For October Cybersecurity Consciousness month, Cisco and NetWitness launched the Safety Operations Middle (SOC) Findings Report from RSA Convention (RSAC) 2024.
Since 2017, the SOC has been an academic exhibit at RSAC. The aim is to observe the community exercise through the occasion and supply SOC excursions and a session through the convention. From the excursions and session — and this Findings Report revealed by sponsors Cisco and NetWitness — you’ll be able to find out about what occurs on an open, unsecured wi-fi community. The community infrastructure at RSAC is managed by the Moscone Middle. You possibly can watch the replay of the 2024 session.
The know-how stack within the SOC at RSAC continues to evolve. In 2024, we deployed the NetWitness platform, together with NetWitness® Community, NetWitness® Logs and NetWitness® Orchestrator. We additionally utilized Safe Firewall and the Cisco Safety Cloud (Cisco Breach Safety Suite, Consumer Safety Suite and Cloud Safety Suite).
Incidents underneath in investigation have been correlated with menace intelligence, offered by Cisco Talos, and licenses offered by alphaMountain, IBM X-Power Change, Pulsedive and Recorded Future, and group sources.
For the primary time within the SOC, Splunk Enterprise Safety was used as a Safety Incident and Occasion Administration (SIEM) platform. A number of integrations have been enabled, together with NetWitness NDR, Cisco Firewall logs and enrichment with Recorded Future, for investigations with Cisco XDR.
The Findings Report consists of sections about:
- Expertise used within the SOC at RSA Convention
- The Knowledge, by NetWitness
- Integration and Menace Searching
- Malware Evaluation
- Safety Incident and Occasion Administration
- Intrusion Detection
- Safety Cloud
- Conclusion
You can even take a look at the weblog Operationalizing our customized “SOC in a Field” on the RSA Convention 2024, to study extra concerning the SOC {hardware} and topology.
Obtain the Safety Operations Middle Findings Report from RSA Convention 2024. You can even view the 2023 report. We look ahead to seeing you in late April 2025!
Acknowledgements: Our appreciation to those that made the SOC at RSAC attainable. Please see the Report for the engineering roles, thanks.
We’d love to listen to what you assume. Ask a Query, Remark Under, and Keep Related with Cisco Safe on social!
Cisco Safety Social Channels
Share:
