Embed Size (px)
Citation preview
Cisco Customer EducationDo You Meraki Like I Do? Cloud-Managed Security
This session was recorded via Cisco WebEx! You can watch the live session recording HERE.
Presentation Agenda► Welcome from Cisco
► Cisco Mid-Year Security Report
► Q&A, Conclusion
► Cisco Security Overview
► Cisco Meraki MX Security AppliancePriors:Cisco Sales and Channels (11.5 yrs)President and CEO (6 yrs) - Cisco Premier Partner Director of Sales (2 yrs) - Cisco Silver PartnerFinancial Analyst (7 yrs) - Sprint Corporation
About Your HostBrian AveryTerritory Business ManagerCisco Systems, [email protected]
► Introducing Cisco Meraki
CCE is an educational session for current and prospective Cisco customers
Designed to help you understand the capabilities and business benefits of Cisco technologies
Allow you to interact directly with Cisco subject matter experts and ask questions
Offer assistance if you need/want more information, demonstrations, etc.
What Is the Cisco Customer Education Series?
Welcome from Sysco!Oops! I mean Cisco!
Cisco Confidential 5
Computer scientists, Len Bosackand Sandy Lerner found Cisco Systems
Bosack and Lerner run network cables between two different buildings on the Stanford University campus
A technology has to be invented to deal with disparate local area protocols; the multi-protocol router is born
1984
WellFleet
SynOptics
3Com
ACC
DEC
Proteon
IBM
Bay Netw orks
Newbridge
Cabletron
Ascend
Fore
Xylan
3ComNortel
Ericsson
Alcatel
JuniperLucent
Siemens
NECFoundry
Redback
Riverstone
Extreme AristaHP
Avaya
Juniper
Huawei
Aruba
Brocade
Checkpoint
Fortinet
ShoreTel
Polycom
Microsoft
F5
Riverbed
Dell
Internet of Everything
1990 – 1995 1996 – 2000 2001 – 2007 2008 – Today
The Landscape is Constantly
Changing
Leading for Over 30 Years
2016
Cisco Confidential 7
Who Is Cisco?
Chuck Robbins,CEO, Cisco
• Dow Jones Industrial AverageFortune 100 Company (AAPL, CSCO, INTC, MSFT)
• $117B Market Capitalization
• $49.6B in Revenue
• $10B in Annual Net Profits
• $34B More Cash than Debt
• $6.3B in Research and Development
http://finance.yahoo.com/q/ks?s=CSCO+Key+Statistics
No. 1
Voice
41%
No. 1
TelePresence
50%
No. 1
Web Conferencing
43%
No. 1
Wireless LAN
50%
No. 2
x86 Blade Servers
29%
No. 1
RoutingEdge/Core/
Access47%
No. 1
Security31%
No. 1
SwitchingModular/Fixed
65%
No. 1
Storage Area Networks
47%
Market Leadership Matters
IT should be simpler to monitor and manage
Cisco Confidential 10© 2013-2014 Cisco and/or its affiliates. All rights reserved.
Too much complexity.Too hard to change.
The business is frustrated.
IT is frustrated.
New approaches are required.
Today’s IT Reality: Too. Much. Complexity.
Cisco Confidential 11© 2013-2014 Cisco and/or its affiliates. All rights reserved.
The Big LieThe Big Lie
Cisco Confidential 12© 2013-2014 Cisco and/or its affiliates. All rights reserved.
The Big LieCompetitors Say:
“The Network Is a Commodity”
Sidebar…
Guess what DAY IT IS!
Cisco Confidential 13© 2013-2014 Cisco and/or its affiliates. All rights reserved.
The Big LieThe Big Lie
Cisco Confidential 14© 2013-2014 Cisco and/or its affiliates. All rights reserved.
The Big LieCompetitors Say:
“The Network Is a Commodity”
The Big Lie
Cisco Confidential 15© 2013-2014 Cisco and/or its affiliates. All rights reserved.
