The GovWare Safety Operations Centre is a collaborative initiative with Cisco for GovWare Convention and Exhibition 2025 — GovWare 2025 Safety Operations Centre
Following the profitable Safety Operations Centre (SOC) deployments at RSAC 2025, Black Hat Asia, and Cisco Dwell San Diego 2025, the Cisco ASEAN govt group authorized the inaugural SOC for GovWare. This initiative required shut collaboration with GovWare, Picture Engine, and the Marina Bay Sands (MBS) Community Operations Heart (NOC) to determine a safe convention community for attendees, with safety supplied by the SOC.
The SOC was based on three main missions:
- To Shield — Make sure the safety of the GovWare 2025 community by defending in opposition to all types of threats and assaults, originating from each inner and exterior sources.
- To Educate — Improve attendee understanding and consciousness by participating SOC excursions and insightful weblog content material.
- To Innovate — Constantly advance safety capabilities by creating and implementing new integrations, refining processes, optimizing workflows, and deploying automations, working with AI.
Attendees had been invited to hitch the complimentary, safe GovWare 2025 community, suggested to comply with finest safety practices and requested to just accept the Phrases & Situations and Code of Conduct of GovWare Convention & Exhibition 2025 in addition to the Knowledge Safety and Privateness Discover.
Knowledge Safety and Privateness is a paramount concern to the SOC group. On the conclusion of the convention, the info was destroyed and a certificates of destruction filed with GovWare administration.
The SOC group diligently labored to determine, find, and assist remediate threats each time an attendee’s gadget or account was discovered to be compromised or insecure.
The GovWare SOC was efficiently deployed in simply two days, a testomony to intensive prior planning and specialised experience. This speedy setup was facilitated by:
- The deployment of the “SOC in a Field,” a customized {hardware} resolution honed by years of expertise on the RSAC Convention, enabling speedy connectivity with the MBS, Splunk Enterprise Safety, and the Cisco Safety Cloud.
- Drawing upon confirmed experience, workflows, and procedures from the RSAC 2025 and Cisco Dwell San Diego SOCs, with many veteran engineers offering each on-site deployment and devoted distant help.
- Integrating superior improvements and safety practices developed by 10 years of safeguarding the Black Hat community, acknowledged because the world’s most hostile.
- The partnership with Endace, a extremely expert full-packet seize supplier, whose foundational expertise on the RSAC Convention and Cisco Dwell San Diego in 2025 was crucial and prolonged to their dedication for GovWare.
The SOC Structure
The SOC group built-in with the NOC to attach the ‘SOC within the Field’ and Cisco Safe Entry digital home equipment for DNS. They created a Switched Port Analyzer (SPAN) feed of community visitors from the inline Cisco Safe Firewall/Firepower safety and despatched to the EndaceProbe packet seize platform to document all community visitors, facilitating the evaluation of anomalous habits. The EndaceProbe additionally generated and ingested metadata, together with Zeek logs, into the Splunk Enterprise Safety Platform. Endace reconstructed and filtered file content material, streaming it to Splunk Assault Analyzer (and onward to Safe Malware Analytics) for sandboxing and evaluation.
The next screenshot demonstrates the ingestion of firewall syslog logs and SPAN information from the change, then sending it to Move Collector for logs to be saved in Cisco Safe Community analytics. A duplicate of the logs can also be being despatched to Cisco XDR cloud for analytics and detections.
The SOC group used Duo Central for Single Signal-On entry to the instruments, each on-premises and within the cloud.
The implementation of cloud-based options, particularly XDR and Splunk Cloud, proved instrumental in optimizing effectivity and lowering labor inside the restricted setup window. Pre-configured information and settings, notably Splunk dashboards ensuing the improvements of Ivan Berlinson, had been seamlessly built-in from earlier engagements.
Incidents had been investigated by Tier 1 / Tier 2 analysts in Cisco XDR, with risk intelligence supplied by Cisco Talos, and licenses donated by alphaMountain, Pulsedive, and StealthMole together with neighborhood sources.
When escalations to Tier 3 incident responders had been required, the enriched Incident was despatched from Cisco XDR to Splunk Enterprise Safety.
AI Protection was deployed to safe the SOC cloud infrastructure, together with Cisco Identification Intelligence.
The Statistics
Statistics are all the time a preferred a part of the SOC Excursions. Under are the stats from this 12 months’s occasion.
| Attendees (GovWare) | 14,000+ |
| Whole Packets Captured (Endace) | 1.5 Billion |
| Whole Logs Captured (Splunk) | 59.2 Million Occasions |
| Whole Classes (Endace) | 34.9 Million |
| Whole Distinctive Units (by MAC deal with, DHCP) | 1,600+ |
| Whole Packets Written to Disk (Endace) | 1.4 Terabytes |
| Whole Logs Written to Cloud (Splunk) | 59.2 Million Occasions |
| Peak Bandwidth Utilization (Endace) | 200 Mbps |
| DNS Requests (Cisco Safe Entry) | 4.2 Million (162 Blocked) |
| Whole Clear Textual content Usernames/Passwords (Endace) | 35 |
| Distinctive Units/Accounts With Clear Textual content Usernames/Passwords (Endace) | 5 |
| Information Despatched for Malware Evaluation (Endace) | 34,705 file objects reconstructed by Endace
2,581 despatched to Splunk Assault Analyzer 1,382 despatched to Safe Malware Analytics |
SOC Findings and Classes Realized
Take a look at the blogs by the engineers who labored contained in the SOC at GovWare:
Acknowledgements
Our because of the engineers who made the primary SOC at GovWare a hit, by defending the community and educating attendees (and also you).
Marina Bay Sands Community Operations Heart Liaison
GovWare/Picture Engine Liaison
- Goh Choon Hua, Ivan Lim and Zoe Chin
Cisco Singapore
- Sharon Koo, Peter Lye, Juan Huat Koo, David Ong and Ian Lim
Cisco Safety and Splunk SOC Crew
- Innovation, AI Protection, Cloud Safety Suite: Ryan MacLennan
- Splunk Incident Response: Allison Gallo and Sumit Juyal
- Splunk Enterprise Safety Integrations: Kenneth Bouchard
- Talos IR Risk Hunter: Yuri Kramarz
- XDR Integrations: Ivan Berlinson
- Breach Safety Suite, Agentic AI: Aditya Sankar, Ahmadreza Edalat and Robin Wei
- Consumer Safety Suite: Claire Fulk
- Firewall and Safety Cloud Management: Adam Kilgore and Carol Trincia Dsouza
- Splunk Distant Assist: Josh Wilson
Endace SOC Crew
- Co-SOC Chief: Steve Fink
- VP of Product: Cary Wright
- Integrations: Barry ‘Baz’ Shaw
- Engineering: Sundarram Paravata
About GovWare
GovWare Convention and Exhibition is the area’s premier cyber data and connectivity platform, providing multi-channel touchpoints to drive neighborhood intel sharing, coaching, and strategic collaborations.
A trusted nexus for over three a long time, GovWare unites policymakers, tech innovators, and end-users throughout Asia and past, driving pertinent dialogues on the most recent tendencies and demanding data move. It empowers development and innovation by collective insights and partnerships.
Its success lies within the belief and help from the cybersecurity and broader cyber neighborhood that it has had the privilege to serve through the years, in addition to organisational companions who share the identical values and mission to counterpoint the cyber ecosystem.
We’d love to listen to what you suppose! Ask a query and keep related with Cisco Safety on social media.
Cisco Safety Social Media
