Cisco is honored to be a partner of the Black Hat NOC (Network Operations Center), as the Official Security Cloud Provider. This was our 9th year supporting Black Hat Asia.
We work with other official providers to bring the hardware, software and engineers to build and secure the Black Hat network: Arista, Corelight, MyRepublic and Palo Alto Networks.
The primary mission in the NOC is network resilience. The partners also provide integrated security, visibility and automation, a SOC (Security Operations Center) inside the NOC.
On screens outside the NOC, partner dashboards gave attendees a chance to view the volume and security of the network traffic.
From Malware to Security Cloud
Cisco joined the Black Hat NOC in 2016, as a partner to provide automated malware analysis with Threat Grid. The Cisco contributions to the network and security operations evolved, with the needs of the Black Hat conference, to include more components of the Cisco Security Cloud.
- Cisco Secure Malware Analytics (formerly Thread Grid): Sandboxing and integrated threat intelligence
- Cisco Umbrella: DNS visibility for the conference network and protection on iOS devices
- Cisco Secure Access: Zero trust architecture
- Cisco Duo with Identity Intelligence: Single sign-on
- Cisco Security Connector: iOS device security and visibility, managed with Meraki Systems Manager
- ThousandEyes: Network observability/availability
When the partners deploy to each conference, we set up a world-class network and security operations center in three days. Our primary mission is network uptime, with better integrated visibility and automation. Black Hat has the pick of the security industry tools and no company can sponsor/buy their way into the NOC. It is invitation only, with the intention of diversity in partners, and an expectation of full collaboration.
As a NOC team comprised of many technologies and companies, we are continuously innovating and integrating, to provide an overall SOC cybersecurity architecture solution.
The integration with Corelight NDR and both Secure Malware Analytics and Splunk Attack Analyzer is a core SOC function. At each conference, we see plain text data on the network. For example, a training student accessed a Synology NAS over the internet to access SMB shares, as observed by Corelight NDR. The document was downloaded in plain text and contained API keys & cloud infrastructure links. This was highlighted in the NOC Report as an example of how to employ better security posture.
As the malware analysis provider, we also deployed Splunk Attack Analyzer as the engine of engines, with files from Corelight and integrated it with Splunk Enterprise Security.
The NOC leaders allowed Cisco (and the other NOC partners) to bring in additional software and hardware to make our internal work more efficient and have greater visibility. However, Cisco is not the official provider for Extended Detection & Response (XDR), Security Event and Incident Management (SEIM), Firewall, Network Detection & Response (NDR) or Collaboration.
Breach Protection Suite
- Cisco XDR: Threat Hunting, Threat Intelligence Enrichment, Executive Dashboards, Automation with Webex
- Cisco XDR Analytics (formerly Secure Cloud Analytics/Stealthwatch Cloud): Network traffic visibility and threat detection
Splunk Cloud Platform: Integrations and dashboards
Cisco Webex: Incident notification and team collaboration
In addition, we deployed proof of value tenants for security:
- Cisco Secure Access: Merge with zero trust architecture and expand to include DNS
- Cisco Secure Distributed Denial of Service (DDoS) and Web Applicaton Firewall (WAF), by Radware
- Cisco Firepower Threat Defense virtual: Intrusion detection
The Cisco XDR Command Center dashboard tiles made it easy to see the status of each of the connected Cisco Security technologies.
Below are the Cisco XDR integrations for Black Hat Asia, empowering analysts to investigate Indicators of Compromise (IOC) very quickly, with one search.
We appreciate alphaMountain.ai and Pulsedive donating full licenses to Cisco, for use in the Black Hat Asia 2025 NOC.
Our Findings
Want to learn more about what we saw in the NOC? Check out our Black Hat Asia 2025 blogs:
- SOC of the Future — XDR + Splunk Cloud
- Threat Hunters’ Corner
- Snort Machine Learning Triggered Investigation
- Identity Intelligence
- Cisco Unveils New DNS Tunneling Analysis Techniques
Overall, we are immensely proud of the collaborative efforts made here at Black Hat Asia, by both the Cisco team and all the partners in the NOC.
We are already planning for more innovation at Black Hat USA, held in Las Vegas the first week of August 2025.
Acknowledgements
Thank you to the Cisco NOC team:
- Cisco Security: Christian Clasen, Shaun Coulter, Aditya Raghavan, Justin Murphy, Ivan Berlinson, and Ryan Maclennan
- Meraki Systems Manager: Paul Fidler, with Connor Loughlin supporting
- ThousandEyes: Shimei Cridlig and Patrick Yong
- Additional Support and Expertise: Tony Iaconbelli and Adi Sankar
Also, to our NOC partners Palo Alto Networks (especially James Holland and Jason Reverri), Corelight (especially Mark Overholser and Eldon Koyle), Arista Networks (especially Jonathan Smith), MyRepublic and the entire Black Hat / Informa Tech staff (especially Grifter ‘Neil Wyler’, Bart Stump, Steve Fink, James Pope, Michael Spicer, Jess Jung and Steve Oldenbourg).
About Black Hat
Black Hat is the cybersecurity industry’s most established and in-depth security event series. Founded in 1997, these annual, multi-day events provide attendees with the latest in cybersecurity research, development, and trends. Driven by the needs of the community, Black Hat events showcase content directly from the community through Briefings presentations, Trainings courses, Summits, and more. As the event series where all career levels and academic disciplines convene to collaborate, network, and discuss the cybersecurity topics that matter most to them, attendees can find Black Hat events in the United States, Canada, Europe, Middle East and Africa, and Asia.
For more information, please visit the Black Hat website.
We’d love to hear what you think. Ask a question, comment below, and stay connected with Cisco Security on social media!
Cisco Security Social Channels
CONNECT WITH US