Typical Multi-Vendor NetworkSwitching Routing Security Wireless Voice
Cisco
HPDell3ComDlinkNetGearLinksys
Cisco
3ComJuniperHuwaiAdtran
Cisco
WatchguardSonicwallFortinetCheckpointNetGearDlinkPalo Alto
Cisco
3ComHPAerohiveAruba
Cisco
NortelAvayaMitelSiemensShoretelSamsungPanasonicToshibaIntertelComdialNECAlcatel
Cisco Confidential 16© 2013-2014 Cisco and/or its affiliates. All rights reserved.
Switching Routing Security Wireless Voice
Cisco
HPDell3ComDlinkNetGearLinksys
Cisco
3ComJuniperHuwaiAdtran
Cisco
WatchguardSonicwallFortinetCheckpointNetGearDlinkPalo Alto
Cisco
3ComHPAerohiveAruba
Cisco
NortelAvayaMitelSiemensShoretelSamsungPanasonicToshibaIntertelComdialNECAlcatel
Results in The Frankenstein Effect!
Reliability challenges
Inconsistent warranties
Higher maintenance costs
No single point of support
Basic levels of integration
Cisco Confidential 17© 2013-2014 Cisco and/or its affiliates. All rights reserved.
Switching Routing Security Wireless Voice
Cisco
HPDell3ComDlinkNetGearLinksys
Cisco
3ComJuniperHuwaiAdtran
Cisco
WatchguardSonicwallFortinetCheckpointNetGearDlinkPalo Alto
Cisco
3ComHPAerohiveAruba
Cisco
NortelAvayaMitelSiemensShoretelSamsungPanasonicToshibaIntertelComdialNECAlcatel
Only Cisco Can Offer a Complete Solution
Introducing Cisco Meraki
Cisco Meraki: 100% cloud-managed IT
• Cisco Meraki: a complete cloud-managed IT solution• Wireless, switching, security, mobility
management, and communications, all centrally managed over the web
• Built from the ground up for cloud management
• Integrated hardware, software, and cloud services
• Leader in cloud-managed networking• Hundreds of thousands of customers across
all industries, over 100% annual growth
• Operating in the cloud since 2006
• Recognized for innovation• Gartner Magic Quadrant, InfoWorld
Technology of the Year, CRN Coolest Technologies
Trusted by thousands of customers worldwide:
Cloud Managed WiFi(2006)
Cloud Managed Network (2010)
Cloud Managed Enterprise
(2015)
MR Wireless LAN MS Ethernet Switches MX Security Appliances SM EMM MC Communications MV VideoSurveillance
Intuitive web-based dashboard
Site wide search
Client location
Traffic analytics
Real-time control
Client fingerprints
Single pane of glassmanagement Phone
Cisco Confidential 22C97-731719-02 © 2014 Cisco and/or its affiliates. All rights reserved.
Manage and monitor those networks with robust analytics from a single pane of glass
Reduce administrative overhead with simple all-inclusive licensing models and tools
Deploy and grow networks at branch locations or large campuses easily and rapidly
Cisco Confidential 23C97-731719-02 © 2014 Cisco and/or its affiliates. All rights reserved.
