Many companies understand the advantages gained through linking their digital technology stacks to address vulnerabilities in their cybersecurity. However, a challenge that continues to confront businesses of all sizes is the gap between network and security operations, which often leads to breaches causing significant network outages. These breach-related disruptions can endure for months before operations return to normal, highlighting the urgent need for Network Administrators to receive early warnings about emerging security threats.
At Cisco, our focus has always been on embedding security within the network architecture rather than adding it onto the network as an afterthought. With this goal in mind, we are excited to unveil the integration of Cisco XDR, our innovative extended detection and response solution, with the renowned Cisco Meraki product line.
Empowering Meraki Networks with Enhanced Security Capabilities
Today, we are equipping Meraki network and security administrators with the proactive ability to monitor and track emerging threats as they unfold within their network environment. Instead of waiting for security alerts from their counterparts, network admins can now identify warning signs early on and escalate suspicious incidents to security analysts for further evaluation. This proactive approach enables them to stay ahead of potential issues and prevent minor events from escalating into major incidents.
During Cisco Live 2024 this year, customers will witness the convergence of security and networking with the integration of Cisco XDR with the Meraki MX Security and SD-WAN offerings, further reinforcing Cisco’s commitment to built-in network security.
Mutual Benefits Ensue
The integration of Cisco XDR with the Meraki Network results in a mutually beneficial relationship. While Networking teams gain access to early threat warnings, Security operations teams derive valuable insights from the Meraki product portfolio.
Extended Detection and Response (XDR) serves as a tool for analyzing and applying insights from distinct security alerts across an organization’s security framework. Originating as an Endpoint Detection and Response (EDR) extension, XDR has evolved to include integrations with Email defense, Firewall traffic, Cloud protection, and Identity-based intelligence.
However, many organizations overlook the critical link tying these diverse security control points together: The Network. By natively tracking network connections within the XDR correlation process, organizations can effectively piece together various security events which security teams often struggle to connect. Through collaboration with Meraki devices, Cisco XDR leverages network connection data to bridge the gap between security incidents, offering visibility into lateral movement and aiding in monitoring the progress of cyberattacks. Coupled with data from existing Cisco XDR and Third-Party integrations, as well as the Cisco XDR Network Visibility Module, a clearer picture emerges.
While the Meraki MX portfolio currently enjoys the benefits of this integration, future plans include extending these capabilities to the Meraki Switching (MS) and Meraki Wireless (MR) product lines. This integrated yet flexible model will also be expanded to the Catalyst networking portfolio, turning the vision of built-in security across Cisco networks into a reality.
What are the Key Capabilities Available Now?
To cater to our busy readers, here is a concise list of capabilities delivered through this integration:
- Establishing a connection between a Meraki Organization (including child Meraki Networks) and a Cisco XDR tenant using a simplified process
- Streaming Meraki MX network telemetry data (NetFlow) to XDR cloud in real-time without the need for agents
- Identification of Cisco XDR detections based on Meraki MX logs and correlating them with findings from other data sources accessible to Cisco XDR
- Enabling Meraki administrators to review, assign, and update the status of an XDR Incident form within the Meraki dashboard, with incident investigation functionalities facilitated through a direct launch into Cisco XDR
- Real-time threat hunting and investigation of Meraki MX security events in Cisco XDR, enhancing XDR Asset Insights by incorporating device attributes provided by Meraki Systems Manager
Where to Explore Further?
For more information and to witness a live demonstration of this capability, visit the Cisco XDR and Meraki areas at Cisco Live 2024 Las Vegas from June 3 to June 6. Contact your Cisco security or Meraki sales representatives or partners to enroll in the private preview of this functionality starting in July 2024.
We welcome your feedback. Feel free to Ask a Question, Leave a Comment, and Stay Connected with Cisco Security on social media!
Connect with Cisco Security on Social Media:
Instagram
Facebook
Twitter
LinkedIn
About Author
