However, there are still limitations to the amount of security that Meraki can provide (or any brand for that matter) - particularly if your workers are roaming outside of your business network. Perhaps you have a VPN that they're supposed to be logging into for any work-related activity, but not every employee does this. In fact, Cisco's own research suggests that only one in five workers actually uses a secure business VPN when available.
This is somewhat understandable for the user; VPNs tend to drastically slow down connections and can be frustrating productivity wise. However, it's still a massive security risk. Clearly a better solution was called for, and it's here in the form of Cisco Umbrella.
Cisco Umbrella is a cloud-based DNS replacement (security at the DNS layer with zero latency), which can work with or without users connected to a VPN. The basic way it works is simple:
It's the fastest and easiest way to provide mobile security. In addition, you can also get access to a cloud-based Umbrella Dashboard which offers detailed granular tracking of all employee usage and your hub to make policy changes.
Better yet, Umbrella can also be integrated directly into your Meraki MX-series firewalls and\or MR-series access points, so that anyone accessing your Meraki network is automatically routed through the Umbrella DNS servers as well.
You've got two basic options in combining Umbrella into an existing Meraki network, which will partially determine which and how many licenses you need.
First, you can apply Umbrella directly to a Meraki MX-series firewall, which instantly applies the DNS to any traffic on your network going through the firewall. In this case, the licensing is simply based on the total number of users.
Or, you can apply Umbrella to your MR-series access point. There are two ways this can happen: automatic integration or manual integration.
Automatic integration is the simpler of the two methods, and only requires the Meraki MR Advanced Security License (which we strongly recommend anyway). This routes all traffic on that AP through Umbrella DNS servers automatically. However, you do not get access to the Umbrella Dashboard, or any ability to create custom policies. It is the easiest way to protect your network, but there isn't much granular visibility inside the Meraki dashboard. We hope that will change over time.
API integration is more complicated, and requires purchasing separate Umbrella licenses. However, in this scenario you get full benefits of Umbrella licensing, including Dashboard access and the ability to create custom policies or even host custom software utilizing the API for DNS integration.
(Important note: The Umbrella Dashboard is separate from your Meraki Dashboard. Taking this option requires managing two dashboards.)
Finally, let's take a quick look at the three basic Umbrella license types. As is typical, they're distinguished based on price vs features.
This is the entry-level license, aimed primarily at startups and SMBs. You get the core DNS security services, web filtering, domain block lists, and some basic tracking features. There aren't a lot of options, but it still provides a lot of high-powered security for the money.
Security Advantage is the mid-tier all-around license, which can be right for businesses of nearly any size. Along with the "essentials," you also get IP blocking, significantly more sniffing and filtering, and access to a robust web console with the high-level Umbrella Investigate analysis systems for backtracking infections/attacks.
This is the top-tier license which utilizes everything Umbrella has to offer, and is aimed at large-scale operations with extensive WANs and customized policies. All traffic can be monitored, filtered, tracked, or investigated, and you also get a cloud-based firewall. This allows for an unprecedented level of insight into how mobile users are utilizing your network.
If you have a Meraki network, but your workforce does a lot of mobile connecting, an upgrade to Cisco Umbrella would be a very good idea. It plugs one of the biggest gaps in your overall security profile.
You have a lot of options in Umbrella licensing with multiple potential upgrade paths, so please contact Hummingbird Networks for a free consultation on your choices!