Security
Reliability
Scalability
Future-proofing
Solution Highlights
Manage Your Network Better
Centralized cloud management scales to thousands of sites
Multi-site visibility and control
Map-based dashboard; configuration sync; remote diagnostics; automatic monitoring and alerts
Zero-touch provisioning Devices easily provisioned from the cloud, no staging required
Traffic acceleration Web caching reduces bandwidth usage; application-aware QoS and SD-WAN capabilities prioritize business critical apps
Get More Performance Out of Your Network
RF optimization and application-aware QoSfor high-throughput, high density WLAN
Layer 7 application and traffic shaping
Throttle, block, or prioritize application traffic with DPI-based fingerprinting; set user and group-based traffic shaping rules
Cloud-based RF optimization
Dynamically avoid interference, optimizing channel selection and power levels
Density-optimized WLAN RF platform tuned for airtime fairness and performance in dense performance-critical environments
BYOD - Mobility management
Security, management, and capacity for BYOD-ready deployments right out of the box
Device-aware security Device-aware firewall and access control; antivirus scan; LAN isolation; Bonjour Gateway; content and security filtering
Integrated EMM Enforce encryption, passcodes, and device restrictions; deploy enterprise applications; remotely lock or wipe devices
Simplified onboarding Flexible authentication with Active Directory integration, SMS authentication, hosted splash pages, and automatic EMM enrollment
End Customer analytics and engagement
Anonymous data about every visitor
Detect
APIs for real-time location based apps
Engage
Guest WiFi optimized for branding
Connect
100% cloud-managed user analytics and engagement with Cisco Meraki wireless networks
Key FeaturesLocation Analytics- People Counting- Heatmaps, Dwell Time- Peak times, repeat visitors- Micro-location mapping
(<1m)- Asset inventory and tracking- Analysis Tools
Engagement- Secure Branded Guest WiFi- Facebook Login for WiFi- Location aware apps- APIs for app development
Strong Security and Privacy- Secure public/private WiFi- Anonymous visitor analytics- Data privacy, global opt-out
Easy Guest Wi-Fi and Authentication
Flexible built-in authentication mechanism
Flexible authentication Secure 802.1x and Active Directory authentication; Facebook Authentication for branding and targeted social marketing; SMS self-service authentication; and hosted sign-on splash pages
Dynamic access control Assign clients layer 3 / 7 firewall rules, VLANs, and application-aware quality of service by identity, group, location, or device type
Simplified Security
Enterprise-class security features for security-conscious environments
Air Marshal WIDS/WIPS Detect wireless attacks; contain rogue APs; cloud-based alerting and diagnostics
User and device aware security
User, device, and group-based firewall rules (layer 3 / 7) with Active Directory integration
UTM and content security
Application firewall; content filtering matching 1B+ URLs; antivirus/anti-malware filtering;Google safe-search
Cisco 2016Midyear Cybersecurity ReportHighlights
www.cisco.com/go/mcr2016
Asymmetric battles are greater than our ability to respond
Persistent Attacks
Overwhelmed Defenders
Innovative Methods
Fragile Infrastructure
Shifting Tactics
Rising Vulnerabilities
Encryption Dilemma
Global Operations
Current Threat Landscape
• Evolution of Ransomware• Advances in Malicious
Tradecraft• Questionable Network Hygiene
Encryption technique allows per-target customization
Marking systems and files have already been encrypted
Using Bitcoin for anonymous payment
Dual deadlines for:1.Cost increase2.Deleting data
Ransomware 2.0
The Evolution of Ransomware Variants
PC Cyborg
2001
GPCoder
2005 2012 2013 2014
Fake Antivirus
2006
First commercial Android phone
2007
QiaoZhaz
2008 2015 2016
CRYZIP
Redplus
Bitcoin Network Launched
Reveton.ARansomlock
Dirty DecryptCryptorbitCryptographic LockerUrausy
Cryptolocker
CryptoDefenseKolerKovterSimple LockerCokriCTB-LockerTorrentLockerCoinVaultSvpeng
TeslaCrypt
VirlockLockdroidReveton
ToxCrypvaultDMALockChimeraHidden TearLockscreenTeslaCrypt 2.0
CryptowallSamSam
Locky
CerberRadamantHydraCryptRokkuJigsawPowerWare
7ev3nKeRangerPetyaTeslaCrypt 3.0TeslaCrypt 4.0TeslaCrypt 4.1
1989
How Ransomware Works
!
!
EMAIL-BASED INFECTION
Files Inaccessible
Email w/ Malicious Attachment
Ransomware Payload
Encryption Key C2 Infrastructure
Encryption Key C2
Infrastructure
Files Inaccessible
!
WEB-BASED INFECTION
Encryption Key C2
Infrastructure
User Clicks a Link or Malvertising
Ransomware Payload
MaliciousInfrastructure
Malware Use of HTTPS:HTTPS increased 300% for ad-injectors in the last 4 months.
