its value far outweighs the expense.
EASY TO SET UP AND MANAGE:
Meraki provides automated connection capabilities. Setting the device up is as easy as creating an account and adding all devices to the network using the single web interface.
That interface is the central point of visibility where your devices can be automatically configured, monitored, and managed. The cloud controller allows all indoor and outdoor network components to work together seamlessly.
The Cloud Controller: Having central visibility built into all devices helps ensure that all the products are up to date on software versions. If the connection to the controller is lost, the network functionality remains unaffected, because the Cloud Controller is hosted by Cisco via an out-of-band connection. It doesn’t require an onsite server or appliance.
The Cloud Controller provides monitoring and automatic alerts. The interface provides detailed historical logs of security events, DHCP leases, and VPN events. It offers easy filtering by event category, timespan, and specific client devices. Logs can be exported in CSV format for further analysis and reporting.
Administrators can set company-wide firewall defaults, ensuring minimum security standards and consistent updates for all network devices, including non-Meraki devices added to the company account. This simplifies configuration transfer to new offices and ensures network consistency through configuration cloning.
With a single click, we can obtain firmware update status for any firewall device and force a firmware update on the fly to that given firewall on demand. Firmware upgrades can be scheduled and will be downloaded automatically once there is new software or an improvement available.
Another great feature is the ‘Security Center’ where top threats and events are displayed. If a staff member is fired, and their access needs to be removed, one swift action will remove all their access to the Meraki dashboard and all the associated gear.
All of the common administrator controls and functions, including reporting and monitoring, can be accessed via an intuitive user interface instead of the command line, and they can be configured quickly.
Advanced Features: These devices are not limited by in-appliance memory. They can easily perform detailed logging, and provide a more comprehensive view of appliance status across the entire network.
Meraki devices can report or filter traffic on your network based on application level. The map-based system shows locations, office floor plans and deployment locations for individual devices – geofencing is a great feature. Additionally, as long as the Security Appliance has internet, you can force a reboot with a single click anywhere in the world. The device also automatically optimizes wireless signals so that coverage is even and strong throughout a site.
CISCO MERAKI SHORTCOMINGS:
Issues may arise without a direct on-site Internet connection, hindering device configuration if problems occur. When denying countries using geolocation, the options are limited to an all-or-nothing approach, lacking nuanced region-specific rules.
This system lacks inherent visibility, hindering direct monitoring of firewall rule hits. Dependency on Security Information and Event Management (SIEM) for syslog retrieval can be suboptimal.
Moreover, the cost is a downside, as it's comparatively expensive, almost twice the cost of other brands, including license renewals. Nonetheless, despite the expense, it offers extensive features suitable for small businesses, providing comprehensive secure connectivity within a single desktop unit.
In summary, network security is crucial when making changes or establishing new offices. Meraki's Security Appliance excels in combining robust security with minimal maintenance, offering features like the Advanced Security License (ASL) for comprehensive protection.
ASL provides top-tier security features, automatic updates, and extensive capabilities, although it comes at a higher cost compared to other options.
Meraki's user-friendly interface simplifies setup and management through a Cloud Controller, ensuring easy monitoring, device configuration, and access control. However, drawbacks include dependency on on-site internet, limited geolocation options, and the need for additional solutions for enhanced visibility.
Despite its higher cost and limitations, Meraki's Security Appliance remains an excellent choice for small businesses seeking comprehensive security and connectivity features in a user-friendly package.