SecureSphere WAF can be deployed as a physical or virtual appliance on-premises, and as a virtual image on Amazon Web Services or Microsoft Azure. Physical appliance deployments are particularly flexible in that they allow SecureSphere WAF to run transparently, requiring virtually no changes to the customer’s network. And granular policy controls enable superior accuracy and unequaled control to match each organization’s specific protection requirements.
Layer 7 traffic classification and control
The Cisco Meraki proprietary packet processing engine analyzes network traffic up to and including layer 7, using sophisticated fingerprinting to identify users, content, and applications on the network. Each network flow is categorized, and access control policies are enforced — for example, blocking Netflix and prioritizing video conferencing. By classifying traffic at layer 7, Cisco Meraki’s next generation firewall controls evasive, encrypted, and peer-to-peer applications, like BitTorrent or Skype, that cannot be controlled by traditional firewalls. Cisco Meraki’s next generation firewall is included in all wireless access points and security appliances.
Identity-based and device-aware security
Device-aware access controls enable administrators to ensure the appropriate level of network access for each class of devices. Layer 7 device fingerprints automatically detect and classify Apple iOS, Android, Windows, Mac OS, and other clients. These fingerprints are integrated into Cisco Meraki firewalls and wireless APs, so that administrators can, for example, apply firewall rules specific to iPads in a Bring Your Own Device (BYOD) network.
Cisco Meraki security appliances feature a powerful category-based content filter, which matches content against millions of URLs in dozens of categories. The Cisco Meraki content filtering engine features native Active Directory integration to apply access controls specific to each class of users. Content lists and application signatures are updated dynamically from the cloud, so that security policies remain up to date even as content and applications change.