Cisco and Endace have launched the Findings Report from the Safety Operations Heart (SOC) at RSAC™ 2025 Convention.
The companions used information from the Moscone Heart Wi-fi Community to supply SOC companies. Since 2017, the aim of the SOC has been to observe the community exercise in the course of the occasion and supply SOC excursions and periods in the course of the convention. From the excursions and periods — and this Findings Report printed by sponsors Cisco and Endace — you possibly can study what occurs on an open, unsecure wi-fi community. The community infrastructure at RSAC is managed by the Moscone Heart. You’ll be able to watch the replay of the 2025 session.
The SOC Group at RSAC 2025 deployed the EndaceProbe packet seize platform, built-in with the suite of Cisco instruments. Additionally, SOC engineers used Cisco Safety Cloud within the SOC, comprised of Cisco Breach Safety Suite and Consumer Safety Suite, with the muse of Safe Firewall.
The Cloud Safety Suite was deployed to safe the SOC cloud infrastructure, together with Cisco Id Intelligence and AI Protection.
Incidents had been investigated with risk intelligence, offered by Cisco Talos, and licenses donated by alphaMountain & Pulsedive, together with neighborhood sources.
Endace, at all times on packet seize, was provisioned to report all Community visitors, enabling full investigation of any anomalous habits. Endace can be producing Metadata (together with Zeek logs) and NetFlow information into Cisco Safe Community Analytics (SNA) and Splunk Platform. File content material was reconstructed on the fly by Endace, filtered, and streamed to Splunk Assault Analyzer and Cisco Safe Malware Analytics for sandboxing and evaluation.
Workflow integrations to Endace from inside Splunk Enterprise Safety, Cisco XDR, SNA, and Safe Firewall, streamlined the work of the SOC crew when investigating potential incidents. Endace packet information was used to know exercise earlier than, throughout and after any alerts, establish lateral motion, potential C2 (command and management), seek for IOCs (Indicators of Compromise), and examine any severe threats that raised the crew members’ suspicions. No decryption was carried out on any community information or connections.
The Findings Report consists of sections about:
- The Community
- Know-how used within the SOC at RSAC Convention
- The Statistics
- Safety Incident and Occasion Administration
- XDR Integration and Menace Searching
- Safe Entry
- Intrusion Detection with Cisco Safe Firewall
- Tales of Insecurity
- Defending the SOC Infrastructure
- Conclusion
Obtain the Findings Report from the Safety Operations Heart (SOC) at RSAC 2025 Convention. It’s also possible to view the 2024 report. We look ahead to seeing you in late March 2026!
Acknowledgements: Our appreciation to those that made the SOC at RSAC attainable. Please see the Report for the engineering roles, thanks.
We’d love to listen to what you suppose! Ask a query and keep linked with Cisco Safety on social media.
Cisco Safety Social Media
Share:
