Menu
|
Menu
Network misconfigurations in your Meraki network can create vulnerabilities that expose your organization to cyber threats. If left unresolved, those vulnerabilities can lead to data breaches. In the latest release of the annual Cost of a Data Breach Report, the global average cost of a data breach has surged to USD 4.88 million. Compared to last year’s record of USD 4.45 million, that translates to a 10% increase — the biggest jump since the pandemic.
In large enterprises with hundreds of networks, thousands of devices, and dozens of IT teams making configuration changes, the chance of a network misconfiguration happening somewhere in your organization rises significantly. Addressing these risks proactively is crucial in preventing them from escalating into expensive security incidents.
Meraki network misconfiguration-induced vulnerabilities can be avoided or fixed by implementing a robust configuration backup and recovery solution. We recommend Boundless Safeguard, a Meraki-API powered solution that enables near-real-time backup of Meraki organization, network, and template configurations, and then allows easy recovery with just a few clicks. How does that help? Allow us to explain. Let’s start by diving deeper into the problem first.
Configuration drift is a natural phenomenon in network environments. It happens when ad-hoc or unintentional configuration changes gradually accumulate over time. These changes often accompany well-intentioned actions, such as performance optimization, problem troubleshooting, security policy enforcement, fine-tuning, and network updates. Unfortunately, drift can create vulnerabilities if you don’t manage them properly.
For example, when IT staff troubleshoot a connectivity issue, they sometimes ease up firewall rules to perform diagnostic checks. These changes are supposed to be temporary. However, if they’re not reverted to the correct setting, those changes can leave the network open to potential exploits.
Here’s another example. Let’s say an IT admin creates a new VLAN for a special project team that requires temporary access to resources across multiple departments. To do that, the admin modifies VLAN settings on multiple Cisco Meraki switches. If, after the project completes, the admin fails to revert those settings to the original configuration, those departments will be left open to unauthorized access.
Today’s cyber attacks are now highly sophisticated, consisting of multiple stages, attack vectors, and tactics. These tactics often involve deliberate configuration changes to network settings that enable the attackers to avoid detection, perform lateral movement, escalate privileges, and open backdoors for additional threats.
For instance, attackers may change access control lists (ACLs) or firewall rules to allow traffic from normally unauthorized devices, open additional ports, or even disable specific rules that block traffic between network segments. They may reconfigure VLAN settings to bypass network segmentation and allow themselves to move freely across various subnetworks and departments. They may also modify SSID permissions in wireless networks, allowing unauthorized devices to join.
Here are a couple of real-world examples showing how threat actors use these tactics in actual cyber attacks. In 2023, Iranian hackers managed to operate undetected for 8 months in a government network. One of their tactics involved modifying firewall rules in order to enable prolonged remote access. In 2020, LockBit, one of the most notorious ransomware in history, was reported to possess the ability to modify firewall rules in order to allow malicious Windows Management Instrumentation (WMI) commands to pass through.
So, how would a Cisco Meraki configuration backup and recovery solution address these issues? Let’s talk about that next.
Powered by the Meraki API, Boundless Safeguard is an enterprise-grade Software-as-a-Service (SaaS) solution that enables you to implement a comprehensive Meraki network backup and recovery strategy.
Boundless Safeguard can perform a complete Meraki organization backup, which automatically backs up organization, network, device, and template configuration changes in near-real time. Once backups are stored, Safeguard enables you to review and compare them and their associated changes. Moreover, it enables you to revert to a known good backup in just a few clicks. You can restore entire organizational configurations or just those associated with specific networks or templates.
How does that help?
Once a backup is stored, you can review it in the Snapshot Events page. You can access back ups for organizational-level configurations, as well as template and network configurations under that organization.
When you access an Entity (a network, template, or organization settings), you can see all saved backups associated with that entity. Each of those backups come with a change log that displays what has changed at a specific timestamp and who committed the change. So, if anyone makes an ad hoc configuration change, like temporarily open a firewall port or change a VLAN setting, you’ll know.
When reviewing a specific backup, you can compare how the settings looked like before and after the change was made. This will give you better context about the change and determine, for instance, if it may have security implications. If it does, then you can investigate further to see if the configuration change was part of a valid activity or a malicious one.
You can then act accordingly. For instance, if the activity was valid, you can take necessary measures to ensure that the settings are reverted back once the ad hoc operation is done. And if the activity was malicious, you can alert your incident response/cybersecurity team and revert back to a known good state.
In addition to the change log, you can also review all configuration settings at a specific timestamp by clicking the Backup tab.
Moreover, if you click the Compare tab, you can compare the configurations of different timestamps. This can come in handy in several operations, such as:
Once you see a good backup you wish to revert to, you can then perform a point-in-time configuration restore. Simply select the timestamp of the snapshot you wish to revert to, and then choose either a partial or full restore. A full restore restores all settings, whereas a partial restore allows you to select only those specific settings that you wish to roll back.
This feature can come in handy if you wish to execute granular recoveries. You can revert to previous configurations without undoing configuration changes that you find appropriate.
By recording network configuration changes as they occur and providing insightful methods for reviewing those changes, Safeguard enables you to identify unauthorized and risk-inducing modifications to your network settings. This in turn gives you time to take preventive measures before those modifications are exploited. Additionally, it allows you to revert to known secure configurations, which is a highly effective preventive measure in itself.
In the event of a cyber incident, Safeguard provides you the capability to quickly revert to a known good backup. This can reduce operational downtime and minimize the business impact of that cyber incident.
The importance of reducing downtime can’t be overemphasized. According to Forbes, downtimes can cost large organizations up to an average of $9,000 per minute. That translates to a whopping $540,000 for just an hour-long outage. Even conservatively assuming that Boundless Safeguard can only reduce downtime by 50%, that already yields a cost savings of $270,000 per hour of downtime.
Each timestamped backup, along with its detailed configuration change logs and other associated information, can serve as a valuable resource for forensic analysis once the dust has settled in the wake of a cyber incident. Investigators can use that information as an audit trail, to understand the sequence of events that led to the incident.
At your end, you can use that information to identify security lapses and address them before they’re exploited again. The same audit trail functionality can likewise be used to meet regulatory compliance mandates. We’ll cover that topic in another blog post, so stay tuned for that.
Would you like a firsthand experience with a fast, easy, and reliable Cisco Meraki disaster recovery solution? Book a quick Boundless Safeguard demo now.
1207 Delaware Ave #552, Wilmington, Delaware 19806
Americas: +1 (628) 201-9286 - EMEA: +33 (0) 181 22 12 80
We are proud to announce the launch of our new brand identity, marking a significant milestone in our evolution. This rebrand reflects our commitment to continuous innovation, agility, and automation — always moving forward.