Ad injection is the biggest contributor. Adversaries are using HTTPS traffic to expand time to operate.
300%Increased
in 4 months
Exploit Kit Activity: Adobe Flash and MalvertisingAdobe Flash and Microsoft Silverlight vulnerabilities are leveraged by most exploit kits
Nuclear Magnitude Angler Neutrino RIGFlash
CVE-2015-7645
CVE-2015-8446
CVE-2015-8651
CVE-2016-1019
CVE-2016-1001
CVE-2016-4117
Silverlight
CVE-2016-0034
Vul
nera
biliti
es
Lower volume malware for dropping payloadsWorm
TrojanTrojan-Flash
Trojan-RansomwareTrojan-Dropper
Android-Trojan
Attack Methods: A Spectrum of Opportunity
Higher volume malware for gaining accessWindows Binaries
Facebook ScamsRedirectors
Packed BinariesAndroid Adware
Trojans
Global Cybercrime Market $450B‒$1T
It’s All About The MoneyIndustrial Hackers Are Making Big Money with Innovative Tactics
1990 1995 2000 2005 2010 2015 2020
Viruses1990–2000
Worms2000–2005
Spyware and Rootkits2005–Today
APTs RansomwareToday +
Phishing, Low Sophistication Hacking Becomes
an Industry Sophisticated Attacks, Complex Landscape
of large companies targeted by malicious traffic95% of organizations interacted
with websites hosting malware100% 1. Cybercrime is lucrative, barrier to entry is low2. Hackers are smarter and have the resources to compromise your organization3. Malware is extremely sophisticated and complex4. Cybercrime is now a formal, for-profit industry
Source: 2014 Cisco Annual Security Report
Cisco Security Overview
THREAT LANDSCAPE
1.5 Million
Too Many Disparate Security Products Mean Gaps in Protection
Fragmented offerings across multiple vendors
Cost
Higher total cost to build and run
Overall performance
Less communication betw een components
Time to detection
More lag in f inding threats
Antivirus
Legacy IPSInitial Disposition = Clean Actual Disposition = Bad
Too Late!!
Analysis Stops
Even
t Hor
izon Sleep Techniques
Unknown ProtocolsEncryptionPolymorphism
Blind to scope of compromise
Point-in-Time Detection Tools Alone Are Insufficient and Provide Limited or No Visibility Into Threats Once They Get in
Not 100%
Today’s cyber-threat reality
If you know you are going to be compromised, how should you do security
differently?
Why? Because you’ll never be able to prevent 100% of
attacks.
Your environmentwill get breached –it’s not an “IF” it’s a
“WHEN”
Too Many Disparate Security Products Mean Gaps in Protection
vs
Fragmented offerings across multiple vendors
Streamlined advanced security solution
Cost
Lower opex and easier to manage
Higher total cost to build and run
Overall performance
Less communication betw een components
Better communication and integration
Time to detection
Faster time to detection
More lag in f inding threats
Defending Against These Advanced Threats Requires Greater Visibility and Control Across the Full Attack Continuum
BeforeDiscover EnforceHarden
DuringDetect Block
Defend
AfterScopeContain
Remediate
Attack Continuum
Data Center/Servers EndpointsEmail and Web Netw ork Mobile
Threat intelligence and analytics
Point-in-Time detection
Retrospective security and continuous analysis
I'm going for fearsome here, but I just don't feel it!
I'm think I'm just coming off as annoying.
