Securing Meraki Networks with Cisco XDR


Most organizations recognize the benefits accrued by connecting their digital technology stacks for addressing gaps in their cyber-defenses. However, one gap that continues to challenge organizations of all sizes exists between the network and security operations, making breaches a significant root cause for network outages. Breach related disruptions can last for months before normal operations are restored. Giving Network Administrators advance warning into security threats emerging in their environment remains aspirational for many.

At Cisco, we have always strived to build security into the network, rather than bolting it onto the network as an afterthought. Towards this end, we are pleased to announce the integration of Cisco XDR, our innovative extended detection and response solution, with the much-adored Cisco Meraki portfolio.

Meraki Networks gets a Security shot in the arm

Today, we are arming Meraki network and security administrators with the ability to proactively monitor emerging threats as they develop in their environment. Rather than wait for ‘Breaking News’ from their security counterparts, network administrators can catch the warning signs early and assign suspicious incidents to security analysts for further investigation. In this way, they can stay ahead of the curve and prevent events from mushrooming into full-blown incidents.

This year at Cisco Live 2024, customers can experience where security meets the network with new capabilities integrating Cisco XDR with the Meraki MX Security and SD-WAN portfolio in furtherance of Cisco’s built-in security strategy. 

Benefits flow in both directions

The benefits accrued from integrating Cisco XDR with the Meraki Network are a two-way street. While the Networking teams undoubtedly benefit from advanced warning of emerging threats, the Security operations teams gain valuable network insights from the Meraki portfolio.

Extended Detection and Response (XDR) is a tool for correlating and applying analytics on discrete security alerts from various control points in an organization’s security stack. While XDR traces its origins as an Endpoint Detection and Response (EDR) extension, it has evolved to include integrations with Email defense, Firewall traffic, Cloud protection, and Identity-based intelligence.

However, many organizations miss the connective tissue linking these disparate security control-points: The Network. Tracking network connections natively as part of XDR’s correlation process allows organizations to “connect the dots”, something that many security teams struggle to do. By partnering with Meraki devices, Cisco XDR can leverage data about network connections to fill-in-the-blanks between security events, thus providing visibility into lateral movement and help track the progression of an attack. Add to this data from existing Cisco XDR and Third-Party integrations as well the Cisco XDR Network Visibility Module, and a blurry picture comes into sharp focus.

While the Meraki MX portfolio is the inaugural Meraki family of products enabled via this integration, future development will encompass Meraki Switching (MS) and Meraki Wireless (MR) family of products. This same closely integrated but loosely coupled model will also be extended to Catalyst networking portfolio, making security built into Cisco networks a reality.

What capabilities are being delivered today?

Since most of our readers have busy eyes, here is a bulleted list of capabilities that are being delivered as a part of this integration:

  • Connection between a Meraki Organization (inclusive of child Meraki Networks) to a Cisco XDR tenant, using an ‘easy button’ process
  • Agentless streaming of Meraki MX network telemetry data (NetFlow) to XDR cloud in real-time
  • Cisco XDR detections based on Meraki MX logs, and correlation of those with findings from other data sources available to Cisco XDR
  • Providing Meraki administrators, the ability to review, assign, and modify the status of an XDR Incident form within the Meraki dashboard. Incident investigation is enabled via a cross-launch into Cisco XDR
  • Real-time Threat Hunting and Investigation of Meraki MX security events Cisco XDR, and enhancement of XDR Asset Insights context based on Meraki Systems Manager provided device attributes

Where can I learn more?

Visit the Cisco XDR and Meraki spaces at Cisco Live 2024 Las Vegas from June 3 to June 6 to learn more and view a live demo of this capability. Please contact your Cisco security or Meraki sales representatives or partners for enrolling in the private preview of this capability starting in July 2024.


We’d love to hear what you think. Ask a Question, Comment Below, and Stay Connected with Cisco Security on social!

Cisco Security Social Channels

Instagram
Facebook
Twitter
LinkedIn

Share:



Leave a Reply

Your email address will not be published. Required fields are marked *