With the ever increasing demands of today’s IT environments, the complexity of security and incident management can easily get out of hand. Security, like every other area of innovation, needs to be smart, automated, and pro-active in order to meet the demands of the business and defend against the growing vectors of attack.
The DEVNET Zone at Cisco Live has always been about solving developer and operational challenges, with a keen focus on unlocking the power of API’s, Automation and Infrastructure as Code Principals. The need for this focus when tackling todays’ security challenges are no different!
Therefore we’ve got some excellent, hands on content for you this year in Orlando. For a taste, check out these upcoming DevNet security workshops:
DEVNET-2637 : A Cloud Security RESTful Hunt
DEVNET-2164 : Introduction to Threat Intelligence Capabilities in the Threat Grid API
DEVNET-2643 : Introduction to programming the Firepower Threat Defense device API
DEVNET-2638 : Threat Hunting using APIs
DEVNET-1774 : Automating Threat Intelligence using Cisco Firepower APIs
DEVNET-2641 : Cisco Defense Orchestrator APIs
Along with these excellent workshops, you’ll also have the chance to participate in our hands-on security challenges!
The original “Black Hat” challenge, DEVNET’s very own hands-on IoT hacking challenge, (which you can read more about here) was previewed at Cisco LIVE! Europe back in February, and since then has made a tour of Europe, Australia and California.
The challenge is designed to show just how easy it is for hackers to use cheap, insecure IoT devices, which are more and more common in our networks, to gain a foothold and help build their access within a target environment.
It highlights just how important it is to layer security into your infrastructure to combat these growing threats.
Here’s what we’ve learned, tweaked, and improved over three conferences of feedback, to make sure our security challenges in Orlando will be better than ever!
Proctoring is fun, talking to your attendees is better!
The challenge has always been designed to “run itself”, but three conferences worth of users highlighted some interesting edge cases, from attendees not being familiar with how to join a wireless network on the Linux operating system provided, to attendees joining their neighbours desk and completing the challenge for the other desk(s)!
While the proctors were easily able to put the attendee back on the path to victory, there was more we could do with our tools and scripting to catch these issues before they happened. Extra error checking and a lookup in code of which desk the attendee was sat at, allowed us to catch and display “try again” style errors as part of the challenge output!
We also managed to automate the full desktop log off / wipe / log on procedure, which was previously a partly manual step, allowing the proctors to spend more time helping and discussing the challenge afterwards with interested attendees!
In an area of Cisco LIVE! which is all about automation and networks as code, I think it’s wonderfully poetic that our challenges use all of the same style tech under the hood to provide a better user experience!
Hacking the WiFi’s over and over!
There’s a lot going on behind the scenes in this challenge, to make it as real world as possible (we’re not using any fake hacks, tools or trickery, at all!) we have to introspect a lot of state about the desktop, IoT devices, router, etc.
We also need to make sure there are other clients bouncing on and off all the “victim” networks to enable WiFi sniffing. Due to all this, especially in high density RF environments (such as 20,000+ attendees crowding into a large concrete hall!) we found the speed of loading pages through our hacked together infra could be frustrating. Couple this with constantly joining/re-joining WiFi at different parts of the challenge and an occasional user would get confused with a “page cannot be displayed” browser error.
We’ve solved this by providing a PDF version of the challenge, automatically opened on the “hacker” desktop when the challenge resets.
“Black Hat White Hat Security Challenge”
We’ve saved the most interesting change till last!
In Europe, our challenge, named “Black Hat White Hat Security Challenge”, allowed the attendee to be the hacker, then, (with a quick virtual costume change) we showed them all the alerts their IoT hacking had set off in a “NOC-Like” Cisco security setup.
After listening to feedback, we found that while all the attendees had really enjoyed the Black Hat challenge, being the hacker, they then wanted to:
- Have the same hands-on “figuring it out” experience from the defenders viewpoint.
- See Cisco’s security products in action on more than just IoT threats.
- Deep-dive with Cisco Security experts on the topics, while it’s fresh in their minds.
One Challenge Becomes Two!
Now you get to play the Protector as well! Get ready an all new Cisco security challenge!
We’ve completely split the offensive “Black Hat” challenge from the brand new, hands on defensive challenge; allowing attendees to complete them in either order, fit one of them into a smaller gap in the attendees agenda, or just focus on the side of security that interests them the most!
While the offensive challenge continues to focus on IoT, the new defense challenge allows the attendee to track, contain and defeat new threats, ransomware and malware trying to enter their network! They’ll do this using a range of Cisco security products, both Cloud and On-Prem! We can’t wait to give it a try ourselves!
Whats more, we’ve made sure there is plenty of breakout space, with experts on Cisco’s security portfolio on hand to take discussions further or dive deeper into the challenge should attendees want to know more.
In addition to these challenges, we have a number of security-related workshops and talks throughout the DEVNET schedule, for more information on the schedule and where to find the DEVNET Zone at Cisco LIVE! Check out this link!
Both challenges will be co-located in the “Infrastructure Developer” village in the DEVNET Zone at Cisco LIVE! Orlando, we look forward to seeing you there!
We’d love to hear what you think. Ask a question or leave a comment below.
And stay connected with Cisco DevNet on social!
Visit the new Developer Video Channel