Competitors
Gain security backed by the most advanced threat intelligence
00I00 I00I0I II0I0I 0II0I I0I00I0I0 0II0I0II 0I00I0I I0 00 II0III0I 0II0II0I II00I0I0 0I00I0I00 I0I0 I0I0 I00I0I00
III00II 0II00II I0I0II0II0 I0 I0 I00 00I0 I000 0II0 00
III00II I000I0I I000I0I I000I0I II 0I00 I0I000 0II0 00 00I I0I0I0 I0I0III000 I0I00I0I 0II0I0 I00I0I0I0I 000
II0II0I0I0I I0I0I0I 0I0I0I0I 0I0I00I0 I0I0I0I 0II0I0I0I
0II00 I00I0I0 0I00I0I I00I0I0 I0I0I0I 0I0I0I 0I0I0I000I0I0 0I0I0I0 I0I0I00I 0I0I 0I0I 0I0I I0I0I 0I00I0I
III00II 0II00II I0I000 0II0 00I0I00 I0 I000I0I 0II 0I0I0I
III00II 0II00II 0I0I0I0I 0I I0 I00 000II0 I0I0 0II0 00
24 7 365 Operations
100 TBOf Data Received Daily
1.5 MILLIONDaily Malw are Samples
600 BILLIONDaily Email Messages
16 BILLIONDaily Web Requests
MILLIONSOf Telemetry Agents
4Global Data Centers
Over 100Threat Intelligence Partners
250+Full Time Threat Intel Researchers
Globalscanning
30 years building the world’s networks
Cisco Secur i t y Dec reases Time to Detec t ion
53
Current Industry Average (TTD)
100 days- Source: 2016 Cisco Annual Security Report
Cisco Secur i t y Dec reases Time to Detec t ion
54
100 days to 13.8 hours- Source: 2016 Cisco Annual Security Report
Meraki MX: Next-Generation Cloud-Managed Security
Meraki MX is a complete Unified Threat Management solution
SecurityNG Firewall, Client VPN, Site to Site VPN, IDS/IPS, Anti-Malware, Geo-Firewall
NetworkingNAT/DHCP, 3G/4G Cellular, Intelligent WAN (IWAN)
Application ControlWeb Caching, Traffic Shaping, Content Filtering
Stateful firewall
Site to site VPN
Branch routing
Internet load-balancing (over dual WAN)
Application control
Web caching
Intelligent WAN (IWAN)
Client VPN
`
Webroot’s BrightCloud Content filtering
Kaspersky Anti-Virus and Anti-Phishing
SOURCEfire IPS / IDS
Geo-based firewall rules
Meraki MX: Ironclad security
IPS Sourcefire IDS / IPS
Content Filtering
Webroot BrightCloud4+ billions URLS
Geo-basedsecurity
Block traffic to or from selected countries
Malware Protection Cisco AMP and Threat Grid
PCI compliance
PCI 3.1 certified cloud-based management
MX Solution highlight -- distributed networks
Centralized cloud management scales to thousands of sites
Multi-site visibility and control
Map-based dashboard; configuration sync; remote diagnostics; automatic monitoring and alerts
Zero-touch provisioning
Devices automatically provision from the cloud, no staging required; self-configuring site-to-site VPN
Traffic acceleration Application-aware QoS prioritizes productivity apps
Automated site-to-site VPN
Site-to-site IPsec VPN in just two clicks in the Dashboard
Simple Creates L3 site-to-site VPN tunnels with just 2 clicks in the dashboard
Automatic Comparable to Cisco DMVPN, it creates a mesh or hub-and-spoke VPN tunnel between all peers and adjusts to IP changes
Resilient Automatic failover over to secondary WAN link or 3G/4G USB modem
Cloud Security Center
• All security-related events in one place
• Pivot on the client, network, threat or remote source
• Quickly identify clients and networks that are potentially infected
• Identify threats that appear across multiple networks
Advanced Malware Protectionfor Meraki MX
Cybercriminals are increasingly targeting SMBs and distributed enterprises
25% Midsize organizations with
no dedicated in-house information security role
65%of organizations say
attacks evaded existing preventative security tools
14Average amount of
security consoles Security Managers monitor
46daysAverage time to resolve a
cyber attack
Lack of resources Management ComplexityLack of visibility Insufficient Threat Protection
Point-in-Time Detection Tools Alone Are Insufficient and Provide Limited or No Visibility Into Threats Once They Get in
Antivirus
Legacy IPSInitial Disposition = Clean Actual Disposition = Bad
Too Late!!
Analysis Stops
Even
t Hor
izon Sleep Techniques
Unknown ProtocolsEncryptionPolymorphism
Blind to scope of compromise
Not 100%
Introducing Advanced Malware Protection for Meraki MX
Simplified threat protection with advanced capabilities
+
AMP for Meraki MX delivers:
Deep Visibility Into Threats
Minimized Time to Detection
Ease of Management
Enhanced Threat Defense
Adding AMP provides threat intelligence to defeat advanced threats
Attack Continuum
Before During AfterBefore
Discover EnforceHarden
DuringDetect Block
Defend
AfterScope
Contain
Threat intelligence and analytics Point-in-Time detection Retrospective alerting
and continuous analysis
Point in Time Protection
Unique to Cisco® AMP
Cisco AMP Delivers a Better Approach
Point-in-Time Protection
File Reputation, Sandboxing, and Behavioral Detection
Retrospective Security
Continuous Analysis
Cisco AMP Defends With Reputation Filtering And Behavioral Detection
Point-in-Time Detection Retrospective Security
Cisco Collective Security Intelligence
Continuous ProtectionReputation Filtering Behavioral Detection
Dynamic Analysis
Machine Learning
Fuzzy Finger-printing
Advanced Analytics
One-to-OneSignature
Indications of Compromise
Device Flow Correlation
Point-in-Time DetectionAMP Delivers the First Line of Defense, Blocking Known and Emerging Threats with Point-in-Time Defenses
One-to-one signature
Fuzzy finger-printing
Machine learning
Advanced analytics
Static and dynamic analysis (sandboxing)
Offer better accuracy and dispositioning
Block known and emerging threats
Protect your business with no lag
Automatically stop as many threats as possible, known and unknown
But Point-in-Time Detection Alone Will Never Be100% Effective
If something gets in, retrospective security helps you answer the most pressing security questions
What happened?Where did the malware come from?What is it doing?How do we stop it?
See Where It Entered the System
What happened?
Track threat’s origin and progression: • How did it get into the system
• What is the point of origin• What was the attack vector
Where has the malware been?What is it doing?How do we stop it?
Where did the malware come from?
See AMP in Action!
See Everywhere That It Has Been
What happened?Where did the malware come from?Where has the malware been?
What is it doing?How do we stop it?
Track infected areas in the system: • Where is the attack now
• What other endpoints have seen it• Where should I focus my response
• Where is still safe
See AMP in Action!
Determine What the Malware Is Doing
What happened?Where did the malware come from?Where has the malware been?What is it doing?
How do we stop it?
Understand the details of how themalware works: • What is it trying to do, in plain English
• How does the malware behave• Get detailed information vital for
incident response
See AMP in Action!
Stop It with a Few Clicks
Where did the malware come from?Where has the malware been?What is it doing?
Knowing the details above,surgically remediate: • Stop it at the source and all infected areas
• Simply right click, add to a blocklist, and remediate the malware from theentire system
What happened?
How do we stop it?
See AMP in Action!
Improve protection across your network Enhanced Threat Defense
Proven threat protection before, during and after an attack
Strengthen network defenses with global threat intelligence from Talos
Retrospective alerting and sandboxing capabilities
Quickly detect, analyze and remediate branches with deep threat visibility
Deep Visibility Into Threats
Look back in time and trace file and file activity with retrospective alerting
Visibility into threats inside the network and across multiple branch locations
Advanced file sandboxing capabilities and malware analysis
Minimize time to detection of advanced threats
Minimize Time to Detection
Retrospective malware alerts for malicious files that have passed through the network perimeter
Detect breaches quickly and take action
Manage everything from one place Ease of Management
Centrally manage security, network and application control
Cloud managed network security platform
Increased operational efficiency and reduced complexity
Cisco Intelligent WAN
WAN Demands Exceeding BudgetsHow Can We Deliver More with the Same or Less Budget?
The Widening Network Complexity Gap
Building Blocks of IT
Endp
oint
s on
th
e Ne
twor
k
VoIP/Video
Virtualization
Cloud Computing
Mobility
SDN
IoT
IT Budgets
Network Complexity Gap
Source: ZK Research, 2014
5 yearsCisco® Visual Networking Index, June 2014
Increase 3X in the next
GLOBAL IP TRAFFIC GROWTH:
LIMITED WAN BUDGETS:
will be flat or in decline
Nemertes Research, August 2014
60% of WAN budgets
Digital Innovation Overwhelming the Branch
BRANCH
OSUpdates
HD Video
Mobile Apps
Online Training
Social Media
Guest Wi-Fi
MORE USERS
MORE APPS
MORE THREATS
80% Of employee and customers are servedin branch offices*
20-50%Increase in enterprise bandwidth per year through 2018**
30%Of advanced threats will target branch offices by 2016 (up from 5%) **
OmnichannelApps
SaaS Enterprise Apps
Digital Displays
* Tech Target, Branch Office Growth Demands New Dev ices., 2013
** Gartner, Forecast Analysis: Worldwide Enterprise Network Services, Q2 2015 Update
*** Gartner: “Bring Branch Office Network Security Up to the Enterprise Standard, Jeremy D’Hoinne, 26 April. 2013.
What is SD-WAN?
Automate and orchestrate
network changes
Open standards and third-party integration
Lower operating costs and TCO
Uncompromised security and
threat defense
Network capacity optimization and
increase bandwidth
Direct Internet and cloud access
Protect applicationSLA
Hybrid WAN
What SD-WAN provides
Benefits of SD-WAN
Identify Prioritize Accelerate
See 1000+ apps running on your network
Automate app priority based on business policies
Boost app performance
Securely on any connection or platform for all users
Cisco Intelligent WANApplication-centric SD-WAN
`
Intelligent WAN (IWAN) Solution Components
WAASAkamai
Pf Rv3
IPSec WAN overlayConsistent operational model
DMVPN, PKI
Management and Orchestration
MPLS
Internet
3G/4G-LTE
PrivateCloud
VirtualPrivate Cloud
PublicCloud
Cisco Meraki
Branch
AVC
TransportIndependence
Optimal application routingEfficient use of bandw idth
Performance Routing(PfR) QoS
Intelligent Path Control
Performance monitoringOptimization and caching
Layer 7 Application Shaping, Caching
Application Optimization
NG strong encryptionThreat defense
Suite-B, ZBFW, AMP, Umbrella, Geofencing
Secure Connectivity
Built-in SD-WAN features for the MX
Dual-active path:• Active-active VPN• Active-active VPN & MPLS
Policy-based routing (PbR) :• Allows uplinks to be intelligently assigned
based on traffic protocol, subnet, source, destination, etc.
Dynamic path selection:• Ensures the best VPN tunnel is used based
on latency and loss metrics
WAN 1Secure VPN tunnel (active)Latency / loss > threshold
WAN 2Secure VPN tunnel (active)Latency / loss < threshold
Data
Based on L3 / L4 categorization, this data normally travels out WAN 1 (PbR), but MX detects optimal path is WAN 2 based on latency / loss on WAN 1
8
Questions
Product and Vertical specific webinars
See a LIVE demonstration Attend and you could receive a FREE
Meraki Product!
Attend a Cisco Meraki Hosted Customer Webinar…
https://meraki.cisco.com/webinars?ref=1POs8kt
Try Cisco Meraki risk-free
Sets up in 15 minutes
Technical support available at no cost
Cisco Meraki Overview
Free trials available at meraki.cisco.com/eval
Thank You and Next Steps
Brian [email protected]
Contact Your Cisco Partnerhttps://tools.cisco.com/WWChannels/LOCATR/performBasicSearch.do
www.
Learn more about Meraki MX:meraki.cisco.com/products/appliances
• CCE sessions are held weekly on a variety of topics• CCE sessions can help you understand the
capabilities and business benefits of Cisco technologies
• Watch replays of past events and register for upcoming events!
Visit http://cs.co/cisco101 for details
Join us again for a future Cisco Customer Education Event
Thank you.
